SV-205723r569188_rule
V-205723
SRG-OS-000138-GPOS-00069
WN19-DC-000120
CAT II
10
Move shares used to store files owned by users to a different logical partition than the directory server data files.
This applies to domain controllers. It is NA for other systems.
Run "Regedit".
Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters".
Note the directory locations in the values for "DSA Database file".
Open "Command Prompt".
Enter "net share".
Note the logical drive(s) or file system partition for any organization-created data shares.
Ignore system shares (e.g., NETLOGON, SYSVOL, and administrative shares ending in $). User shares that are hidden (ending with $) should not be ignored.
If user shares are located on the same logical partition as the directory server data files, this is a finding.
V-205723
False
WN19-DC-000120
This applies to domain controllers. It is NA for other systems.
Run "Regedit".
Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters".
Note the directory locations in the values for "DSA Database file".
Open "Command Prompt".
Enter "net share".
Note the logical drive(s) or file system partition for any organization-created data shares.
Ignore system shares (e.g., NETLOGON, SYSVOL, and administrative shares ending in $). User shares that are hidden (ending with $) should not be ignored.
If user shares are located on the same logical partition as the directory server data files, this is a finding.
M
2907