WN12-AD-000006-DC - Data files owned by users must be on a different logical partition from the directory server data files.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

When directory service data files, especially for directories used for identification, authentication, or authorization, reside on the same logical partition as user-owned files, the directory service data may be more vulnerable to unauthorized access or other availability compromises. Directory service and user-owned data files sharing a partition may be configured with less restrictive permissions in order to allow access to the user data.

The directory service may be vulnerable to a denial of service attack when user-owned files on a common partition are expanded to an extent preventing the directory service from acquiring more space for directory or audit data.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Ensure files owned by users are stored on a different logical partition then the directory server data files.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R4_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001082, Rule-ID|SV-226075r794310_rule, STIG-ID|WN12-AD-000006-DC, STIG-Legacy|SV-51180, STIG-Legacy|V-8317, Vuln-ID|V-226075

Plugin: Windows

Control ID: 8c1fe83aad389f5983f173527715c2f936e1c923dc04c18b77bf1ffef0a51db8