| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: ResultHash: 9A3718B89C7FADF6CB49CB06D125501748FAE274 ~~~~~ Below is a list of local groups and their members (if any): Group: Access Control Assistance Operators Group: Administrators X_Admin DOD_Admin Server Administrator Group Group: Backup Operators Server Administrator Group Group: Certificate Service DCOM Access Group: Cryptographic Operators Group: Distributed COM Users Group: Event Log Readers Group: Guests Visitor Group: Hyper-V Administrators Group: IIS_IUSRS Group: Network Configuration Operators Group: Performance Log Users Group: Performance Monitor Users Group: Power Users Group: Print Operators Group: RDS Endpoint Servers Group: RDS Management Servers Group: RDS Remote Access Servers Group: Remote Desktop Users Server Administrator Group Group: Remote Management Users Group: Replicator Group: Storage Replica Administrators Group: System Managed Accounts Group DefaultAccount Group: Users INTERACTIVE Authenticated Users Domain Users Comments |
|||||
Check Text
Obtain a list of the user accounts with access to the system, including all local and domain accounts. Review the privileges to the web server for each account. Verify with the system administrator or the ISSO that all privileged accounts are mission essential and documented. Verify with the system administrator or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented. If undocumented privileged accounts are found, this is a finding. If undocumented non-administrator access to shell scripts and operating system functions are found, this is a finding. If this IIS 10 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable.
Fix Text
Ensure non-administrators are not allowed access to the directory tree, the shell, or other operating system functions and utilities. All non-administrator access to shell scripts and operating system functions must be mission essential and documented.