[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Require strict target SPN match on remote procedure calls

ID: oval:org.secpod.oval:def:19562Date: (C)2014-05-29   (M)2023-07-04
Class: COMPLIANCEFamily: windows




The Require strict target SPN match on remote procedure calls machine setting should be configured correctly. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 will attempt to use Kerberos by generating an SPN. This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. If you enable this policy setting, only services running as LocalSystem or NetworkService will be allowed to accept these connections. Services running as identities different from LocalSystem or NetworkService might fail to authenticate. If you disable or do not configure this policy setting, then any service will be allowed to accept incoming connections by using this system-generated SPN. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Kerberos\Require strict target SPN match on remote procedure calls (2) KEY: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\StrictTargetContext

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-12131-9
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-12131-9
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2

© SecPod Technologies