STIGQter: STIG Summary: Microsoft Windows Server 2016 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021: STIGQter: STIG Summary: Microsoft Windows Server 2016 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:SV-224990r569186_rule
V-224990
SRG-OS-000327-GPOS-00127
WN16-DC-000270
CAT II
10
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> DS Access >> "Directory Service Changes" with "Failure" selected.
This applies to domain controllers. It is NA for other systems.
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN16-SO-000050) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
Open an elevated "Command Prompt" (run as administrator).
Enter "AuditPol /get /category:*".
Compare the AuditPol settings with the following.
If the system does not audit the following, this is a finding.
DS Access >> Directory Service Changes - Failure
V-224990
False
WN16-DC-000270
This applies to domain controllers. It is NA for other systems.
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN16-SO-000050) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
Open an elevated "Command Prompt" (run as administrator).
Enter "AuditPol /get /category:*".
Compare the AuditPol settings with the following.
If the system does not audit the following, this is a finding.
DS Access >> Directory Service Changes - Failure
M
4205