| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: EA9ADF8CB9E0266A589B46264A47E80FE235F3DD ~~~~~ The following do not have appropriate permissions: C:\ProgramData\Microsoft\Crypto Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\DSS Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\OIDInfo Principal: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Access: ReadAndExecute, Synchronize Compliant: False Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\PCPKSP Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\RSA Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys Principal: Everyone Access: Write, Read, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\125a35bfeec08eb6cf92450e6fb55cd6_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\4f35ff067d87a24bf1990e568e5f967f_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\5aed67ae076fb2f5f53881c402ba0845_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\81994d8c11e3c9f13762296e22c36316_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\a4f113d03572f30f4cb27719b2babfc6_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\OIDInfo\DsOIDInfo.dat Principal: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Access: ReadAndExecute, Synchronize Compliant: False Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK Principal: NT AUTHORITY\LOCAL SERVICE Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\e04d2bb76e11a8d559731f8fcc875f7324bf0f22 Principal: NT AUTHORITY\LOCAL SERVICE Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\e04d2bb76e11a8d559731f8fcc875f7324bf0f22\fb795632abfa22e9fad1700565d5c4527e380379.PCPKEY Principal: NT AUTHORITY\LOCAL SERVICE Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys Principal: Everyone Access: Write, Read, Synchronize Compliant: False ------------------------------------------------------------------------ Comments |
|||||
Check Text
Access Windows Explorer. Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto Note: If the folder above does not exist, this check is not applicable. Verify the permissions on the folder, subfolders, and files are limited to "SYSTEM" and Administrators for "FULL CONTROL". If any other user or group has greater than READ permissions to the %ALLUSERSPROFILE%\Microsoft\Crypto folder, subfolders, and files, this is a finding.
Fix Text
Access Windows Explorer. Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto Modify permissions on the folder, subfolders, and files to "FULL CONTROL" for "SYSTEM" and Administrators and to "READ" for all other users/groups. If additional permissions are needed, it must be documented and approved by the ISSO or ISSM.