| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryDomain_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: B096C379B49B26BC871A78CA4A53DDF65C083469 ~~~~~ Members of 'Administrators' ========================= Name: MONTFORD-POINT\SHB_Admin objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-500 Name: MONTFORD-POINT\DOD_Admin objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1000 Name: MONTFORD-POINT\Enterprise Admins objectClass: Group objectSID: S-1-5-21-1360995287-4027491577-3040029667-519 Name: MONTFORD-POINT\Domain Admins objectClass: Group objectSID: S-1-5-21-1360995287-4027491577-3040029667-512 Name: MONTFORD-POINT\montford.exchange objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1118 Name: MONTFORD-POINT\MONT-EM-Admin objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1157 Name: MONTFORD-POINT\Montford.backup objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1614 Name: MONTFORD-POINT\tagavrilovic.iaadmin objectClass: User objectSID: S-1-5-21-1360995287-4027491577-3040029667-1231 Comments |
|||||
Check Text
If the domain does not have any public facing servers, this is NA. Review the local Administrators group on public facing servers. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. For public facing servers, the Domain Admins group must be replaced by a domain member server administrator group whose members are different from any used to manage internal servers. If any domain accounts or groups used to manage internal servers are members of the local administrators group, this is a finding.
Fix Text
If the domain does not have any public facing servers, this is NA. Configure the system to include only administrator groups or accounts that are responsible for the system in the local Administrators group. For public facing servers, replace the Domain Admins group with a domain member server administrator group whose members are different from any used to manage internal servers.