WN22-00-000170 - Windows Server 2022 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SYSTEM

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The registry is integral to the function, security, and stability of the Windows system. Changing the system's registry permissions allows the possibility of unauthorized and anonymous modification to the operating system.

Solution

Maintain the default permissions for the HKEY_LOCAL_MACHINE registry hive.

The default permissions of the higher-level keys are noted below.

HKEY_LOCAL_MACHINE\SECURITY

Type - 'Allow' for all
Inherited from - 'None' for all
Principal - Access - Applies to
SYSTEM - Full Control - This key and subkeys
Administrators - Special - This key and subkeys

HKEY_LOCAL_MACHINE\SOFTWARE

Type - 'Allow' for all
Inherited from - 'None' for all
Principal - Access - Applies to
Users - Read - This key and subkeys
Administrators - Full Control - This key and subkeys
SYSTEM - Full Control - This key and subkeys
CREATOR OWNER - Full Control - This key and subkeys
ALL APPLICATION PACKAGES - Read - This key and subkeys

HKEY_LOCAL_MACHINE\SYSTEM

Type - 'Allow' for all
Inherited from - 'None' for all
Principal - Access - Applies to
Users - Read - This key and subkeys
Administrators - Full Control - This key and subkeys
SYSTEM - Full Control - This key and subkeys
CREATOR OWNER - Full Control - Subkeys only
ALL APPLICATION PACKAGES - Read - This key and subkeys
Server Operators - Read - This Key and subkeys (Domain controllers only)

Microsoft has also given Read permission to the SOFTWARE and SYSTEM registry keys in Windows Server 2022 to the following SID.
S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2022_V1R1_STIG.zip

Item Details

References: CAT|II, CCI|CCI-002235, Rule-ID|SV-254254r848578_rule, STIG-ID|WN22-00-000170, Vuln-ID|V-254254

Plugin: Windows

Control ID: fdc05f11613ed0e08716bf32ed59bee10a5d4198b280ff0c9fe29713a203bc17