Title

File share permissions must be reconfigured to remove the Everyone group. (Cat II impact)

Discussion

Shares on a system can provide network access, exposing sensitive information. If a share is necessary, permissions must be reconfigured to give the minimum access to those accounts that require it.

Check Content

Open the Computer Management Console. Expand the "System Tools" object in the left pane. Expand the "Shared Folders" object. Select the "Shares" object. Right click any user-created shares (ignore administrative shares; the system will prompt you if Properties are selected for administrative shares). Select "Properties". Select the "Share Permissions" tab. If user-created file shares have not been reconfigured to remove ACL permissions from the "Everyone" group, this is a finding. If shares created by applications require the "Everyone" group, this must be documented with the ISSO.

Fix Text

Remove permissions from the "Everyone" group from locally-created file shares and assign them to authorized groups.

Additional Identifiers

Rule ID:

Vulnerability ID: V-3245

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.