[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-46338-0

Platform: win2016Date: (C)2017-08-03   (M)2017-10-16



"Network security: Allow Local System to use computer identity for NTLM" When enabled, this policy setting causes Local System services that use Negotiate to use the computer identity when NTLM authentication is selected by the negotiation. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Vulnerability: When connecting to computers running versions of Windows earlier than Windows Vista or Windows Server 2008, services running as Local System and using SPNEGO (Negotiate) that revert to NTLM use the computer identity. In Windows 7, if you are connecting to a computer running Windows Server 2008 or Windows Vista, then a system service uses either the computer identity or a NULL session. When connecting with a NULL session, a system-generated session key is created, which provides no protection but allows applications to sign and encrypt data without errors. When connecting with the computer identity, both signing and encryption is supported in order to provide data protection. Counter Measure: Configure Network security: Allow Local System to use computer identity for NTLM to Enabled. Potential Impact: If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error. If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously. This was the behavior in previous versions of Windows.


Parameter: UseMachineId


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!UseMachineId

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40301


OVAL    1
oval:org.secpod.oval:def:40301
XCCDF    3
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016

© 2013 SecPod Technologies