Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers' should set to 'Allow AllID: oval:org.secpod.oval:def:14766 | Date: (C)2013-08-13 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
This policy is supported on at least Windows 7 or Windows Server 2008 R2.
Note: Audit and block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0!RestrictSendingNTLMTraffic
Platform: |
Microsoft Windows 7 |