| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 67D7443EABCEBA86F318DC3E0BAE19A215A4A644 ~~~~~ Network access: Let Everyone permissions apply to anonymous users is set to Disabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: EveryoneIncludesAnonymous Value 0 Path: C:\Program Files OverallState: Expected permissions in place Compliance: Compliant Path: C:\Program Files (x86) OverallState: Expected permissions in place Compliance: Compliant Comments |
|||||
Check Text
The default permissions are adequate when the Security Option "Network access: Let Everyone permissions apply to anonymous users" is set to "Disabled" (WN22-SO-000240). Review the permissions for the program file directories (Program Files and Program Files [x86]). Nonprivileged groups such as Users or Authenticated Users must not have greater than "Read & execute" permissions. Individual accounts must not be used to assign permissions. If permissions are not as restrictive as the default permissions listed below, this is a finding. Viewing in File Explorer: For each folder, view the Properties. Select the "Security" tab, and the "Advanced" button. Default permissions: \Program Files and \Program Files (x86) Type - "Allow" for all Inherited from - "None" for all Principal - Access - Applies to TrustedInstaller - Full control - This folder and subfolders SYSTEM - Modify - This folder only SYSTEM - Full control - Subfolders and files only Administrators - Modify - This folder only Administrators - Full control - Subfolders and files only Users - Read & execute - This folder, subfolders and files CREATOR OWNER - Full control - Subfolders and files only ALL APPLICATION PACKAGES - Read & execute - This folder, subfolders, and files ALL RESTRICTED APPLICATION PACKAGES - Read & execute - This folder, subfolders, and files Alternately, use icacls: Open a Command prompt (admin). Enter "icacls" followed by the directory: 'icacls "c:\program files"' 'icacls "c:\program files (x86)"' The following results must be displayed for each when entered: c:\program files (c:\program files (x86)) NT SERVICE\TrustedInstaller:(F) NT SERVICE\TrustedInstaller:(CI)(IO)(F) NT AUTHORITY\SYSTEM:(M) NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F) BUILTIN\Administrators:(M) BUILTIN\Administrators:(OI)(CI)(IO)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(OI)(CI)(IO)(F) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE) APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(RX) APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE) Successfully processed 1 files; Failed processing 0 files
Fix Text
Maintain the default permissions for the program file directories and configure the Security Option "Network access: Let Everyone permissions apply to anonymous users" to "Disabled" (WN22-SO-000240). Default permissions: \Program Files and \Program Files (x86) Type - "Allow" for all Inherited from - "None" for all Principal - Access - Applies to TrustedInstaller - Full control - This folder and subfolders SYSTEM - Modify - This folder only SYSTEM - Full control - Subfolders and files only Administrators - Modify - This folder only Administrators - Full control - Subfolders and files only Users - Read & execute - This folder, subfolders, and files CREATOR OWNER - Full control - Subfolders and files only ALL APPLICATION PACKAGES - Read & execute - This folder, subfolders, and files ALL RESTRICTED APPLICATION PACKAGES - Read & execute - This folder, subfolders, and files