Title

Windows services that are critical for directory server operation must be configured for automatic startup. (Cat II impact)

Discussion

Active Directory (AD) is dependent on several Windows services. If one or more of these services is not configured for automatic startup, AD functions may be partially or completely unavailable until the services are manually started. This could result in a failure to replicate data or to support client authentication and authorization requests.

Check Content

Run "services.msc" to display the Services console. Verify the Startup Type for the following Windows services: - Distributed File System (may be disabled if site is not utilizing) - DNS Client - File Replication Service - Intersite Messaging - Kerberos Key Distribution Center - Net Logon - Windows Time (not required if another time synchronization tool is implemented to start automatically) If the Startup Type for any of these services is not Automatic, this is a finding.

Fix Text

Ensure the following services that are critical for directory server operation are configured for automatic startup. - Distributed File System (may be disabled if site is not utilizing) - DNS Client - File Replication Service - Intersite Messaging - Kerberos Key Distribution Center - Net Logon - Windows Time (not required if another time synchronization tool is implemented to start automatically)

Additional Identifiers

Rule ID: SV-54937r1_rule

Vulnerability ID: V-8327

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.