STIGQter STIGQter: STIG Summary: Windows Server 2016 Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Jan 2020: Hardened UNC paths must be defined to require mutual authentication and integrity for at least the \\*\SYSVOL and \\*\NETLOGON shares.

DISA Rule

SV-88161r1_rule

Vulnerability Number

V-73509

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN16-CC-000090

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration >> Administrative Templates >> Network >> Network Provider >> "Hardened UNC Paths" to "Enabled" with at least the following configured in "Hardened UNC Paths": (click the "Show" button to display)

Value Name: \\*\SYSVOL
Value: RequireMutualAuthentication=1, RequireIntegrity=1

Value Name: \\*\NETLOGON
Value: RequireMutualAuthentication=1, RequireIntegrity=1

Check Contents

This requirement is applicable to domain-joined systems. For standalone systems, this is NA.

If the following registry values do not exist or are not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\

Value Name: \\*\NETLOGON
Value Type: REG_SZ
Value: RequireMutualAuthentication=1, RequireIntegrity=1

Value Name: \\*\SYSVOL
Value Type: REG_SZ
Value: RequireMutualAuthentication=1, RequireIntegrity=1

Additional entries would not be a finding.

Vulnerability Number

V-73509

Documentable

False

Rule Version

WN16-CC-000090

Severity Override Guidance

This requirement is applicable to domain-joined systems. For standalone systems, this is NA.

If the following registry values do not exist or are not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\

Value Name: \\*\NETLOGON
Value Type: REG_SZ
Value: RequireMutualAuthentication=1, RequireIntegrity=1

Value Name: \\*\SYSVOL
Value Type: REG_SZ
Value: RequireMutualAuthentication=1, RequireIntegrity=1

Additional entries would not be a finding.

Check Content Reference

M

Target Key

3157

Comments