STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-223276r612235_rule
V-223276
SRG-APP-000516
SP13-00-000210
CAT II
10
Configure the SharePoint farm service account (database access account) with the minimum privileges for the local server.
- On the server(s) where the SharePoint software is installed, navigate to Server Manager >> Local Users and Groups.
- Select the “Member of” tab. Configure the farm service account as a member of WSS_RESTRICTED_WPG, WSS_ADMIN_WPG, WSS_WPG, IIS_IUSRS, Performance Monitor User, and WSS groups. Remove all other group memberships from this account.
- Select the other tabs in this area and remove other services or permissions configured for this account.
Review the SharePoint server configuration to ensure the farm service account (database access account) is configured with the minimum privileges for the local server.
- On the server(s) where the SharePoint software is installed, navigate to Server Manager >> Local Users and Groups.
- Select the “Member of” tab and verify this account is only a member of the WSS_RESTRICTED_WPG, WSS_ADMIN_WPG, WSS_WPG, IIS_IUSRS, Performance Monitor User, and WSS groups.
- Select the other tabs in this area to verify no other services or permissions are configured for this account.
If the farm service account is a member of any other groups than WSS_RESTRICTED_WPG, WSS_ADMIN_WPG, WSS_WPG, IIS_IUSRS, Performance Monitor User, and WSS groups on the local server where SharePoint is installed, this is a finding.
V-223276
False
SP13-00-000210
Review the SharePoint server configuration to ensure the farm service account (database access account) is configured with the minimum privileges for the local server.
- On the server(s) where the SharePoint software is installed, navigate to Server Manager >> Local Users and Groups.
- Select the “Member of” tab and verify this account is only a member of the WSS_RESTRICTED_WPG, WSS_ADMIN_WPG, WSS_WPG, IIS_IUSRS, Performance Monitor User, and WSS groups.
- Select the other tabs in this area to verify no other services or permissions are configured for this account.
If the farm service account is a member of any other groups than WSS_RESTRICTED_WPG, WSS_ADMIN_WPG, WSS_WPG, IIS_IUSRS, Performance Monitor User, and WSS groups on the local server where SharePoint is installed, this is a finding.
M
4096