Rule ID
SV-269581r1054095_rule
Version
V1R2
Active Directory’s (AD's) design to create but not delete local groups supports operational efficiency, system integrity, and compliance needs. Manual checks will help identify user accounts that are no longer active or orphaned accounts which could pose security risks. Within Xylok there must not be a local users/groups. Manually verifying local users and groups ensures that unauthorized users do not gain access to sensitive resources. Satisfies: SRG-APP-000328, SRG-APP-000715, SRG-APP-000720, SRG-APP-000725, SRG-APP-000730, SRG-APP-000735
Verify the local accounts and groups are associated with AD and that user privileges are correct. Check accounts as a logged in administrator in Xylok. 1. Verify there are no local users. Navigate to User Menu <username> >> Database Admin >> Users. If any local user(s) exist or users(s) are not current in AD, this is a finding. If any users have privileged access that do not require that access, this is a finding. 2. Verify there are no removed or local groups. Navigate to User Menu <username> >> Database Admin >> Groups . Verify the only groups exist are created by AD and are currently being used by AD. If any groups exist that are not actively being used by AD, this is a finding.
Delete unused or local groups/users. 1. As a logged in administrator in Xylok, navigate to User Menu <username> >> Database Admin >> Users. 2. Select User(s) to delete. 3. Click on down arrow in "Action". 4. Select "Delete selected users" 5. Click "Go". 6. Click "Yes, I'm sure". 7. Delete Group. 8. As a logged in administrator in Xylok, navigate to User Menu <username> >> Database Admin >> Groups. 9. Select Group(s) to delete. 10. Click on down arrow in "Action". 11. Select "Delete selected users". 12. Click "Go". 13. Click "Yes, I'm sure".