V-213902
CAT IISQL Server must protect against a user falsely repudiating by ensuring only clearly unique Active Directory user accounts can connect to the database.
- Ships Affected
- 1
- Total Findings
- 5
- Open
- 0
- Closed
- 5
Check Text
Execute the following query:
SELECT name
FROM sys.database_principals
WHERE type in ('U','G')
AND name LIKE '%$'
If no users are returned, this is not a finding.
If users are returned, determine whether each user is a computer account.
Launch PowerShell.
Execute the following code:
Note: <name> represents the username portion of the user. For example; if the user is "CONTOSO\user1$", the username is "user1".
([ADSISearcher]"(&(ObjectCategory=Computer)(Name=<name>))").FindAll()
If no account information is returned, this is not a finding.
If account information is returned, this is a finding.
Fix Text
Remove all users that were returned in the check SQL Statement:
SELECT name
FROM sys.database_principals
WHERE type in ('U','G')
AND name LIKE '%$'
To remove users:
Run the following command for each user:
DROP USER [ IF EXISTS ] <user_name>;
STIG Reference
- STIG
- MS SQL Server 2016 Database Security Technical Implementation Guide
- Version
- 3
- Release
- 5
- Rule ID
- SV-213902r960864_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_tempdb_V3R3_20251023-144154.ckl | Unassigned | 2026-01-14T12:57:40.769694 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_msdb_V3R3_20251023-144148.ckl | Unassigned | 2026-01-14T12:57:40.663257 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_model_V3R3_20251023-144128.ckl | Unassigned | 2026-01-14T12:57:40.569961 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_master_V3R3_20251023-144120.ckl | Unassigned | 2026-01-14T12:57:40.470811 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_BEDB_V3R3_20251023-143959.ckl | Unassigned | 2026-01-14T12:57:40.371699 | View in Context |