[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-42501-7

Platform: win10Date: (C)2016-09-23   (M)2022-10-10



Disable: 'Support device authentication using certificate' Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts. This policy setting allows you to set support for Kerberos to attempt authentication using the certificate for the device to the domain. If you enable this policy setting, the device's credentials will be selected based on the following options: Automatic: Device will attempt to authenticate using its certificate. If the DC does not support computer account authentication using certificates then authentication with password will be attempted. Force: Device will always authenticate using its certificate. If a DC cannot be found which support computer account authentication using certificates then authentication will fail. If you disable this policy setting, Disable will be used. If you do not configure this policy setting, Automatic will be used. Counter Measure: Enable and configure this setting to use "Force". Potential Impact: If the setting is configured to Force and a domain controller cannot be found which support computer account authentication using certificates, authentication will fail.


Parameter:


Technical Mechanism:

(1) GPO: Computer Configuration\Administrative Templates\System\Kerberos\Support device authentication using certificate (2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DevicePKInitEnabled,DevicePKInitBehavior

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:35116
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:35116
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:35116


OVAL    1
oval:org.secpod.oval:def:35116
XCCDF    3
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_10
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10

© SecPod Technologies