You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to identify when a Windows Server 2003, 2008 or 2012 is a Domain Controller from scan data.
When we detect one of the Server OS's, it should be assigned the MS checklist unless one of the following conditions is met:
a. On Nessus scan import, if any of the following ports are open, assign the DC STIG:
389 TCP/UDP (LDAP), 636 TCP (LDAPS), 88 TCP/UDP (Kerberos), 3268 TCP (LDAP GC), 3269 TCP (LDAP GC SSL)
b. On SCC or .CKL export, if the Scan Data is for the DC STIG.
On those systems determined to be a DC, apply the DC version of the STIG and the AD Forest and Domain STIGS.
If this isn't that hard, I'd love to see it in 1.3.4...
The text was updated successfully, but these errors were encountered:
We need to identify when a Windows Server 2003, 2008 or 2012 is a Domain Controller from scan data.
a. On Nessus scan import, if any of the following ports are open, assign the DC STIG:
b. On SCC or .CKL export, if the Scan Data is for the DC STIG.
On those systems determined to be a DC, apply the DC version of the STIG and the AD Forest and Domain STIGS.
If this isn't that hard, I'd love to see it in 1.3.4...
The text was updated successfully, but these errors were encountered: