| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 7EC5A18BF9192AC333D4CC14D51C880FDD39A535 ~~~~~ The following do not have appropriate permissions: C:\ProgramData\Microsoft\Crypto\Keys\125a35bfeec08eb6cf92450e6fb55cd6_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\4f35ff067d87a24bf1990e568e5f967f_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\5aed67ae076fb2f5f53881c402ba0845_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\81994d8c11e3c9f13762296e22c36316_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\a4f113d03572f30f4cb27719b2babfc6_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ Comments |
|||||
Check Text
Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto\Keys Note: If the folder above does not exist, this is not applicable. Verify the permissions on the folder, subfolders, and files are limited to SYSTEM and Administrators FULL CONTROL. In File Explorer: For each folder, subfolder, and file, view the Properties. Select the "Security" tab, and then click "Advanced". Default permissions: C:\ProgramData\Microsoft\Crypto\Keys Type - "Allow" for all Inherited from - "None" for all Principal - Access - Applies to SYSTEM - Full control - This folder, subfolders and files Administrators - Full control - This folder, subfolders and files Everyone - Read - This folder, subfolders, and files Alternately, use icacls: Open a command prompt and enter "icacls" followed by the directory. For each folder, subfolder, and file, view the Properties. "icacls %ALLUSERSPROFILE%\Microsoft\Crypto\Keys" C:\ProgramData\microsoft\crypto\keys NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) Everyone:(OI)(CI)(R) Successfully processed 1 files; Failed processing 0 files If any other user or group has greater than READ privileges to the %ALLUSERSPROFILE%\Microsoft\Crypto\Keys folder, subfolders, and files, this is a finding.
Fix Text
Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto\Keys Modify permissions on the keys folder, subfolders, and files to be limited to SYSTEM and Administrators FULL CONTROL, and to limit all other users/groups to READ. If additional permissions are needed, it must be documented and approved by the information system security officer (ISSO) or information system security manager (ISSM).