Navigate

Check: SCOM-IA-000003

Microsoft SCOM STIG: SCOM-IA-000003 (in version v1 r1)

Title

The default Builtin\Administrators group must be removed from the SCOM Administrators Role Group. (Cat II impact)

Discussion

SCOM servers with default well-known operating system groups defined the SCOM Administrators Global Group may allow a local administrator access to privileged SCOM access.

Check Content

Review the SCOM Administrators Global Group and verify that the Built-in\Administrators Group is not a member. If the Built-in\Administrators group is a member, this is a finding.

Fix Text

Remove the Built-in\Administrators group from the SCOM Administrators Role Group.

Additional Identifiers

Rule ID: SV-237437r643957_rule

Vulnerability ID: V-237437

Group Title: SRG-APP-000080-NDM-000345

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-002041	The information system allows the use of a temporary password for system logons with an immediate change to a permanent password.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5 (1)	Password-Based Authentication