SV-29595r3_rule
V-1152
Anonymous Access to the Registry
3.030
CAT I
10
Maintain permissions at least as restrictive as the defaults listed below for the "winreg" registry key. It is recommended to not change the permissions from the defaults.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\
The following are the same for each permission listed:
Type - Allow
Inherited from - <not inherited>
Columns: Name - Permission - Apply to
Administrators - Full Control - This key and subkeys
Backup Operators - Special - This key only
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read))
LOCAL SERVICE - Read - This key and subkeys
Run "Regedit".
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\
If the key does not exist, this is a finding.
Right-click on "winreg" and select "Permissions…".
Select "Advanced".
If the permissions are not as restrictive as the defaults listed below, this is a finding.
The following are the same for each permission listed:
Type - Allow
Inherited from - <not inherited>
Columns: Name - Permission - Apply to
Administrators - Full Control - This key and subkeys
Backup Operators - Special - This key only
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read))
LOCAL SERVICE - Read - This key and subkeys
V-1152
True
3.030
Run "Regedit".
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\
If the key does not exist, this is a finding.
Right-click on "winreg" and select "Permissions…".
Select "Advanced".
If the permissions are not as restrictive as the defaults listed below, this is a finding.
The following are the same for each permission listed:
Type - Allow
Inherited from - <not inherited>
Columns: Name - Permission - Apply to
Administrators - Full Control - This key and subkeys
Backup Operators - Special - This key only
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read))
LOCAL SERVICE - Read - This key and subkeys
M
Information Assurance Officer
1340