WN10-00-000060 - Non system-created file shares on a system must limit access to groups that require it.

Information

Shares which provide network access, should not typically exist on a workstation except for system-created administrative shares, and could potentially expose sensitive information. If a share is necessary, share permissions, as well as NTFS permissions, must be reconfigured to give the minimum access to those accounts that require it.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If a non system-created share is required on a system, configure the share and NTFS permissions to limit access to the specific groups or accounts that require it.

Remove any unnecessary non-system created shares.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_10_V3R2_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-4, CAT|II, CCI|CCI-001090, Rule-ID|SV-220710r958524_rule, STIG-ID|WN10-00-000060, STIG-Legacy|SV-77847, STIG-Legacy|V-63357, Vuln-ID|V-220710

Plugin: Windows

Control ID: b86df02c5c0cff516d253f20d7fa9b0942b6bf0868de323cdfc7ef9b90861fe3