| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9E9F312FE6D327D0F8B24DB218DD2C4C9713AAB7 ~~~~~ Create permanent shared objects: No objects assigned to this right. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9E9F312FE6D327D0F8B24DB218DD2C4C9713AAB7 ~~~~~ Create permanent shared objects: No objects assigned to this right. Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9E9F312FE6D327D0F8B24DB218DD2C4C9713AAB7 ~~~~~ Create permanent shared objects: No objects assigned to this right. Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9E9F312FE6D327D0F8B24DB218DD2C4C9713AAB7 ~~~~~ Create permanent shared objects: No objects assigned to this right. Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9E9F312FE6D327D0F8B24DB218DD2C4C9713AAB7 ~~~~~ Create permanent shared objects: No objects assigned to this right. Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9E9F312FE6D327D0F8B24DB218DD2C4C9713AAB7 ~~~~~ Create permanent shared objects: No objects assigned to this right. Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9E9F312FE6D327D0F8B24DB218DD2C4C9713AAB7 ~~~~~ Create permanent shared objects: No objects assigned to this right. Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9E9F312FE6D327D0F8B24DB218DD2C4C9713AAB7 ~~~~~ Create permanent shared objects: No objects assigned to this right. Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any accounts or groups are granted the "Create permanent shared objects" user right, this is a finding. For server core installations, run the following command: Secedit /Export /Areas User_Rights /cfg c:\path\filename.txt Review the text file. If any SIDs are granted the "SeCreatePermanentPrivilege" user right, this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Create permanent shared objects" to be defined but containing no entries (blank).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 3CD4E9016C9F359F5DA68C3C0F6C5C9FA18CC580 ~~~~~ Create symbolic links: BUILTIN\Administrators Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 3CD4E9016C9F359F5DA68C3C0F6C5C9FA18CC580 ~~~~~ Create symbolic links: BUILTIN\Administrators Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 3CD4E9016C9F359F5DA68C3C0F6C5C9FA18CC580 ~~~~~ Create symbolic links: BUILTIN\Administrators Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 3CD4E9016C9F359F5DA68C3C0F6C5C9FA18CC580 ~~~~~ Create symbolic links: BUILTIN\Administrators Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 3CD4E9016C9F359F5DA68C3C0F6C5C9FA18CC580 ~~~~~ Create symbolic links: BUILTIN\Administrators Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 3CD4E9016C9F359F5DA68C3C0F6C5C9FA18CC580 ~~~~~ Create symbolic links: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 8DC9F261287AF19A5EE8460D6B5E63487BED5D57 ~~~~~ Create symbolic links: BUILTIN\Administrators NT VIRTUAL MACHINE\Virtual Machines Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 8DC9F261287AF19A5EE8460D6B5E63487BED5D57 ~~~~~ Create symbolic links: BUILTIN\Administrators NT VIRTUAL MACHINE\Virtual Machines Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any accounts or groups other than the following are granted the "Create symbolic links" user right, this is a finding. - Administrators For server core installations, run the following command: Secedit /Export /Areas User_Rights /cfg c:\path\filename.txt Review the text file. If any SIDs other than the following are granted the "SeCreateSymbolicLinkPrivilege" user right, this is a finding. S-1-5-32-544 (Administrators) Systems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Create symbolic links" to include only the following accounts or groups: - Administrators Systems that have the Hyper-V role will also have "Virtual Machines" given this user right. If this needs to be added manually, enter it as "NT Virtual Machine\Virtual Machines".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2104116F3E578932C6928A7C2DD8A48B8D144C66 ~~~~~ Generate security audits: NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK SERVICE Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2104116F3E578932C6928A7C2DD8A48B8D144C66 ~~~~~ Generate security audits: NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK SERVICE Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2104116F3E578932C6928A7C2DD8A48B8D144C66 ~~~~~ Generate security audits: NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK SERVICE Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2104116F3E578932C6928A7C2DD8A48B8D144C66 ~~~~~ Generate security audits: NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK SERVICE Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2104116F3E578932C6928A7C2DD8A48B8D144C66 ~~~~~ Generate security audits: NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK SERVICE Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: D20741556C0CA674B7D03657501383263B6A90B2 ~~~~~ Generate security audits: IIS APPPOOL\.NET v4.5 IIS APPPOOL\.NET v4.5 Classic IIS APPPOOL\DefaultAppPool NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK SERVICE Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2104116F3E578932C6928A7C2DD8A48B8D144C66 ~~~~~ Generate security audits: NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK SERVICE Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2104116F3E578932C6928A7C2DD8A48B8D144C66 ~~~~~ Generate security audits: NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK SERVICE Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any accounts or groups other than the following are granted the "Generate security audits" user right, this is a finding. - Local Service - Network Service For server core installations, run the following command: Secedit /Export /Areas User_Rights /cfg c:\path\filename.txt Review the text file. If any SIDs other than the following are granted the "SeAuditPrivilege" user right, this is a finding. S-1-5-19 (Local Service) S-1-5-20 (Network Service) If an application requires this user right, this would not be a finding. Vendor documentation must support the requirement for having the user right. The requirement must be documented with the ISSO. The application account must meet requirements for application account passwords, such as length (WN16-00-000060) and required frequency of changes (WN16-00-000070).
