[Forgot Password]
Login  Register Subscribe

24547

 
 

132176

 
 

122448

 
 

909

 
 

100878

 
 

148

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-45005-6

Platform: win2016Date: (C)2017-08-03   (M)2019-05-13



"Allow indexing of encrypted files" This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expected not to index encrypted items or encrypted stores. This policy setting is not configured by default. If you do not configure this policy setting, the local setting, configured through Control Panel, will be used. By default, the Control Panel setting is set to not index encrypted content. When this setting is enabled or disabled, the index is rebuilt completely. Full volume encryption (such as BitLocker Drive Encryption or a non-Microsoft solution) must be used for the location of the index to maintain security for encrypted files. Vulnerability: Enabling or not configuring this setting can compromise security as it allows indexing to attempt to decrypt and index a device's content which may expose confidential and secure data. Counter Measure: Disable this setting. Potential Impact: The search service components will not index encrypted items or encrypted stores.


Parameter: AllowIndexingEncryptedStoresOrItems


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Search (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowIndexingEncryptedStoresOrItems

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40333


OVAL    1
oval:org.secpod.oval:def:40333
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2016

© SecPod Technologies