WN11-00-000060 - Non-system-created file shares on a system must limit access to groups that require it.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Shares which provide network access, must not exist on a workstation except for system-created administrative shares, and could potentially expose sensitive information. If a share is necessary, share permissions, as well as NTFS permissions, must be reconfigured to give the minimum access to those accounts that require it.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If a non-system-created share is required on a system, configure the share and NTFS permissions to limit access to the specific groups or accounts that require it.

Remove any unnecessary non-system-created shares.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_11_V1R4_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001090, Rule-ID|SV-253267r828885_rule, STIG-ID|WN11-00-000060, Vuln-ID|V-253267

Plugin: Windows

Control ID: afa503506910464cfb68fbf7aebc2f2047b95bdeaa979e7bbad2ca558b9f3fe4