From Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide
Part of WINRG-000001 Active Setup\Installed Components Registry Permissions
Associated with: CCI-002235
Permissions on the Active Setup\Installed Components registry key must only allow privileged accounts to add or change registry values. If standard user accounts have these permissions, there is a potential for programs to run with elevated privileges when a privileged user logs on to the system.
Run "Regedit". Navigate to the following registry keys and review the permissions: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems) If the default permissions listed below have been changed, this is a finding. Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Full Control (Subkeys only) ALL APPLICATION PACKAGES - Read
Maintain the default permissions of the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems only) Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Full Control (Subkeys only) ALL APPLICATION PACKAGES - Read
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer