From Windows 2008 Domain Controller Security Technical Implementation Guide
Part of Directory Data - FRS Directory data files
Associated with: CCI-002235
Improper access permissions for directory data files could allow unauthorized users to read, modify, or delete directory data.
If the system is using the more current Distributed File System (DFS) replication, this is NA. Execute the command "Dfsrmig /getmigrationstate", to verify DFSR is being used. The following message should be returned if the system is using DFSR: "All Domain Controllers have migrated successfully to Global state ('Eliminated'). Migration has reached a consistent state on all Domain Controllers." If the system is using FRS: Run "Regedit". Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters". Note the value for "Working Directory", typically "%SystemRoot%\ntfrs". Verify the permissions of the noted location. If the access control permissions of the FRS directory are not at least as restrictive as those below, this is a finding. FRS Directory Permissions: Administrators - Full Control (F) SYSTEM - Full Control (F)
If the system is using the more current DFS replication, this is NA. Maintain the access control permissions for the FRS directory as outlined below. FRS Directory Permissions: Administrators - Full Control (F) SYSTEM - Full Control (F)
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer