Skip to content
Log In

Windows Server 2019 permissions on the Active Directory data files must only allow System and Administrators access.

An XCCDF Rule

Description

Improper access permissions for directory data-related files could allow unauthorized users to read, modify, or delete directory data or audit trails.

ID
SV-205739r958726_rule
Version
WN19-DC-000070
Severity
High
References
Updated

Remediation Templates

A Manual Procedure

Maintain the permissions on NTDS database and log files as follows:

NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)

(I) - permission inherited from parent container
(F) - full access