[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Network Security: Allow PKU2U authentication requests to this computer to use online identities

ID: oval:gov.nist.usgcb.windowsseven:def:20017Date: (C)2012-04-13   (M)2017-10-17
Class: COMPLIANCEFamily: windows




This policy will be turned off by default on domain joined machines. This would disallow the online identities to be able to authenticate to the domain joined machine in Windows 7. Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides whether to use Kerberos or NTLM for authentication. The extension SSP for Negotiate, Negoexts, which is treated as an authentication protocol by Windows, supports Microsoft SSPs including PKU2U. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Allow PKU2U authentication requests to this computer to use online identities (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\pku2u!AllowOnlineID

Platform:
Microsoft Windows 7
Reference:
CCE-9770-9
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9770-9
XCCDF    8
xccdf_gov.nist_benchmark_USGCB-Windows-7
xccdf_nist_benchmark_Windows_7
xccdf_org.secpod_benchmark_Windows_7
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_7
...

© 2013 SecPod Technologies