STIGQter STIGQter: STIG Summary: Windows 2008 Domain Controller Security Technical Implementation Guide Version: 6 Release: 44 Benchmark Date: 26 Jul 2019: The Server Operators group must have the ability to schedule jobs by means of the AT command disabled.

DISA Rule

SV-28493r1_rule

Vulnerability Number

V-2373

Group Title

Task Scheduling - Server Operators

Rule Version

AD.3058_2008

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the value for “Domain Controller: Allow server operators to schedule tasks” to “Disabled”.

The policy referenced configures the following registry value:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Control\LSA\
Value Name: SubmitControl
Value Type: REG_DWORD
Value: 0

Check Contents

1. Analyze the system using the Security Configuration and Analysis tool.

2. Expand the Security Configuration and Analysis tree view.

3. Navigate to Local Policies and select Security Options.

4. If the value for “Domain Controller: Allow server operators to schedule tasks” is not set to “Disabled”, then this is a finding.

Vulnerability Number

V-2373

Documentable

False

Rule Version

AD.3058_2008

Severity Override Guidance

1. Analyze the system using the Security Configuration and Analysis tool.

2. Expand the Security Configuration and Analysis tree view.

3. Navigate to Local Policies and select Security Options.

4. If the value for “Domain Controller: Allow server operators to schedule tasks” is not set to “Disabled”, then this is a finding.

Check Content Reference

M

Third-Party Tools

HK

Responsibility

System Administrator

Target Key

1340

Comments