| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218816 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Server Security Techn... | Access to web administration tools must be restric... | - | |||
Check TextRight-click "InetMgr.exe", then click "Properties" from the "Context" menu. Select the "Security" tab. Review the groups and user names. The following accounts may have Full control privileges: TrustedInstaller Web Managers Web Manager designees CREATOR OWNER The following accounts may have read and execute, or read permissions: Non Web Manager Administrators ALL APPLICATION PACKAGES (built-in security group) ALL RESTRICTED APPLICATION PACKAGES (built-in security group) SYSTEM Users Specific users may be granted read and execute and read permissions. Compare the local documentation authorizing specific users, against the users observed when reviewing the groups and users. If any other access is observed, this is a finding. Fix TextRestrict access to the web administration tool to only the web manager and the web manager’s designees. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: B14CB777EAE28DF9CFD0AB5F6A5C6C0E6EF968AA ~~~~~ ACL for C:\windows\system32\inetsrv\Inetmgr.exe: FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : NT AUTHORITY\SYSTEM IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\Users IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT SERVICE\TrustedInstaller IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES IsInherited : False InheritanceFlags : None PropagationFlags : None
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl
Scan Date: 2026-01-14T12:57:32.874734
Technology Area: Web Review
|
||||||||
| V-218816 | CAT II | MONT-DP-001 | Microsoft IIS 10.0 Server Security Techn... | Access to web administration tools must be restric... | - | |||
Check TextRight-click "InetMgr.exe", then click "Properties" from the "Context" menu. Select the "Security" tab. Review the groups and user names. The following accounts may have Full control privileges: TrustedInstaller Web Managers Web Manager designees CREATOR OWNER The following accounts may have read and execute, or read permissions: Non Web Manager Administrators ALL APPLICATION PACKAGES (built-in security group) ALL RESTRICTED APPLICATION PACKAGES (built-in security group) SYSTEM Users Specific users may be granted read and execute and read permissions. Compare the local documentation authorizing specific users, against the users observed when reviewing the groups and users. If any other access is observed, this is a finding. Fix TextRestrict access to the web administration tool to only the web manager and the web manager’s designees. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: B14CB777EAE28DF9CFD0AB5F6A5C6C0E6EF968AA ~~~~~ ACL for C:\windows\system32\inetsrv\Inetmgr.exe: FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : NT AUTHORITY\SYSTEM IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\Users IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT SERVICE\TrustedInstaller IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES IsInherited : False InheritanceFlags : None PropagationFlags : None
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl
Scan Date: 2026-01-14T12:57:35.201603
Technology Area: Web Review
|
||||||||