[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-34226-1

Platform: cpe:/o:microsoft:windows_8.1Date: (C)2015-10-14   (M)2023-07-04



DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax This policy setting determines which users or groups might access DCOM application remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this policy setting to specify access permissions to all the computers to particular users for DCOM applications in the enterprise. When you specify the users or groups that are to be given permission, the security descriptor field is populated with the Security Descriptor Definition Language representation of those groups and privileges. If the security descriptor is left blank, the policy setting is defined in the template, but it is not enforced. Users and groups can be given explicit Allow or Deny privileges on both local access and remote access. The registry settings that are created as a result of enabling the DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax policy setting take precedence over (have higher priority) the previous registry settings in this area. RpcSs checks the new registry keys in the Policies section for the computer restrictions, and these registry entries take precedence over the existing registry keys under OLE. This means that previously existing registry settings are no longer effective, and if you make changes to the existing settings, the computer access permissions for any users are not changed. You should take care to correctly configure their list of users and groups. The possible values for this policy setting are: Blank. This represents the local security policy way of deleting the policy enforcement key. This value deletes the policy and then sets it as Not defined state. The Blank value is set by using the ACL editor and emptying the list, and then pressing OK. SDDL. This is the Security Descriptor Definition Language representation of the groups and privileges you specify when you enable this policy. Not Defined. This is the default value. Note If the administrator is denied permission to access DCOM applications due to the changes made to DCOM in SP2, the administrator can use the DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax policy setting to manage DCOM access to the computer. The administrator can specify which users and groups can access the DCOM application on the computer both locally and remotely by using this setting. This will restore control of the DCOM application to the administrator and users. To do this, open the DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax setting, and click Edit Security. Specify the groups you want to include and the computer access permissions for those groups. This defines the setting and sets the appropriate SDDL value.


Parameter:

[Default]


Technical Mechanism:

(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options!DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax (2) REG: HKEY_LOCAL_MACHINESoftwarepoliciesMicrosoftwindows NTDCOM!MachineAccessRestriction

CCSS Severity:CCSS Metrics:
CCSS Score : 6.7Attack Vector: LOCAL
Exploit Score: 0.8Attack Complexity: LOW
Impact Score: 5.9Privileges Required: HIGH
Severity: MEDIUMUser Interaction: NONE
Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:29311


OVAL    1
oval:org.secpod.oval:def:29311
XCCDF    2
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_8_1
xccdf_org.secpod_benchmark_general_Windows_8_1

© SecPod Technologies