| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Server_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: C7672C2E607627099A46E345AF4C5CCB919F07F7 ~~~~~ Path: C:\WINDOWS\system32\inetsrv\Inetmgr.exe OverallState: More restrictive than Expected Compliance: Compliant Unexpected rules... --------------------- State: MoreRestrictive Compliant: True Identity: CREATOR OWNER Type: N/A Basic: N/A Expected: FullControl Advanced: Expected: AppendData, ChangePermissions, CreateDirectories, CreateFiles, Delete, DeleteSubdirectoriesAndFiles, ExecuteFile, ListDirectory, ReadAttributes, ReadData, ReadExtendedAttributes, ReadPermissions, TakeOwnership, Traverse, WriteAttributes, WriteData, WriteExtendedAttributes Inherited: N/A AppliesTo: N/A Summary: Missing Rule: An expected rule with rights 'FullControl' was not found on the system. --------------------- Comments |
|||||
Check Text
Right-click "InetMgr.exe", then click "Properties" from the "Context" menu. Select the "Security" tab. Review the groups and user names. The following accounts may have Full control privileges: TrustedInstaller Web Managers Web Manager designees CREATOR OWNER The following accounts may have read and execute, or read permissions: Non Web Manager Administrators ALL APPLICATION PACKAGES (built-in security group) ALL RESTRICTED APPLICATION PACKAGES (built-in security group) SYSTEM Users Specific users may be granted read and execute and read permissions. Compare the local documentation authorizing specific users, against the users observed when reviewing the groups and users. If any other access is observed, this is a finding.
Fix Text
Restrict access to the web administration tool to only the web manager and the web manager’s designees.