SV-234128r612749_rule
V-234128
SRG-APP-000435
TANS-SV-000068
CAT II
10
Log on interactively to the Tanium Server.
Open the CMD prompt as admin.
Run "sc sdset "Tanium Server" D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)".
Run the above on all other Tanium Servers, to include Tanium Servers in an Active-Active pair.
Verify that to prevent a non-privileged user from affecting the Tanium Server's ability to operate, the control of the service is restricted to the Local Administrators.
Log on interactively to the Tanium Server.
Open the CMD prompt as admin.
Run "sc sdshow "Tanium Server"".
If the string does not match "D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)", this is a finding.
Run the above on all other Tanium Servers, to include Tanium Servers in an Active-Active pair.
V-234128
False
TANS-SV-000068
Verify that to prevent a non-privileged user from affecting the Tanium Server's ability to operate, the control of the service is restricted to the Local Administrators.
Log on interactively to the Tanium Server.
Open the CMD prompt as admin.
Run "sc sdshow "Tanium Server"".
If the string does not match "D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)", this is a finding.
Run the above on all other Tanium Servers, to include Tanium Servers in an Active-Active pair.
M
5259