Net Logon: Scavenge IntervalID: oval:org.secpod.oval:def:19242 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Scavenge Interval machine setting should be configured correctly.
Determines the interval at which Netlogon performs the following scavenging operations: - Checks if a password on a secure channel needs to be modified, and modifies it if necessary. - On the domain controllers (DC), discovers a DC that has not been discovered. - On the PDC, attempts to add the <DomainName> NetBIOS name if it hasn't already been successfully added. None of these operations are critical. 15 minutes is optimal in all but extreme cases. For instance, if a DC is separated from a trusted domain by an expensive (e.g., ISDN) line, this parameter might be adjusted upward to avoid frequent automatic discovery of DCs in a trusted domain. To enable the setting, click Enabled, and then specify the interval in seconds.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Net Logon\Scavenge Interval
(2) KEY: HKLM\Software\Policies\Microsoft\Netlogon\Parameters\ScavengeInterval
Platform: |
Microsoft Windows Server 2008 R2 |