SV-205791r569188_rule
V-205791
SRG-OS-000327-GPOS-00127
WN19-DC-000240
CAT II
10
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> DS Access >> "Directory Service Access" with "Success" selected.
This applies to domain controllers. It is NA for other systems.
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN19-SO-000050) for the detailed auditing subcategories to be effective.
Use the "AuditPol" tool to review the current Audit Policy configuration:
Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator").
Enter "AuditPol /get /category:*"
Compare the "AuditPol" settings with the following:
If the system does not audit the following, this is a finding.
DS Access >> Directory Service Access - Success
V-205791
False
WN19-DC-000240
This applies to domain controllers. It is NA for other systems.
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN19-SO-000050) for the detailed auditing subcategories to be effective.
Use the "AuditPol" tool to review the current Audit Policy configuration:
Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator").
Enter "AuditPol /get /category:*"
Compare the "AuditPol" settings with the following:
If the system does not audit the following, this is a finding.
DS Access >> Directory Service Access - Success
M
2907