Contact PDC on logon failureID: oval:org.secpod.oval:def:27349 | Date: (C)2015-10-08 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
Defines whether a domain controller (DC) should attempt to verify with the PDC the password provided by a client if the DC failed to validate the password.
Contacting the PDC is useful in case the client?s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC is located over a slow WAN connection.
To enable this feature, click Enabled.
To disable this feature, click Disabled.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Net Logon!Contact PDC on logon failure
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters!AvoidPdcOnWan
Platform: |
Microsoft Windows Server 2012 R2 |