| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 8AE742FA7487414B54F49AFC49412799439832C2 ~~~~~ Local user accounts on this system. Confirm if any are used by IIS and if so, verify that default passwords have been changed: Name: DOD_Admin Enabled: True SID: S-1-5-21-388225469-2825430915-2362864043-1000 Password Age: 884 days Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 7B7215D4389023C21A17987544BF8519AB42A58E ~~~~~ Local user accounts on this system. Confirm if any are used by IIS and if so, verify that default passwords have been changed: Name: DOD_Admin Enabled: True SID: S-1-5-21-3803552116-1809661109-1744339665-1000 Password Age: 888 days Comments |
|||||
Check Text
Access the IIS 10.0 web server. Access the "Apps" menu. Under "Administrative Tools", select "Computer Management". In left pane, expand "Local Users and Groups" and click "Users". Review the local users listed in the middle pane. If any local accounts are present and used by IIS 10.0, verify with System Administrator that default passwords have been changed. If passwords have not been changed from the default, this is a finding.
Fix Text
Access the IIS 10.0 web server. Access the "Apps" menu. Under Administrative Tools, select Computer Management. In left pane, expand "Local Users and Groups" and click on "Users". Change passwords for any local accounts present that are used by IIS 10.0, then verify with System Administrator default passwords have been changed. Develop an internal process for changing passwords on a regular basis.