Microsoft Windows Server 2012/2012 R2 Domain Controller STIG:
(in versions v3 r5 through v2 r7)
Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks. (Cat II impact)
Backup Operators are able to read and write to any file in the system, regardless of the rights assigned to it. Backup and restore rights permit users to circumvent the file access restrictions present on NTFS disk drives for backup and restore purposes. Members of the Backup Operators group must have separate logon accounts for performing backup duties.
If no accounts are members of the Backup Operators group, this is NA. Verify users with accounts in the Backup Operators group have a separate user account for backup functions and for performing normal user tasks. If users with accounts in the Backup Operators group do not have separate accounts for backup functions and standard user functions, this is a finding.
Ensure each member of the Backup Operators group has separate accounts for backup functions and standard user functions.
Rule ID: SV-226036r794375_rule
Vulnerability ID: V-226036
Group Title: SRG-OS-000480-GPOS-00227
The organization implements the security configuration settings.