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Generate security audits" to include only the following accounts or groups: - Local Service - Network Service
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 71A81E9CA36B32AAB1ED8E7CD3EBF64365CC50CA ~~~~~ Increase scheduling priority: BUILTIN\Administrators Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 71A81E9CA36B32AAB1ED8E7CD3EBF64365CC50CA ~~~~~ Increase scheduling priority: BUILTIN\Administrators Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 71A81E9CA36B32AAB1ED8E7CD3EBF64365CC50CA ~~~~~ Increase scheduling priority: BUILTIN\Administrators Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 71A81E9CA36B32AAB1ED8E7CD3EBF64365CC50CA ~~~~~ Increase scheduling priority: BUILTIN\Administrators Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 71A81E9CA36B32AAB1ED8E7CD3EBF64365CC50CA ~~~~~ Increase scheduling priority: BUILTIN\Administrators Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 71A81E9CA36B32AAB1ED8E7CD3EBF64365CC50CA ~~~~~ Increase scheduling priority: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 71A81E9CA36B32AAB1ED8E7CD3EBF64365CC50CA ~~~~~ Increase scheduling priority: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 71A81E9CA36B32AAB1ED8E7CD3EBF64365CC50CA ~~~~~ Increase scheduling priority: BUILTIN\Administrators Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any accounts or groups other than the following are granted the "Increase scheduling priority" user right, this is a finding. - Administrators For server core installations, run the following command: Secedit /Export /Areas User_Rights /cfg c:\path\filename.txt Review the text file. If any SIDs other than the following are granted the "SeIncreaseBasePriorityPrivilege" user right, this is a finding. S-1-5-32-544 (Administrators) If an application requires this user right, this would not be a finding. Vendor documentation must support the requirement for having the user right. The requirement must be documented with the ISSO. The application account must meet requirements for application account passwords, such as length (WN16-00-000060) and required frequency of changes (WN16-00-000070).
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Increase scheduling priority" to include only the following accounts or groups: - Administrators
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AA88E2DBE75A77500E026C0631E31EB834CB2521 ~~~~~ Lock pages in memory: No objects assigned to this right. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AA88E2DBE75A77500E026C0631E31EB834CB2521 ~~~~~ Lock pages in memory: No objects assigned to this right. Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AA88E2DBE75A77500E026C0631E31EB834CB2521 ~~~~~ Lock pages in memory: No objects assigned to this right. Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AA88E2DBE75A77500E026C0631E31EB834CB2521 ~~~~~ Lock pages in memory: No objects assigned to this right. Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AA88E2DBE75A77500E026C0631E31EB834CB2521 ~~~~~ Lock pages in memory: No objects assigned to this right. Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AA88E2DBE75A77500E026C0631E31EB834CB2521 ~~~~~ Lock pages in memory: No objects assigned to this right. Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AA88E2DBE75A77500E026C0631E31EB834CB2521 ~~~~~ Lock pages in memory: No objects assigned to this right. Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AA88E2DBE75A77500E026C0631E31EB834CB2521 ~~~~~ Lock pages in memory: No objects assigned to this right. Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any accounts or groups are granted the "Lock pages in memory" user right, this is a finding. For server core installations, run the following command: Secedit /Export /Areas User_Rights /cfg c:\path\filename.txt Review the text file. If any SIDs are granted the "SeLockMemoryPrivilege" user right, this is a finding. If an application requires this user right, this would not be a finding. Vendor documentation must support the requirement for having the user right. The requirement must be documented with the ISSO. The application account must meet requirements for application account passwords, such as length (WN16-00-000060) and required frequency of changes (WN16-00-000070).
