15074903-9e8a-4d2f-b6d4-4e5ab30e64d7
Improper access permissions for directory data files could allow unauthorized users to read, modify, or delete directory data. The SYSVOL directory contains public files (to the domain) such as policies and logon scripts. Data in shared subdirectories are replicated to all domain controllers in a domain.
To fix this maintain the permissions on the SYSVOL directory. Do not allow greater than "Read & execute" permissions for standard user accounts or groups. The defaults below meet this requirement:
C:\Windows\SYSVOL
Type - "Allow" for all
Inherited from - "None" for all
Principal - Access - Applies to
Authenticated Users - Read & execute - This folder, subfolder, and files
Server Operators - Read & execute- This folder, subfolder, and files
Administrators - Special - This folder only (Special = Basic Permissions: all selected except Full control)
CREATOR OWNER - Full control - Subfolders and files only
Administrators - Full control - Subfolders and files only
SYSTEM - Full control - This folder, subfolders, and files
Stig: Server:
2025: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2024-06-14/finding/V-254392
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2024-06-14/finding/V-205740 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93031
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2024-02-21/finding/V-224971 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73371
NIST 800-53: IA-3(1)
NIST 800-171 rev2: 3.5.2
NIST 800-171 rev3 FPD: 3.1.18.b, 3.5.2
NIST 800-171 rev3: "03.01.18.b, 03.05.02
CMMC v2 Level 1: IA.L1-3.5.2
CMMC v2.1 Level 1: IA.L1-b.1.v
CMMC v2.1 Level 2: IA.L2-3.5.2
CMMC v2.1 Level 3: IA.L2-3.5.2, IA.L3-3.5.1e