V-243502
CAT IIMembership to the Schema Admins group must be limited.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 1
- Closed
- 0
Check Text
Open "Active Directory Users and Computers" on a domain controller in the forest root domain.
Navigate to the "Users" container.
Right-click on "Schema Admins" and select "Properties", and then select the "Members" tab.
If any accounts other than the built-in Administrators group are members, verify their necessity with the ISSO.
If any accounts are members of the group when schema changes are not being made, this is a finding.
Fix Text
Limit membership in the Schema Admins group to only those accounts necessary during a schema update. Remove accounts when the updates are complete. Document accounts necessary during schema updates with the ISSO.
STIG Reference
- STIG
- Active Directory Forest Security Technical Implementation Guide
- Version
- 3
- Release
- 2
- Rule ID
- SV-243502r1026198_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADForest_V3R2_20251023-171845.ckl | Unassigned | 2026-01-14T12:57:36.607366 | View in Context |