When enabled, this policy setting causes Local System services that use Negotiate to use the computer identity when NTLM authentication is selected by the negotiation. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Countermeasure: Configure Network security: Allow Local System to use computer identity for NTLM to Enabled. Potential Impact: If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error. If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously. This was the behavior in previous versions of Windows." [enabled/disabled] (1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options\\Network security: Allow Local System to use computer identity for NTLM (2) REG: HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa!UseMachineId oval:org.secpod.oval:def:34997 SCAP Repo OVAL Definition 2016-06-10