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Lock pages in memory" to be defined but containing no entries (blank).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 17C44C7943BC8AAB7D21F72E23CEC41AFE1A9F0C ~~~~~ Modify firmware environment values: BUILTIN\Administrators Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 17C44C7943BC8AAB7D21F72E23CEC41AFE1A9F0C ~~~~~ Modify firmware environment values: BUILTIN\Administrators Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 17C44C7943BC8AAB7D21F72E23CEC41AFE1A9F0C ~~~~~ Modify firmware environment values: BUILTIN\Administrators Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 17C44C7943BC8AAB7D21F72E23CEC41AFE1A9F0C ~~~~~ Modify firmware environment values: BUILTIN\Administrators Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 17C44C7943BC8AAB7D21F72E23CEC41AFE1A9F0C ~~~~~ Modify firmware environment values: BUILTIN\Administrators Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 17C44C7943BC8AAB7D21F72E23CEC41AFE1A9F0C ~~~~~ Modify firmware environment values: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 17C44C7943BC8AAB7D21F72E23CEC41AFE1A9F0C ~~~~~ Modify firmware environment values: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 17C44C7943BC8AAB7D21F72E23CEC41AFE1A9F0C ~~~~~ Modify firmware environment values: BUILTIN\Administrators Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any accounts or groups other than the following are granted the "Modify firmware environment values" user right, this is a finding. - Administrators For server core installations, run the following command: Secedit /Export /Areas User_Rights /cfg c:\path\filename.txt Review the text file. If any SIDs other than the following are granted the "SeSystemEnvironmentPrivilege" user right, this is a finding. S-1-5-32-544 (Administrators)
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Modify firmware environment values" to include only the following accounts or groups: - Administrators
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CF44D7B584EFD68DFC4D843B21D491E2F6848B64 ~~~~~ Perform volume maintenance tasks: BUILTIN\Administrators Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CF44D7B584EFD68DFC4D843B21D491E2F6848B64 ~~~~~ Perform volume maintenance tasks: BUILTIN\Administrators Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CF44D7B584EFD68DFC4D843B21D491E2F6848B64 ~~~~~ Perform volume maintenance tasks: BUILTIN\Administrators Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CF44D7B584EFD68DFC4D843B21D491E2F6848B64 ~~~~~ Perform volume maintenance tasks: BUILTIN\Administrators Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CF44D7B584EFD68DFC4D843B21D491E2F6848B64 ~~~~~ Perform volume maintenance tasks: BUILTIN\Administrators Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CF44D7B584EFD68DFC4D843B21D491E2F6848B64 ~~~~~ Perform volume maintenance tasks: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CF44D7B584EFD68DFC4D843B21D491E2F6848B64 ~~~~~ Perform volume maintenance tasks: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CF44D7B584EFD68DFC4D843B21D491E2F6848B64 ~~~~~ Perform volume maintenance tasks: BUILTIN\Administrators Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If an application requires this user right, this is not a finding. Vendor documentation must support the requirement for having the user right. The requirement must be documented with the ISSO. - Administrators For server core installations, run the following command: Secedit /Export /Areas User_Rights /cfg c:\path\filename.txt Review the text file. If any SIDs other than the following are granted the "SeManageVolumePrivilege" user right, this is a finding. S-1-5-32-544 (Administrators)
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> Perform volume maintenance tasks to include only the following accounts or groups: - Administrators
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 15D359836034C5F1C910175CB6D5F67772067F27 ~~~~~ Profile single process: BUILTIN\Administrators Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 15D359836034C5F1C910175CB6D5F67772067F27 ~~~~~ Profile single process: BUILTIN\Administrators Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 15D359836034C5F1C910175CB6D5F67772067F27 ~~~~~ Profile single process: BUILTIN\Administrators Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 15D359836034C5F1C910175CB6D5F67772067F27 ~~~~~ Profile single process: BUILTIN\Administrators Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 15D359836034C5F1C910175CB6D5F67772067F27 ~~~~~ Profile single process: BUILTIN\Administrators Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 15D359836034C5F1C910175CB6D5F67772067F27 ~~~~~ Profile single process: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 15D359836034C5F1C910175CB6D5F67772067F27 ~~~~~ Profile single process: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 15D359836034C5F1C910175CB6D5F67772067F27 ~~~~~ Profile single process: BUILTIN\Administrators Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any accounts or groups other than the following are granted the "Profile single process" user right, this is a finding. - Administrators For server core installations, run the following command: Secedit /Export /Areas User_Rights /cfg c:\path\filename.txt Review the text file. If any SIDs other than the following are granted the "SeProfileSingleProcessPrivilege" user right, this is a finding. S-1-5-32-544 (Administrators)
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Profile single process" to include only the following accounts or groups: - Administrators
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2EE38D6B4E98B44453F4F74A2761EDEB80FBC3B1 ~~~~~ Take ownership of files or other objects: BUILTIN\Administrators Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2EE38D6B4E98B44453F4F74A2761EDEB80FBC3B1 ~~~~~ Take ownership of files or other objects: BUILTIN\Administrators Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2EE38D6B4E98B44453F4F74A2761EDEB80FBC3B1 ~~~~~ Take ownership of files or other objects: BUILTIN\Administrators Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2EE38D6B4E98B44453F4F74A2761EDEB80FBC3B1 ~~~~~ Take ownership of files or other objects: BUILTIN\Administrators Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2EE38D6B4E98B44453F4F74A2761EDEB80FBC3B1 ~~~~~ Take ownership of files or other objects: BUILTIN\Administrators Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2EE38D6B4E98B44453F4F74A2761EDEB80FBC3B1 ~~~~~ Take ownership of files or other objects: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2EE38D6B4E98B44453F4F74A2761EDEB80FBC3B1 ~~~~~ Take ownership of files or other objects: BUILTIN\Administrators Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2EE38D6B4E98B44453F4F74A2761EDEB80FBC3B1 ~~~~~ Take ownership of files or other objects: BUILTIN\Administrators Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any accounts or groups other than the following are granted the "Take ownership of files or other objects" user right, this is a finding. - Administrators For server core installations, run the following command: Secedit /Export /Areas User_Rights /cfg c:\path\filename.txt Review the text file. If any SIDs other than the following are granted the "SeTakeOwnershipPrivilege" user right, this is a finding. S-1-5-32-544 (Administrators) If an application requires this user right, this would not be a finding. Vendor documentation must support the requirement for having the user right. The requirement must be documented with the ISSO. The application account must meet requirements for application account passwords, such as length (WN16-00-000060) and required frequency of changes (WN16-00-000070).
