Skip to content
Log In

Permissions on the Active Directory data files must only allow System and Administrators access.

An XCCDF Rule

Description

Improper access permissions for directory data-related files could allow unauthorized users to read, modify, or delete directory data or audit trails.

ID
SV-224970r958726_rule
Version
WN16-DC-000070
Severity
High
References
Updated

Remediation Templates

A Manual Procedure

Maintain the permissions on NTDS database and log files as follows:

NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)

(I) - permission inherited from parent container
(F) - full access