Network security: Minimum session security for NTLM SSP based (including secure RPC) serversID: oval:org.secpod.oval:def:19627 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Require 128-bit encryption option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) servers setting should be enabled or disabled as appropriate.
This security setting allows a server to require the negotiation of message confidentiality (encryption), message integrity, 128-bit encryption, or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
(2) KEY: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec
Platform: |
Microsoft Windows Server 2008 R2 |