MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)ID: oval:org.secpod.oval:def:18896 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) setting should be configured correctly.
This entry appears as MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) in the Group Policy Object Editor. Windows Server 2003 supports 8.3 file name formats for backward compatibility with 16-bit applications. (The 8.3 file name convention is a naming format that allows file names that are up to eight characters in length.) If you allow 8.3 style file names, an attacker only needs eight characters to refer to a file that may be 20 characters long. For example, a file named Thisisalongfilename.doc could be referenced by its 8.3 filename, Thisis~1.doc. If you do not use 16-bit applications, you can turn this feature off. Also, directory enumeration performance is improved if you disable short name generation on an NTFS file system partition.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)
(2) KEY: HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation
Platform: |
Microsoft Windows Server 2008 R2 |