Rule ID
SV-246905r879887_rule
Version
V1R2
CCIs
Configuring the application to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Configuration settings are the set of parameters that can be changed that affect the security posture and/or functionality of the system. Security-related parameters are those parameters impacting the security state of the application, including the parameters required to satisfy other security control requirements.
Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Instant Clone Domain Accounts. In the right pane, validate that the accounts listed are User accounts in Active Directory and have only the following permissions on the container for the instant-clone computer account: List Contents Read All Properties Write All Properties Read Permissions Reset Password Create Computer Objects Delete Computer Objects Ensure the permissions apply to the correct container and to all child objects of the container. If the Instant Clone domain account has more than the minimum required permissions, this is a finding. Note: If Instant Clones is not used, this is not applicable.
Log in to Active Directory Users and Computers. Set the permission for Instant Clone Domain Account to: List Contents Read All Properties Write All Properties Read Permissions Reset Password Create Computer Objects Delete Computer Objects Ensure the permissions apply to the correct container and to all child objects of the container.