V-243487
CAT IIMembership in the Group Policy Creator Owners and Incoming Forest Trust Builders groups must be limited.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 1
- Closed
- 0
Check Text
Start "Active Directory Users and Computers" (Available from various menus or run "dsa.msc").
Review the membership of the "Incoming Forest Trust Builders" group.
Navigate to the "Built-in" container.
Right-click on the "Incoming Forest Trust Builders", select "Properties" and then the "Members" tab.
If any accounts are not documented as necessary with the ISSO, this is a finding.
Review the membership of the "Group Policy Creator Owner" group.
Navigate to the "Users" container.
Right-click on the "Group Policy Creator Owner", select "Properties" and then the "Members" tab.
If any accounts are not documented as necessary with the ISSO, this is a finding.
It is possible to move some system-defined groups from their default locations. If a group is not in the location noted, review other containers to locate.
Fix Text
Document membership of the Group Policy Creator Owners and Incoming Forest Trust Builders groups. Remove any accounts that do not require the privileges these groups assign.
STIG Reference
- STIG
- Active Directory Domain Security Technical Implementation Guide
- Version
- 3
- Release
- 7
- Rule ID
- SV-243487r959010_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADDomain_V3R5_20251023-171837.ckl | Unassigned | 2026-01-14T12:57:36.435963 | View in Context |