Title

The Recycle Bin on a Server is not configured to delete files. (Cat III impact)

Discussion

The Recycle Bin saves a copy of a file when it is deleted through Windows Explorer. This poses a security risk. A user may delete a sensitive file, yet still leave a copy of that file in the Recycle Bin.

Check Content

If the following registry value doesn’t exist or is not configured as specified this is a finding: Registry Hive: HKEY_CURRENT_USER Subkey: \Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoRecycleFiles Type: REG_DWORD Value: 1 If this is configured in the Recycle Bin Properties instead of through a policy verify the following: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket Value Name: NukeOnDelete Data Type: REG_DWORD Value Data: 1

Fix Text

Configure the policy value for User Configuration -> Administrative Templates -> Windows Components -> Windows Explorer “Do not move deleted files to the Recycle Bin” to “Enabled”. Or Select “Do not move files to the Recycle Bin. Remove files immediately when deleted.” in the Recycle Bin Properties.

Additional Identifiers

Rule ID: SV-1126r2_rule

Vulnerability ID: V-1126

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.