Network Security: Restrict NTLM: Audit Incoming NTLM TrafficID: oval:org.secpod.oval:def:18736 | Date: (C)2014-05-29 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
The Network Security: Restrict NTLM: Audit Incoming NTLM Traffic setting should be configured correctly.
This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operational Log located under the Applications and Services Log/Microsoft/Windows/NTLM.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Audit Incoming NTLM Traffic
(2) KEY: HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditReceivingNTLMTraffic
Platform: |
Microsoft Windows Server 2008 R2 |