Update Security LevelID: oval:org.secpod.oval:def:19022 | Date: (C)2014-05-29 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
The Update Security Level machine setting should be configured correctly.
Specifies whether the computers to which this setting is applied use secure dynamic update or standard dynamic update for registration of DNS records. To enable this setting, click Enable, and then choose one of the following values. Unsecure followed by secure - if this option is chosen, computers send secure dynamic updates only when nonsecure dynamic updates are refused. Only Unsecure - if this option is chosen, computers send only nonsecure dynamic updates. Only Secure - if this option is chosen, computers send only secure dynamic updates. If this setting is not configured, it is not applied to any computers, and computers use their local configuration."
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Network\DNS Client\Update Security Level
(2) KEY: HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
Platform: |
Microsoft Windows Server 2008 R2 |