Network Security: Restrict NTLM: Audit NTLM authentication in this domainID: oval:org.secpod.oval:def:27331 | Date: (C)2015-10-08 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit NTLM authentication in a domain from this domain controller.
This policy is supported on at least Windows Server 2008 R2.
Note: Audit events are recorded on this computer in the Operational Log located under the Applications and Services Log/Microsoft/Windows/NTLM.
This policy setting allows you to audit NTLM authentication in a domain from this domain controller.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Network Security: Restrict NTLM: Audit NTLM authentication in this domain
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters!AuditNTLMInDomain
Platform: |
Microsoft Windows Server 2012 R2 |