Domain controller: Allow vulnerable Netlogon secure channel connectionsID: oval:org.secpod.oval:def:96214 | Date: (C)2024-01-03 (M)2024-01-04 |
Class: COMPLIANCE | Family: windows |
This security setting determines whether the domain controller bypasses secure RPC for Netlogon secure channel connections for specified machine accounts.
When deployed, this policy should be applied to all domain controllers in a forest by
enabling the policy on the domain controllers OU.
When the Create Vulnerable Connections list (allow list) is configured:
- Given allow permission, the domain controller will allow accounts to use a
Netlogon secure channel without secure RPC.
- Given deny permission, the domain controller will require accounts to use a
Netlogon secure channel with secure RPC which is the same as the default (not
necessary).
Platform: |
Microsoft Windows Server 2012 R2 |