Title

File share ACLs have not been reconfigured to remove the Everyone group. (Cat II impact)

Discussion

By default, the Everyone group is given full control to new file shares. When a share is created, permissions should be reconfigured to give the minimum access to those accounts that require it.

Check Content

Run the Computer Management Applet. Expand the “System Tools” object in the Tree window. Expand the “Shared Folders” object. Select the “Shares” object. Right click any user-created shares (ignore “Netlogon”, “Sysvol” and administrative shares; the system will prompt you if Properties are selected for administrative shares). Select Properties. Select the Share Permissions tab. If user-created file shares have not been reconfigured to remove ACL permissions from the “Everyone group”, then this is a finding. Note: On Application Servers, if regular users have write or delete permissions to shares containing application binary files (i.e. .exe, .dll, .cmd, etc.) this is a finding. Documentable: If shares created by applications require the "Everyone" group, this should be documented with the IAO.

Fix Text

Remove permissions from the Everyone group from locally-created file shares and assign them to authorized groups.

Additional Identifiers

Rule ID: SV-29212r1_rule

Vulnerability ID: V-3245

Group Title: File share ACLs

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.