| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: B14CB777EAE28DF9CFD0AB5F6A5C6C0E6EF968AA ~~~~~ ACL for C:\windows\system32\inetsrv\Inetmgr.exe: FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : NT AUTHORITY\SYSTEM IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\Users IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT SERVICE\TrustedInstaller IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES IsInherited : False InheritanceFlags : None PropagationFlags : None Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: B14CB777EAE28DF9CFD0AB5F6A5C6C0E6EF968AA ~~~~~ ACL for C:\windows\system32\inetsrv\Inetmgr.exe: FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : NT AUTHORITY\SYSTEM IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\Administrators IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : BUILTIN\Users IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT SERVICE\TrustedInstaller IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES IsInherited : False InheritanceFlags : None PropagationFlags : None FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES IsInherited : False InheritanceFlags : None PropagationFlags : None Comments |
|||||
Check Text
Right-click "InetMgr.exe", then click "Properties" from the "Context" menu. Select the "Security" tab. Review the groups and user names. The following accounts may have Full control privileges: TrustedInstaller Web Managers Web Manager designees CREATOR OWNER The following accounts may have read and execute, or read permissions: Non Web Manager Administrators ALL APPLICATION PACKAGES (built-in security group) ALL RESTRICTED APPLICATION PACKAGES (built-in security group) SYSTEM Users Specific users may be granted read and execute and read permissions. Compare the local documentation authorizing specific users, against the users observed when reviewing the groups and users. If any other access is observed, this is a finding.
Fix Text
Restrict access to the web administration tool to only the web manager and the web manager’s designees.