STIGQter STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021:

Windows services that are critical for directory server operation must be configured for automatic startup.

DISA Rule

SV-226079r569184_rule

Vulnerability Number

V-226079

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN12-AD-000010-DC

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure the following services that are critical for directory server operation are configured for automatic startup.

- Active Directory Domain Services
- DFS Replication
- DNS Client
- DNS server
- Group Policy Client
- Intersite Messaging
- Kerberos Key Distribution Center
- NetLogon
- Windows Time (not required if another time synchronization tool is implemented to start automatically)

Check Contents

Run "services.msc" to display the Services console.

Verify the Startup Type for the following Windows services:
- Active Directory Domain Services
- DFS Replication
- DNS Client
- DNS server
- Group Policy Client
- Intersite Messaging
- Kerberos Key Distribution Center
- NetLogon
- Windows Time (not required if another time synchronization tool is implemented to start automatically)

If the Startup Type for any of these services is not Automatic, this is a finding.

Vulnerability Number

V-226079

Documentable

False

Rule Version

WN12-AD-000010-DC

Severity Override Guidance

Run "services.msc" to display the Services console.

Verify the Startup Type for the following Windows services:
- Active Directory Domain Services
- DFS Replication
- DNS Client
- DNS server
- Group Policy Client
- Intersite Messaging
- Kerberos Key Distribution Center
- NetLogon
- Windows Time (not required if another time synchronization tool is implemented to start automatically)

If the Startup Type for any of these services is not Automatic, this is a finding.

Check Content Reference

M

Target Key

4217

Comments