I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000312-GPOS-00122
Group -
Windows Server 2019 permissions for program file directories must conform to minimum requirements.
Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. The default permissions a...Rule Medium Severity -
SRG-OS-000312-GPOS-00122
Group -
Windows Server 2019 permissions for the Windows installation directory must conform to minimum requirements.
Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. The default permissions a...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.
The registry is integral to the function, security, and stability of the Windows system. Changing the system's registry permissions allows the possibility of unauthorized and anonymous modification...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 must only allow administrators responsible for the domain controller to have Administrator rights on the system.
An account that does not have Administrator duties must not have Administrator rights. Such rights would allow the account to bypass or modify required security restrictions on that machine and mak...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 permissions on the Active Directory data files must only allow System and Administrators access.
Improper access permissions for directory data-related files could allow unauthorized users to read, modify, or delete directory data or audit trails.Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 Active Directory SYSVOL directory must have the proper access control permissions.
Improper access permissions for directory data files could allow unauthorized users to read, modify, or delete directory data. The SYSVOL directory contains public files (to the domain) such as po...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 Active Directory Group Policy objects must have proper access control permissions.
When directory service database objects do not have appropriate access control permissions, it may be possible for malicious users to create, read, update, or delete the objects and degrade or dest...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions.
When Active Directory objects do not have appropriate access control permissions, it may be possible for malicious users to create, read, update, or delete the objects and degrade or destroy the in...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions.
When directory service database objects do not have appropriate access control permissions, it may be possible for malicious users to create, read, update, or delete the objects and degrade or dest...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 Add workstations to domain user right must only be assigned to the Administrators group on domain controllers.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Add workstations to domain" right may add computers to a domain. Thi...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.