STIGQter: STIG Summary: Active Directory Domain Security Technical Implementation Guide (STIG) Version: 2 Release: 13 Benchmark Date: 26 Apr 2019: STIGQter: STIG Summary: Active Directory Domain Security Technical Implementation Guide (STIG) Version: 2 Release: 13 Benchmark Date: 26 Apr 2019:SV-9044r3_rule
V-8547
Pre-Windows 2000 Compatible Access Group
AD.0220
CAT II
10
Ensure the "Anonymous Logon" and "Everyone" groups are not members of the "Pre-Windows 2000 Compatible Access group". (By default, these groups are not included in current Windows versions.)
Open "Active Directory Users and Computers" (available from various menus or run "dsa.msc").
Expand the domain being reviewed in the left pane and select the "Builtin" container.
Double-click on the "Pre-Windows 2000 Compatible Access" group in the right pane.
Select the "Members" tab.
If the "Anonymous Logon" or "Everyone" groups are members, select each and click "Remove".
Open "Active Directory Users and Computers" (available from various menus or run "dsa.msc").
Expand the domain being reviewed in the left pane and select the "Builtin" container.
Double-click on the "Pre-Windows 2000 Compatible Access" group in the right pane.
Select the "Members" tab.
If the "Anonymous Logon" or "Everyone" groups are members, this is a finding.
(By default, these groups are not included in current Windows versions.)
V-8547
False
AD.0220
Open "Active Directory Users and Computers" (available from various menus or run "dsa.msc").
Expand the domain being reviewed in the left pane and select the "Builtin" container.
Double-click on the "Pre-Windows 2000 Compatible Access" group in the right pane.
Select the "Members" tab.
If the "Anonymous Logon" or "Everyone" groups are members, this is a finding.
(By default, these groups are not included in current Windows versions.)
M
Information Assurance Officer
870