[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-44137-8

Platform: win10Date: (C)2016-09-23   (M)2017-10-23



Disable: 'Domain member: Digitally encrypt secure channel data (when possible)' for sealsecurechannel This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain member will be prevented from negotiating secure channel encryption. Microsoft recommends to configure the Domain member: Digitally encrypt secure channel data (when possible) setting to Enabled. Counter Measure: * Enable the Domain member: Digitally encrypt or sign secure channel data (always) setting. * Enable the Domain member: Digitally encrypt secure channel data (when possible) setting. * Enable the Domain member: Digitally sign secure channel data (when possible) setting. Potential Impact: Digital encryption and signing of the "secure channel" is a good idea where it is supported. The secure channel protects domain credentials as they are sent to the domain controller. However, only Windows NT 4.0 Service Pack 6a (SP6a) and subsequent versions of the Windows operating system support digital encryption and signing of the secure channel. Windows 98 Second Edition clients do not support it unless they have the Dsclient installed. Therefore, you cannot enable the Domain member: Digitally encrypt or sign secure channel data (always) setting on domain controllers that support Windows 98 clients as members of the domain. Potential impacts can include the following:


Parameter:


Technical Mechanism: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:35391


OVAL    1
oval:org.secpod.oval:def:35391
XCCDF    2
xccdf_org.secpod_benchmark_general_Windows_10
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_10

© 2013 SecPod Technologies