[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names

ID: oval:org.secpod.oval:def:18775Date: (C)2014-05-29   (M)2023-07-14
Class: COMPLIANCEFamily: windows




The Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names machine setting should be configured correctly. This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). This policy setting is recommended to reduce the attack surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names. If you enable this policy setting, this DC does not process incoming mailslot messages that are used for NetBIOS domain name based DC location. If you disable or do not configure this policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names (2) KEY: HKLM\Software\Policies\Microsoft\Netlogon\Parameters\IgnoreIncomingMailslotMessages

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-10320-0
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-10320-0
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2

© SecPod Technologies