BrianRB
asked on
Bypass Traverse Checking Security
Can someone please tell me if Backup Operators and Users groups actually need to be given this right? We follow DISA Stigs and this was a finding. We need to know if they can be removed safely and if not, sound justification. Thanks in advance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I could see the case for backup ops as accounts used to backup do have to go through the entire directory.
ASKER
V-26475 STIG.DOD.MIL WINUR-000008 Automated CAT III Unauthorized accounts will not have the "Bypass traverse checking" user right "Inappropriate granting of user rights can provide system, administrative, and other high level capabilities.
Accounts with the ""Bypass traverse checking"" right can pass through folders when browsing even if they do not have the Traverse Folder access permission. They could potentially view sensitive file and folder names. They would not have additional access to the files and folders unless it is granted through permissions" "Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> User Rights Assignment.
If any accounts or groups other than the following are granted the “Bypass traverse checking” right, this is a finding:
Administrators
Authenticated Users
Local Service
Network Service"
Accounts with the ""Bypass traverse checking"" right can pass through folders when browsing even if they do not have the Traverse Folder access permission. They could potentially view sensitive file and folder names. They would not have additional access to the files and folders unless it is granted through permissions" "Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> User Rights Assignment.
If any accounts or groups other than the following are granted the “Bypass traverse checking” right, this is a finding:
Administrators
Authenticated Users
Local Service
Network Service"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You guys are the best. Thx.
ASKER