Network Security: Restrict NTLM: Audit NTLM authentication in this domainID: oval:org.secpod.oval:def:18737 | Date: (C)2014-05-29 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
The Network Security: Restrict NTLM: Audit NTLM authentication in this domain setting should be configured correctly.
This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operational Log located under the Applications and Services Log/Microsoft/Windows/NTLM.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Audit NTLM authentication in this domain
(2) KEY: HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\AuditNTLMInDomain
Platform: |
Microsoft Windows Server 2008 R2 |