STIGQter STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Access to web administration tools must be restricted to the web manager and the web managers designees.

DISA Rule

SV-214431r508658_rule

Vulnerability Number

V-214431

Group Title

SRG-APP-000380-WSR-000072

Rule Version

IISW-SV-000147

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Restrict access to the web administration tool to only the web manager and the web manager’s designees.

Check Contents

Right-click InetMgr.exe, then click “Properties” from the “Context” menu.

Select the "Security" tab.

Review the groups and user names.

The following account may have Full control privileges:

TrustedInstaller
Web Managers
Web Manager designees

The following accounts may have read and execute, or read permissions:

Non Web Manager Administrators
ALL APPLICATION PACKAGES (built-in security group)
SYSTEM
Users

Specific users may be granted read and execute and read permissions.

Compare the local documentation authorizing specific users, against the users observed when reviewing the groups and users.

If any other access is observed, this is a finding.

Vulnerability Number

V-214431

Documentable

False

Rule Version

IISW-SV-000147

Severity Override Guidance

Right-click InetMgr.exe, then click “Properties” from the “Context” menu.

Select the "Security" tab.

Review the groups and user names.

The following account may have Full control privileges:

TrustedInstaller
Web Managers
Web Manager designees

The following accounts may have read and execute, or read permissions:

Non Web Manager Administrators
ALL APPLICATION PACKAGES (built-in security group)
SYSTEM
Users

Specific users may be granted read and execute and read permissions.

Compare the local documentation authorizing specific users, against the users observed when reviewing the groups and users.

If any other access is observed, this is a finding.

Check Content Reference

M

Target Key

4000

Comments