[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Network Security: Restrict NTLM: NTLM authentication in this domain

ID: oval:org.secpod.oval:def:29655Date: (C)2015-10-14   (M)2023-07-14
Class: COMPLIANCEFamily: windows




This policy setting allows you to audit NTLM authentication in a domain from this domain controller. If you select "Disable" or do not configure this policy setting, the domain controller will not log events for NTLM authentication in this domain. If you select "Enable for domain accounts to domain servers," the domain controller will log events for NTLM authentication logon attempts for domain accounts to domain servers when NTLM authentication would be denied because "Deny for domain accounts to domain servers" is selected in the "Network security: Restrict NTLM: NTLM authentication in this domain" policy setting. If you select "Enable for domain accounts," the domain controller will log events for NTLM authentication logon attempts that use domain accounts when NTLM authentication would be denied because "Deny for domain accounts" is selected in the "Network security: Restrict NTLM: NTLM authentication in this domain" policy setting. If you select "Enable for domain servers" the domain controller will log events for NTLM authentication requests to all servers in the domain when NTLM authentication would be denied because "Deny for domain servers" is selected in the "Network security: Restrict NTLM: NTLM authentication in this domain" policy setting. If you select "Enable all" the domain controller will log events for NTLM pass-through authentication requests from its servers and for its accounts which would be denied because "Deny all" is selected in the "Network security: Restrict NTLM: NTLM authentication in this domain" policy setting. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Network Security: Restrict NTLM: NTLM authentication in this domain (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters!RestrictNTLMInDomain

Platform:
Microsoft Windows 8.1
Reference:
CCE-34998-5
CPE    1
cpe:/o:microsoft:windows_8.1
CCE    1
CCE-34998-5
XCCDF    2
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_8_1
xccdf_org.secpod_benchmark_general_Windows_8_1

© SecPod Technologies