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Take ownership of files or other objects" to include only the following accounts or groups: - Administrators
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: 77C995428C2623C12745CA5F3EB37B8F7B8DEC30 ~~~~~ 'Turn off Preview Pane' is Enabled Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoPreviewPane Value: 0x00000001 (1) Type: REG_DWORD 'Turn on or off details pane' is Enabled: (Always hide) Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoReadingPane Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\S.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1105 ResultHash: 77C995428C2623C12745CA5F3EB37B8F7B8DEC30 ~~~~~ 'Turn off Preview Pane' is Enabled Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoPreviewPane Value: 0x00000001 (1) Type: REG_DWORD 'Turn on or off details pane' is Enabled: (Always hide) Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoReadingPane Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\S.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1105 ResultHash: 77C995428C2623C12745CA5F3EB37B8F7B8DEC30 ~~~~~ 'Turn off Preview Pane' is Enabled Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoPreviewPane Value: 0x00000001 (1) Type: REG_DWORD 'Turn on or off details pane' is Enabled: (Always hide) Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoReadingPane Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\d.admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: 77C995428C2623C12745CA5F3EB37B8F7B8DEC30 ~~~~~ 'Turn off Preview Pane' is Enabled Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoPreviewPane Value: 0x00000001 (1) Type: REG_DWORD 'Turn on or off details pane' is Enabled: (Always hide) Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoReadingPane Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: 77C995428C2623C12745CA5F3EB37B8F7B8DEC30 ~~~~~ 'Turn off Preview Pane' is Enabled Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoPreviewPane Value: 0x00000001 (1) Type: REG_DWORD 'Turn on or off details pane' is Enabled: (Always hide) Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoReadingPane Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\montford.exchange UserSID: S-1-5-21-1360995287-4027491577-3040029667-1118 ResultHash: 77C995428C2623C12745CA5F3EB37B8F7B8DEC30 ~~~~~ 'Turn off Preview Pane' is Enabled Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoPreviewPane Value: 0x00000001 (1) Type: REG_DWORD 'Turn on or off details pane' is Enabled: (Always hide) Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoReadingPane Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: 77C995428C2623C12745CA5F3EB37B8F7B8DEC30 ~~~~~ 'Turn off Preview Pane' is Enabled Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoPreviewPane Value: 0x00000001 (1) Type: REG_DWORD 'Turn on or off details pane' is Enabled: (Always hide) Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoReadingPane Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: 77C995428C2623C12745CA5F3EB37B8F7B8DEC30 ~~~~~ 'Turn off Preview Pane' is Enabled Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoPreviewPane Value: 0x00000001 (1) Type: REG_DWORD 'Turn on or off details pane' is Enabled: (Always hide) Registry Path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoReadingPane Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry values do not exist or are not configured as specified, this is a finding: Registry Hive: HKEY_CURRENT_USER Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoPreviewPane Value Type: REG_DWORD Value: 1 Registry Hive: HKEY_CURRENT_USER Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoReadingPane Value Type: REG_DWORD Value: 1
Fix Text
Ensure the following settings are configured for Windows Server 2016 locally or applied through group policy. Configure the policy value for User Configuration >> Administrative Templates >> Windows Components >> File Explorer >> Explorer Frame Pane "Turn off Preview Pane" to "Enabled". Configure the policy value for User Configuration >> Administrative Templates >> Windows Components >> File Explorer >> Explorer Frame Pane "Turn on or off details pane" to "Enabled" and "Configure details pane" to "Always hide".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 56E6F54E8938A352E852631461F5158DC77ED0F1 ~~~~~ DomainRole: Member Server NtpClient (Local) Type: NT5DS (Policy) Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 56E6F54E8938A352E852631461F5158DC77ED0F1 ~~~~~ DomainRole: Member Server NtpClient (Local) Type: NT5DS (Policy) Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 56E6F54E8938A352E852631461F5158DC77ED0F1 ~~~~~ DomainRole: Member Server NtpClient (Local) Type: NT5DS (Policy) Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be OPEN on 10/23/2025 ResultHash: 88A87293C2622EEB484E11DDD7762929A04734DC ~~~~~ DomainRole: Primary Domain Controller NtpClient (Local) Type: NT5DS (Policy) [expected 'NTP'] Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 56E6F54E8938A352E852631461F5158DC77ED0F1 ~~~~~ DomainRole: Member Server NtpClient (Local) Type: NT5DS (Policy) Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 56E6F54E8938A352E852631461F5158DC77ED0F1 ~~~~~ DomainRole: Member Server NtpClient (Local) Type: NT5DS (Policy) Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 56E6F54E8938A352E852631461F5158DC77ED0F1 ~~~~~ DomainRole: Member Server NtpClient (Local) Type: NT5DS (Policy) Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 56E6F54E8938A352E852631461F5158DC77ED0F1 ~~~~~ DomainRole: Member Server NtpClient (Local) Type: NT5DS (Policy) Comments |
|||||
Check Text
Review the Windows time service configuration. Open an elevated "Command Prompt" (run as administrator). Enter "W32tm /query /configuration". Domain-joined systems (excluding the domain controller with the PDC emulator role): If the value for "Type" under "NTP Client" is not "NT5DS", this is a finding. Other systems: If systems are configured with a "Type" of "NTP", including standalone or nondomain-joined systems and the domain controller with the PDC Emulator role, and do not have a DoD time server defined for "NTPServer", this is a finding. To determine the domain controller with the PDC Emulator role: Open "PowerShell". Enter "Get-ADDomain | FT PDCEmulator".
