| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-243479 | CAT II | MONT-DC-003 | Active Directory Domain Security Technic... | The Directory Service Restore Mode (DSRM) password... | Documented Pending Review | |||
Check TextVerify the DSRM password for each DC is changed at least annually. If logs are retained locally for a sufficient amount of time to capture the log event, the following command will indicate the password reset: PS C:\> Get-WinEvent -FilterHashtable @{Logname='Security'; ID=4794} | Format-Table -Property TimeCreated, Message TimeCreated Message ----------- ------- 10/29/2025 4:47:12 PM An attempt was made to set the Directory Services Restore Mode... If logs are not available, review the site processes around DSRM password reset to determine compliance. If DSRM passwords are not changed for each DC in the domain at least annually, this is a finding. Fix TextChange the DSRM passwords on each DC at least annually with the following commands: C:\> ntdsutil C:\Windows\system32\ntdsutil.exe: Set DSRM Password Reset DSRM Administrator Password: Reset Password on server <servername> Follow prompts to reset the password. CommentsPossibly in 5239?
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADDomain_V3R5_20251023-171837.ckl
Scan Date: 2026-01-14T12:57:36.435963
Technology Area: Domain Name System
|
||||||||