Windows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access.

An XCCDF Rule

Details
Profiles

Description

Improper access permissions for directory data-related files could allow unauthorized users to read, modify, or delete directory data or audit trails. Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000206-GPOS-00084

ID: SV-254391r958726_rule
Version: WN22-DC-000070
Severity: High
References: CCI-001314 CCI-002235
Updated: 6 days ago

Remediation Templates

Maintain the permissions on NTDS database and log files as follows:

NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)

(I) - permission inherited from parent container
(F) - full access

Windows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access.

Description

Remediation Templates

A Manual Procedure