Fix Text
Configure the system to synchronize time with an appropriate DoD time source. Domain-joined systems use NT5DS to synchronize time from other systems in the domain by default. If the system needs to be configured to an NTP server, configure the system to point to an authorized time server by setting the policy value for Computer Configuration >> Administrative Templates >> System >> Windows Time Service >> Time Providers >> "Configure Windows NTP Client" to "Enabled", and configure the "NtpServer" field to point to an appropriate DoD time server. The US Naval Observatory operates stratum 1 time servers, which are identified at: https://www.cnmoc.usff.navy.mil/Our-Commands/United-States-Naval-Observatory/Precise-Time-Department/Network-Time-Protocol-NTP/ Time synchronization will occur through a hierarchy of time servers down to the local level. Clients and lower-level servers will synchronize with an authorized time server in the hierarchy.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA. Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA. Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be OPEN on 10/23/2025 ResultHash: C790E842E0293FA6B6AD6477F74365B9E2600758 ~~~~~ The setting 'MaxConnIdleTime' is NOT Configured Value: 900 [Expected: 300] Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA. Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA. Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA. Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA. Comments |
|||||
Check Text
This applies to domain controllers. It is NA for other systems. Open an elevated "Command Prompt" (run as administrator). Enter "ntdsutil". At the "ntdsutil:" prompt, enter "LDAP policies". At the "ldap policy:" prompt, enter "connections". At the "server connections:" prompt, enter "connect to server [host-name]" (where [host-name] is the computer name of the domain controller). At the "server connections:" prompt, enter "q". At the "ldap policy:" prompt, enter "show values". If the value for MaxConnIdleTime is greater than "300" (5 minutes) or is not specified, this is a finding. Enter "q" at the "ldap policy:" and "ntdsutil:" prompts to exit. Alternately, Dsquery can be used to display MaxConnIdleTime: Open "Command Prompt (Admin)". Enter the following command (on a single line). dsquery * "cn=Default Query Policy,cn=Query-Policies,cn=Directory Service, cn=Windows NT,cn=Services,cn=Configuration,dc=[forest-name]" -attr LDAPAdminLimits The quotes are required and dc=[forest-name] is the fully qualified LDAP name of the domain being reviewed (e.g., dc=disaost,dc=mil). If the results do not specify a "MaxConnIdleTime" or it has a value greater than "300" (5 minutes), this is a finding.
Fix Text
Configure the directory service to terminate LDAP-based network connections to the directory server after 5 minutes of inactivity. Open an elevated "Command prompt" (run as administrator). Enter "ntdsutil". At the "ntdsutil:" prompt, enter "LDAP policies". At the "ldap policy:" prompt, enter "connections". At the "server connections:" prompt, enter "connect to server [host-name]" (where [host-name] is the computer name of the domain controller). At the "server connections:" prompt, enter "q". At the "ldap policy:" prompt, enter "Set MaxConnIdleTime to 300". Enter "Commit Changes" to save. Enter "Show values" to verify changes. Enter "q" at the "ldap policy:" and "ntdsutil:" prompts to exit.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 441A3895DA97E895CBFC18CFC98C8DF854F334FE ~~~~~ No printers are configured on this server so this requirement is NA. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 441A3895DA97E895CBFC18CFC98C8DF854F334FE ~~~~~ No printers are configured on this server so this requirement is NA. Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 441A3895DA97E895CBFC18CFC98C8DF854F334FE ~~~~~ No printers are configured on this server so this requirement is NA. Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 441A3895DA97E895CBFC18CFC98C8DF854F334FE ~~~~~ No printers are configured on this server so this requirement is NA. Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 441A3895DA97E895CBFC18CFC98C8DF854F334FE ~~~~~ No printers are configured on this server so this requirement is NA. Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 441A3895DA97E895CBFC18CFC98C8DF854F334FE ~~~~~ No printers are configured on this server so this requirement is NA. Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 441A3895DA97E895CBFC18CFC98C8DF854F334FE ~~~~~ No printers are configured on this server so this requirement is NA. Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 441A3895DA97E895CBFC18CFC98C8DF854F334FE ~~~~~ No printers are configured on this server so this requirement is NA. Comments |
|||||
Check Text
Open "Devices and Printers". If there are no printers configured, this is NA. (Exclude Microsoft Print to PDF and Microsoft XPS Document Writer, which do not support sharing.) For each printer: Right-click on the printer. Select "Printer Properties". Select the "Sharing" tab. If "Share this printer" is checked, select the "Security" tab. If any standard user accounts or groups have permissions other than "Print", this is a finding. The default is for the "Everyone" group to be given "Print" permission. "All APPLICATION PACKAGES" and "CREATOR OWNER" are not standard user accounts.
