[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Network Security: Allow PKU2U authentication requests to this computer to use online identities

ID: oval:org.secpod.oval:def:22588Date: (C)2015-01-07   (M)2023-07-14
Class: COMPLIANCEFamily: windows




This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides whether to use Kerberos or NTLM for authentication. The extension SSP for Negotiate, Negoexts, which is treated as an authentication protocol by Windows, supports Microsoft SSPs including PKU2U. You can also develop or add other SSPs. When computers are configured to accept authentication requests by using online IDs, Negoexts.dll calls the PKU2U SSP on the computer that is used to log on. The PKU2U SSP obtains a local certificate and exchanges the policy between the peer computers. When validated on the peer computer, the certificate within the metadata is sent to the logon peer for validation and associates the user's certificate to a security token and the logon process completes. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Network Security: Allow PKU2U authentication requests to this computer to use online identities (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\pku2u!AllowOnlineID

Platform:
Microsoft Windows 8.1
Reference:
CCE-35411-8
CPE    1
cpe:/o:microsoft:windows_8.1
CCE    1
CCE-35411-8
XCCDF    6
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_8_1
xccdf_org.secpod_benchmark_ISO27001_Windows_8_1
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_8_1
xccdf_org.secpod_benchmark_PCI_3_2_Windows_8_1
...

© SecPod Technologies