STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021:

Only administrators responsible for the domain controller must have Administrator rights on the system.

DISA Rule

SV-226238r569184_rule

Vulnerability Number

V-226238

Group Title

SRG-OS-000324-GPOS-00125

Rule Version

WN12-GE-000004-DC

Severity

CAT I

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Configure the system to include only administrator groups or accounts that are responsible for the system in the Administrators group.

Remove any standard user accounts.

Check Contents

Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group.

Standard user accounts must not be members of the local administrator group.

If prohibited accounts are members of the local administrators group, this is a finding.

The built-in Administrator account or other required administrative accounts would not be a finding.

Vulnerability Number

V-226238

Documentable

False

Rule Version

WN12-GE-000004-DC

Severity Override Guidance

Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group.

Standard user accounts must not be members of the local administrator group.

If prohibited accounts are members of the local administrators group, this is a finding.

The built-in Administrator account or other required administrative accounts would not be a finding.

Check Content Reference

M

Target Key

4217

Comments