Fix Text
Configure the permissions on shared printers to restrict standard users to only have Print permissions.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F00AB6308F2F40793871577252596AC96D27494C ~~~~~ Confirm-SecureBootUEFI = True Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F00AB6308F2F40793871577252596AC96D27494C ~~~~~ Confirm-SecureBootUEFI = True Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F00AB6308F2F40793871577252596AC96D27494C ~~~~~ Confirm-SecureBootUEFI = True Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F00AB6308F2F40793871577252596AC96D27494C ~~~~~ Confirm-SecureBootUEFI = True Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F00AB6308F2F40793871577252596AC96D27494C ~~~~~ Confirm-SecureBootUEFI = True Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F00AB6308F2F40793871577252596AC96D27494C ~~~~~ Confirm-SecureBootUEFI = True Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F00AB6308F2F40793871577252596AC96D27494C ~~~~~ Confirm-SecureBootUEFI = True Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F00AB6308F2F40793871577252596AC96D27494C ~~~~~ Confirm-SecureBootUEFI = True Comments |
|||||
Check Text
Some older systems may not have UEFI firmware. This is currently a CAT III; it will be raised in severity at a future date when broad support of Windows hardware and firmware requirements are expected to be met. Devices that have UEFI firmware must have Secure Boot enabled. Run "System Information". Under "System Summary", if "Secure Boot State" does not display "On", this is a finding.
Fix Text
Enable Secure Boot in the system firmware.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
Check Text
Some older systems may not have UEFI firmware. This is currently a CAT III; it will be raised in severity at a future date when broad support of Windows hardware and firmware requirements are expected to be met. Devices that have UEFI firmware must run in "UEFI" mode. Verify the system firmware is configured to run in "UEFI" mode, not "Legacy BIOS". Run "System Information". Under "System Summary", if "BIOS Mode" does not display "UEFI", this is a finding.
Fix Text
Configure UEFI firmware to run in "UEFI" mode, not "Legacy BIOS" mode.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5B7F3DBF2EEB35ABC4253F9297BCD53D6366582D ~~~~~ 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5B7F3DBF2EEB35ABC4253F9297BCD53D6366582D ~~~~~ 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5B7F3DBF2EEB35ABC4253F9297BCD53D6366582D ~~~~~ 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5B7F3DBF2EEB35ABC4253F9297BCD53D6366582D ~~~~~ 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5B7F3DBF2EEB35ABC4253F9297BCD53D6366582D ~~~~~ 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5B7F3DBF2EEB35ABC4253F9297BCD53D6366582D ~~~~~ 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5B7F3DBF2EEB35ABC4253F9297BCD53D6366582D ~~~~~ 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5B7F3DBF2EEB35ABC4253F9297BCD53D6366582D ~~~~~ 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ Value Name: DisableIPSourceRouting Type: REG_DWORD Value: 0x00000002 (2)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> MSS (Legacy) >> "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to "Enabled" with "Highest protection, source routing is completely disabled" selected. This policy setting requires the installation of the MSS-Legacy custom templates included with the STIG package. "MSS-Legacy.admx" and "MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C236E1E979B93CAEBC067AFFB9C8A111BFC54C03 ~~~~~ 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C236E1E979B93CAEBC067AFFB9C8A111BFC54C03 ~~~~~ 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C236E1E979B93CAEBC067AFFB9C8A111BFC54C03 ~~~~~ 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C236E1E979B93CAEBC067AFFB9C8A111BFC54C03 ~~~~~ 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C236E1E979B93CAEBC067AFFB9C8A111BFC54C03 ~~~~~ 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C236E1E979B93CAEBC067AFFB9C8A111BFC54C03 ~~~~~ 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C236E1E979B93CAEBC067AFFB9C8A111BFC54C03 ~~~~~ 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C236E1E979B93CAEBC067AFFB9C8A111BFC54C03 ~~~~~ 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is Enabled with 'Highest protection, source routing is completely disabled' Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name: DisableIPSourceRouting Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: DisableIPSourceRouting Value Type: REG_DWORD Value: 0x00000002 (2)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> MSS (Legacy) >> "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" to "Enabled" with "Highest protection, source routing is completely disabled" selected. This policy setting requires the installation of the MSS-Legacy custom templates included with the STIG package. "MSS-Legacy.admx" and "MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1DDC780C39BA1038E120F73A8B04C0E6786A7642 ~~~~~ 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is Disabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: EnableICMPRedirect Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1DDC780C39BA1038E120F73A8B04C0E6786A7642 ~~~~~ 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is Disabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: EnableICMPRedirect Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1DDC780C39BA1038E120F73A8B04C0E6786A7642 ~~~~~ 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is Disabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: EnableICMPRedirect Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1DDC780C39BA1038E120F73A8B04C0E6786A7642 ~~~~~ 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is Disabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: EnableICMPRedirect Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1DDC780C39BA1038E120F73A8B04C0E6786A7642 ~~~~~ 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is Disabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: EnableICMPRedirect Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1DDC780C39BA1038E120F73A8B04C0E6786A7642 ~~~~~ 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is Disabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: