V-243486
CAT IIThe Anonymous Logon and Everyone groups must not be members of the Pre-Windows 2000 Compatible Access group.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 1
Check Text
Open "Active Directory Users and Computers" (available from various menus or run "dsa.msc").
Expand the domain being reviewed in the left pane and select the "Builtin" container.
Double-click on the "Pre-Windows 2000 Compatible Access" group in the right pane.
Select the "Members" tab.
If the "Anonymous Logon" or "Everyone" groups are members, this is a finding.
(By default, these groups are not included in current Windows versions.)
Fix Text
Ensure the "Anonymous Logon" and "Everyone" groups are not members of the "Pre-Windows 2000 Compatible Access group". (By default, these groups are not included in current Windows versions.)
Open "Active Directory Users and Computers" (available from various menus or run "dsa.msc").
Expand the domain being reviewed in the left pane and select the "Builtin" container.
Double-click on the "Pre-Windows 2000 Compatible Access" group in the right pane.
Select the "Members" tab.
If the "Anonymous Logon" or "Everyone" groups are members, select each and click "Remove".
STIG Reference
- STIG
- Active Directory Domain Security Technical Implementation Guide
- Version
- 3
- Release
- 7
- Rule ID
- SV-243486r958504_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADDomain_V3R5_20251023-171837.ckl | Unassigned | 2026-01-14T12:57:36.435963 | View in Context |