Skip to content

Update access to the directory schema must be restricted to appropriate accounts.

An XCCDF Rule

Description

<VulnDiscussion>A failure to control update access to the AD Schema object could result in the creation of invalid directory objects and attributes. Applications that rely on AD could fail as a result of invalid formats and values. The presence of invalid directory objects and attributes could cause failures in Windows AD client functions and improper resource access decisions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>

ID
SV-30999r4_rule
Severity
High
References
Updated



Remediation - Manual Procedure

Ensure the access control permissions for the AD Schema object conform to the required permissions as shown below.

Authenticated Users:
Read
Special Permissions
The Special permissions for Authenticated Users are List and Read type.  If detailed permissions include any additional Permissions or Properties this is a finding.