EnableICMPRedirect Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1DDC780C39BA1038E120F73A8B04C0E6786A7642 ~~~~~ 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is Disabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: EnableICMPRedirect Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1DDC780C39BA1038E120F73A8B04C0E6786A7642 ~~~~~ 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is Disabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: EnableICMPRedirect Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ Value Name: EnableICMPRedirect Value Type: REG_DWORD Value: 0x00000000 (0)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> MSS (Legacy) >> "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" to "Disabled". This policy setting requires the installation of the MSS-Legacy custom templates included with the STIG package. "MSS-Legacy.admx" and "MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2C22458F77057B8B0299AC398322BD1B4C853C80 ~~~~~ 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ Value Name: NoNameReleaseOnDemand Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2C22458F77057B8B0299AC398322BD1B4C853C80 ~~~~~ 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ Value Name: NoNameReleaseOnDemand Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2C22458F77057B8B0299AC398322BD1B4C853C80 ~~~~~ 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ Value Name: NoNameReleaseOnDemand Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2C22458F77057B8B0299AC398322BD1B4C853C80 ~~~~~ 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ Value Name: NoNameReleaseOnDemand Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2C22458F77057B8B0299AC398322BD1B4C853C80 ~~~~~ 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ Value Name: NoNameReleaseOnDemand Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2C22458F77057B8B0299AC398322BD1B4C853C80 ~~~~~ 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ Value Name: NoNameReleaseOnDemand Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2C22458F77057B8B0299AC398322BD1B4C853C80 ~~~~~ 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ Value Name: NoNameReleaseOnDemand Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2C22458F77057B8B0299AC398322BD1B4C853C80 ~~~~~ 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ Value Name: NoNameReleaseOnDemand Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ Value Name: NoNameReleaseOnDemand Value Type: REG_DWORD Value: 0x00000001 (1)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> MSS (Legacy) >> "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" to "Enabled". This policy setting requires the installation of the MSS-Legacy custom templates included with the STIG package. "MSS-Legacy.admx" and "MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C098CF3CC287BA2ADF7ECCD0876CB0AF916DA7DD ~~~~~ 'Turn off Inventory Collector' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\ Value Name: DisableInventory Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C098CF3CC287BA2ADF7ECCD0876CB0AF916DA7DD ~~~~~ 'Turn off Inventory Collector' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\ Value Name: DisableInventory Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C098CF3CC287BA2ADF7ECCD0876CB0AF916DA7DD ~~~~~ 'Turn off Inventory Collector' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\ Value Name: DisableInventory Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C098CF3CC287BA2ADF7ECCD0876CB0AF916DA7DD ~~~~~ 'Turn off Inventory Collector' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\ Value Name: DisableInventory Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C098CF3CC287BA2ADF7ECCD0876CB0AF916DA7DD ~~~~~ 'Turn off Inventory Collector' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\ Value Name: DisableInventory Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C098CF3CC287BA2ADF7ECCD0876CB0AF916DA7DD ~~~~~ 'Turn off Inventory Collector' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\ Value Name: DisableInventory Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C098CF3CC287BA2ADF7ECCD0876CB0AF916DA7DD ~~~~~ 'Turn off Inventory Collector' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\ Value Name: DisableInventory Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C098CF3CC287BA2ADF7ECCD0876CB0AF916DA7DD ~~~~~ 'Turn off Inventory Collector' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\ Value Name: DisableInventory Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\AppCompat\ Value Name: DisableInventory Type: REG_DWORD Value: 0x00000001 (1)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Application Compatibility >> "Turn off Inventory Collector" to "Enabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0EF9BB2C375D5A8DF639906A5CF6EF345EA6C5DA ~~~~~ 'Turn off heap termination on corruption' is Not Configured in Group Policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption (Not found) Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0EF9BB2C375D5A8DF639906A5CF6EF345EA6C5DA ~~~~~ 'Turn off heap termination on corruption' is Not Configured in Group Policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption (Not found) Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0EF9BB2C375D5A8DF639906A5CF6EF345EA6C5DA ~~~~~ 'Turn off heap termination on corruption' is Not Configured in Group Policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption (Not found) Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0EF9BB2C375D5A8DF639906A5CF6EF345EA6C5DA ~~~~~ 'Turn off heap termination on corruption' is Not Configured in Group Policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption (Not found) Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0EF9BB2C375D5A8DF639906A5CF6EF345EA6C5DA ~~~~~ 'Turn off heap termination on corruption' is Not Configured in Group Policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption (Not found) Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0EF9BB2C375D5A8DF639906A5CF6EF345EA6C5DA ~~~~~ 'Turn off heap termination on corruption' is Not Configured in Group Policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption (Not found) Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0EF9BB2C375D5A8DF639906A5CF6EF345EA6C5DA ~~~~~ 'Turn off heap termination on corruption' is Not Configured in Group Policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption (Not found) Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0EF9BB2C375D5A8DF639906A5CF6EF345EA6C5DA ~~~~~ 'Turn off heap termination on corruption' is Not Configured in Group Policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption (Not found) Comments |
