Hi All,
@jgstew @Jeff @Aram @Nagaraj @AlanM
I am looking for relevance to check Access to the registry limited to Administrators.
I found Anonymous access to the registry must be restricted in DISA STIG Checklist for Windows 2008 R2 MS, below is the relevance for the same. Can anyone tell, what exactly the relevance for?
not exists 1 whose (exists (concatenation ", " of (it as string) of ((item 0 of it = item 1 of it) of (set of matches (regex “(([^)]+))|D:([^(])") of “D:PAI(A;CIIO;GR;;;LS)(A;;KR;;;LS)(A;CIIO;GA;;;BA)(A;;KA;;;BA)(A;;KR;;;BO)”, it) of set of matches (regex "(([^)]+))|D:([^(])”) of (it as string) of dacls of (if (it <= “8.1.551” or it >= “8.2.1078”) of version of client then it else error “48100: Client version not supported for this check.”) of security descriptors of it) of keys “System\CurrentControlSet\Control\SecurePipeServers\Winreg” of keys “HKEY_LOCAL_MACHINE” of native registry) whose (number of substrings separated by ", " whose (it is not “”) whose (it as boolean is False) of it = 0) or exists (concatenation ", " of (it as string) of ((item 0 of it = item 1 of it) of (set of matches (regex “(([^)]+))|D:([^(])") of “D:PAI(A;CI;KR;;;LS)(A;CI;KA;;;BA)(A;;KR;;;BO)”, it) of set of matches (regex "(([^)]+))|D:([^(])”) of (it as string) of dacls of (if (it <= “8.1.551” or it >= “8.2.1078”) of version of client then it else error “48100: Client version not supported for this check.”) of security descriptors of it) of keys “SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg” of keys “HKEY_LOCAL_MACHINE” of native registry) whose (number of substrings separated by ", " whose (it is not “”) whose (it as boolean is False) of it = 0))