Update access to the directory schema must be restricted to appropriate accounts.
An XCCDF Rule
Description
A failure to control update access to the AD Schema object could result in the creation of invalid directory objects and attributes. Applications that rely on AD could fail as a result of invalid formats and values. The presence of invalid directory objects and attributes could cause failures in Windows AD client functions and improper resource access decisions.
- ID
- SV-243506r1026208_rule
- Version
- DS00.3140_AD
- Severity
- High
- References
- Updated
Remediation Templates
A Manual Procedure
Ensure the access control permissions for the AD Schema object conform to the required permissions as shown below.
Authenticated Users:
Read
Special Permissions
The Special permissions for Authenticated Users are List and Read type. If detailed permissions include any additional Permissions or Properties this is a finding.