V-254254
CAT IIWindows Server 2022 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 1
Check Text
Review the registry permissions for the keys of the HKEY_LOCAL_MACHINE hive noted below.
If any nonprivileged groups such as Everyone, Users, or Authenticated Users have greater than Read permission, this is a finding.
If permissions are not as restrictive as the default permissions listed below, this is a finding:
Run "Regedit".
Right-click on the registry areas noted below.
Select "Permissions" and "Advanced".
HKEY_LOCAL_MACHINE\SECURITY
Type - "Allow" for all
Inherited from - "None" for all
Principal - Access - Applies to
SYSTEM - Full Control - This key and subkeys
Administrators - Special - This key and subkeys
HKEY_LOCAL_MACHINE\SOFTWARE
Type - "Allow" for all
Inherited from - "None" for all
Principal - Access - Applies to
Users - Read - This key and subkeys
Administrators - Full Control - This key and subkeys
SYSTEM - Full Control - This key and subkeys
CREATOR OWNER - Full Control - This key and subkeys
ALL APPLICATION PACKAGES - Read - This key and subkeys
HKEY_LOCAL_MACHINE\SYSTEM
Type - "Allow" for all
Inherited from - "None" for all
Principal - Access - Applies to
Authenticated Users - Read - This key and subkeys
Administrators - Full Control - This key and subkeys
SYSTEM - Full Control - This key and subkeys
CREATOR OWNER - Full Control - This key and Subkeys
ALL APPLICATION PACKAGES - Read - This key and subkeys
Server Operators - Read - This Key and subkeys (Domain controllers only)
Other examples under the noted keys may also be sampled. There may be some instances where nonprivileged groups have greater than Read permission.
Microsoft has given Read permission to the SOFTWARE and SYSTEM registry keys in Windows Server 2022 to the following SID. This is currently not a finding.
S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681
If the defaults have not been changed, these are not a finding.
Fix Text
Maintain the default permissions for the HKEY_LOCAL_MACHINE registry hive.
The default permissions of the higher-level keys are noted below.
HKEY_LOCAL_MACHINE\SECURITY
Type - "Allow" for all
Inherited from - "None" for all
Principal - Access - Applies to
SYSTEM - Full Control - This key and subkeys
Administrators - Special - This key and subkeys
HKEY_LOCAL_MACHINE\SOFTWARE
Type - "Allow" for all
Inherited from - "None" for all
Principal - Access - Applies to
Users - Read - This key and subkeys
Administrators - Full Control - This key and subkeys
SYSTEM - Full Control - This key and subkeys
CREATOR OWNER - Full Control - This key and subkeys
ALL APPLICATION PACKAGES - Read - This key and subkeys
HKEY_LOCAL_MACHINE\SYSTEM
Type - "Allow" for all
Inherited from - "None" for all
Principal - Access - Applies to
Authenticated Users - Read - This key and subkeys
Administrators - Full Control - This key and subkeys
SYSTEM - Full Control - This key and subkeys
CREATOR OWNER - Full Control - This key and subkeys
ALL APPLICATION PACKAGES - Read - This key and subkeys
Server Operators - Read - This Key and subkeys (Domain controllers only)
Microsoft has also given Read permission to the SOFTWARE and SYSTEM registry keys in Windows Server 2022 to the following SID:
S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681
STIG Reference
- STIG
- Microsoft Windows Server 2022 Security Technical Implementation Guide
- Version
- 2
- Release
- 8
- Rule ID
- SV-254254r1153443_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| LAB BASELINES | BASELINE | SCHR-P3-DP-001_WinServer2022_V2R7_20260305-133436.cklb | Unassigned | 2026-03-05T13:34:36 | View in Context |