| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-224964 | CAT I | MONT-VSF-004 | Microsoft Windows Server 2016 Security T... | Only administrators responsible for the domain con... | - | |||
Check TextThis applies to domain controllers. A separate version applies to other systems. Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. Standard user accounts must not be members of the local administrator group. If prohibited accounts are members of the local administrators group, this is a finding. If the built-in Administrator account or other required administrative accounts are found on the system, this is not a finding. Fix TextConfigure the Administrators group to include only administrator groups or accounts that are responsible for the system. Remove any standard user accounts. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA.
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl
Scan Date: 2026-01-14T12:57:30.046447
Technology Area: Windows Operating System
|
||||||||
| V-224964 | CAT I | MONT-VSF-003 | Microsoft Windows Server 2016 Security T... | Only administrators responsible for the domain con... | - | |||
Check TextThis applies to domain controllers. A separate version applies to other systems. Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. Standard user accounts must not be members of the local administrator group. If prohibited accounts are members of the local administrators group, this is a finding. If the built-in Administrator account or other required administrative accounts are found on the system, this is not a finding. Fix TextConfigure the Administrators group to include only administrator groups or accounts that are responsible for the system. Remove any standard user accounts. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA.
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl
Scan Date: 2026-01-14T12:57:31.534241
Technology Area: Windows Operating System
|
||||||||
| V-224964 | CAT I | MONT-MB-002 | Microsoft Windows Server 2016 Security T... | Only administrators responsible for the domain con... | - | |||
Check TextThis applies to domain controllers. A separate version applies to other systems. Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. Standard user accounts must not be members of the local administrator group. If prohibited accounts are members of the local administrators group, this is a finding. If the built-in Administrator account or other required administrative accounts are found on the system, this is not a finding. Fix TextConfigure the Administrators group to include only administrator groups or accounts that are responsible for the system. Remove any standard user accounts. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA.
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_WinServer2016_V2R10_20251023-152736.ckl
Scan Date: 2026-01-14T12:57:33.842838
Technology Area: Windows Operating System
|
||||||||
| V-224964 | CAT I | MONT-DP-001 | Microsoft Windows Server 2016 Security T... | Only administrators responsible for the domain con... | - | |||
Check TextThis applies to domain controllers. A separate version applies to other systems. Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. Standard user accounts must not be members of the local administrator group. If prohibited accounts are members of the local administrators group, this is a finding. If the built-in Administrator account or other required administrative accounts are found on the system, this is not a finding. Fix TextConfigure the Administrators group to include only administrator groups or accounts that are responsible for the system. Remove any standard user accounts. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA.
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_WinServer2016_V2R10_20251023-144106.ckl
Scan Date: 2026-01-14T12:57:35.637816
Technology Area: Windows Operating System
|
||||||||
| V-224964 | CAT I | MONT-DC-003 | Microsoft Windows Server 2016 Security T... | Only administrators responsible for the domain con... | - | |||
Check TextThis applies to domain controllers. A separate version applies to other systems. Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. Standard user accounts must not be members of the local administrator group. If prohibited accounts are members of the local administrators group, this is a finding. If the built-in Administrator account or other required administrative accounts are found on the system, this is not a finding. Fix TextConfigure the Administrators group to include only administrator groups or accounts that are responsible for the system. Remove any standard user accounts. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: AECE488AF9D6FA206476E02B634ED70FCEA9659F ~~~~~ The following are members of the local Administrators group: --------------------- Name: MONTFORD-POINT\DOD_Admin objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1000 Name: MONTFORD-POINT\Domain Admins objectClass: Group objectSID: S-1-5-21-1360995287-4027491577-3040029667-512 Name: MONTFORD-POINT\Enterprise Admins objectClass: Group objectSID: S-1-5-21-1360995287-4027491577-3040029667-519 Name: MONTFORD-POINT\MONT-EM-Admin objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1157 Name: MONTFORD-POINT\Montford.backup objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1614 Name: MONTFORD-POINT\montford.exchange objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1118 Name: MONTFORD-POINT\SHB_Admin objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-500 Name: MONTFORD-POINT\tagavrilovic.iaadmin objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1231
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServer2016_V2R10_20251023-172220.ckl
Scan Date: 2026-01-14T12:57:37.248886
Technology Area: Windows Operating System
|
||||||||
| V-224964 | CAT I | MONT-DB-002 | Microsoft Windows Server 2016 Security T... | Only administrators responsible for the domain con... | - | |||
Check TextThis applies to domain controllers. A separate version applies to other systems. Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. Standard user accounts must not be members of the local administrator group. If prohibited accounts are members of the local administrators group, this is a finding. If the built-in Administrator account or other required administrative accounts are found on the system, this is not a finding. Fix TextConfigure the Administrators group to include only administrator groups or accounts that are responsible for the system. Remove any standard user accounts. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA.
Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_WinServer2016_V2R10_20251023-144132.ckl
Scan Date: 2026-01-14T12:57:39.082634
Technology Area: Windows Operating System
|
||||||||
| V-224964 | CAT I | MONT-BE-002 | Microsoft Windows Server 2016 Security T... | Only administrators responsible for the domain con... | - | |||
Check TextThis applies to domain controllers. A separate version applies to other systems. Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. Standard user accounts must not be members of the local administrator group. If prohibited accounts are members of the local administrators group, this is a finding. If the built-in Administrator account or other required administrative accounts are found on the system, this is not a finding. Fix TextConfigure the Administrators group to include only administrator groups or accounts that are responsible for the system. Remove any standard user accounts. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_WinServer2016_V2R10_20251023-143943.ckl
Scan Date: 2026-01-14T12:57:41.363810
Technology Area: Windows Operating System
|
||||||||
| V-224964 | CAT I | MONT-AP-002 | Microsoft Windows Server 2016 Security T... | Only administrators responsible for the domain con... | - | |||
Check TextThis applies to domain controllers. A separate version applies to other systems. Review the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. Standard user accounts must not be members of the local administrator group. If prohibited accounts are members of the local administrators group, this is a finding. If the built-in Administrator account or other required administrative accounts are found on the system, this is not a finding. Fix TextConfigure the Administrators group to include only administrator groups or accounts that are responsible for the system. Remove any standard user accounts. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: F7DE991FB49346C9EC2F2DEEB9D564F37D7ACC9E ~~~~~ System is a 'Member Server' so this requirement is NA.
Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_WinServer2016_V2R10_20251023-144214.ckl
Scan Date: 2026-01-14T12:57:42.721079
Technology Area: Windows Operating System
|
||||||||