|||||
Check Text
The default behavior is for File Explorer heap termination on corruption to be enabled. If the registry Value Name below does not exist, this is not a finding. If it exists and is configured with a value of "0", this is not a finding. If it exists and is configured with a value of "1", this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption Value Type: REG_DWORD Value: 0x00000000 (0) (or if the Value Name does not exist)
Fix Text
The default behavior is for File Explorer heap termination on corruption to be disabled. If this needs to be corrected, configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> File Explorer >> "Turn off heap termination on corruption" to "Not Configured" or "Disabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 94854FF1D86F23AA1E8C8DA8BD0A2FDD0916B300 ~~~~~ 'Interactive logon: Message title for users attempting to log on' is Configured Properly Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LegalNoticeCaption Value: US Department of Defense Warning Statement Type: REG_SZ Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 94854FF1D86F23AA1E8C8DA8BD0A2FDD0916B300 ~~~~~ 'Interactive logon: Message title for users attempting to log on' is Configured Properly Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LegalNoticeCaption Value: US Department of Defense Warning Statement Type: REG_SZ Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 94854FF1D86F23AA1E8C8DA8BD0A2FDD0916B300 ~~~~~ 'Interactive logon: Message title for users attempting to log on' is Configured Properly Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LegalNoticeCaption Value: US Department of Defense Warning Statement Type: REG_SZ Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 94854FF1D86F23AA1E8C8DA8BD0A2FDD0916B300 ~~~~~ 'Interactive logon: Message title for users attempting to log on' is Configured Properly Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LegalNoticeCaption Value: US Department of Defense Warning Statement Type: REG_SZ Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 94854FF1D86F23AA1E8C8DA8BD0A2FDD0916B300 ~~~~~ 'Interactive logon: Message title for users attempting to log on' is Configured Properly Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LegalNoticeCaption Value: US Department of Defense Warning Statement Type: REG_SZ Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 94854FF1D86F23AA1E8C8DA8BD0A2FDD0916B300 ~~~~~ 'Interactive logon: Message title for users attempting to log on' is Configured Properly Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LegalNoticeCaption Value: US Department of Defense Warning Statement Type: REG_SZ Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 94854FF1D86F23AA1E8C8DA8BD0A2FDD0916B300 ~~~~~ 'Interactive logon: Message title for users attempting to log on' is Configured Properly Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LegalNoticeCaption Value: US Department of Defense Warning Statement Type: REG_SZ Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 94854FF1D86F23AA1E8C8DA8BD0A2FDD0916B300 ~~~~~ 'Interactive logon: Message title for users attempting to log on' is Configured Properly Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LegalNoticeCaption Value: US Department of Defense Warning Statement Type: REG_SZ Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ Value Name: LegalNoticeCaption Value Type: REG_SZ Value: See message title options below "DoD Notice and Consent Banner", "US Department of Defense Warning Statement", or an organization-defined equivalent. If an organization-defined title is used, it can in no case contravene or modify the language of the banner text required in WN16-SO-000150. Automated tools may only search for the titles defined above. If an organization-defined title is used, a manual review will be required.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Interactive Logon: Message title for users attempting to log on" to "DoD Notice and Consent Banner", "US Department of Defense Warning Statement", or an organization-defined equivalent. If an organization-defined title is used, it can in no case contravene or modify the language of the message text required in WN16-SO-000150.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: BFB64B7D780EA1E5C79D016BA948BBC98408343C ~~~~~ 'System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\ Value Name: ProtectionMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: BFB64B7D780EA1E5C79D016BA948BBC98408343C ~~~~~ 'System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\ Value Name: ProtectionMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: BFB64B7D780EA1E5C79D016BA948BBC98408343C ~~~~~ 'System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\ Value Name: ProtectionMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: BFB64B7D780EA1E5C79D016BA948BBC98408343C ~~~~~ 'System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\ Value Name: ProtectionMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: BFB64B7D780EA1E5C79D016BA948BBC98408343C ~~~~~ 'System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\ Value Name: ProtectionMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: BFB64B7D780EA1E5C79D016BA948BBC98408343C ~~~~~ 'System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\ Value Name: ProtectionMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: BFB64B7D780EA1E5C79D016BA948BBC98408343C ~~~~~ 'System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\ Value Name: ProtectionMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: BFB64B7D780EA1E5C79D016BA948BBC98408343C ~~~~~ 'System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\ Value Name: ProtectionMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Control\Session Manager\ Value Name: ProtectionMode Value Type: REG_DWORD Value: 0x00000001 (1)
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)" to "Enabled".