SV-32484r2_rule
V-3339
Remotely Accessible Registry Paths
3.064
CAT I
10
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network access: Remotely accessible registry paths" with the following entries:
System\CurrentControlSet\Control\ProductOptions
System\CurrentControlSet\Control\Server Applications
Software\Microsoft\Windows NT\CurrentVersion
Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies >> Security Options.
If the value for "Network access: Remotely accessible registry paths" contains entries besides the following, this is a finding:
System\CurrentControlSet\Control\ProductOptions
System\CurrentControlSet\Control\Server Applications
Software\Microsoft\Windows NT\CurrentVersion
The policy referenced configures the following registry value:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\
Value Name: Machine
Value Type: REG_MULTI_SZ
Value: As defined in policy above
Note: Legitimate applications may add entries to this registry value. If an application requires these entries to function properly and is documented with the ISSO, this would not be a finding. Documentation should contain supporting information from the vendor's instructions.
V-3339
False
3.064
Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies >> Security Options.
If the value for "Network access: Remotely accessible registry paths" contains entries besides the following, this is a finding:
System\CurrentControlSet\Control\ProductOptions
System\CurrentControlSet\Control\Server Applications
Software\Microsoft\Windows NT\CurrentVersion
The policy referenced configures the following registry value:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\
Value Name: Machine
Value Type: REG_MULTI_SZ
Value: As defined in policy above
Note: Legitimate applications may add entries to this registry value. If an application requires these entries to function properly and is documented with the ISSO, this would not be a finding. Documentation should contain supporting information from the vendor's instructions.
M
System Administrator
1823