Back

Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" to organizational standards.


CONTROL ID
07769
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards., CC ID: 07621

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (00CB2759-ACDF-40C1-8F0A-0983F8071C34, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (C4F93AD9-C4CC-46A9-82C7-2FC9E9F94340, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (65A98DE5-49F6-4CFD-9999-59AB40908451, Win8 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (94A13577-A39B-4205-9311-FDD46C80D767, Win8 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (1ED89EAF-BEB6-4C62-AABE-9D2902A44C63, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (8FDC909B-1A1B-4B11-AE1F-63F7442AE749, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (67B6E640-BEFE-4CA8-85C9-455D1E495B4F, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (729EBD52-151D-4A57-A369-7CCE0AD2A9AB, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (4D49DDB7-9D5D-4C2F-BEAD-1180860475C8, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (EBBD95A0-3090-4BC2-A193-9BC4FC3761B5, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (EB117BD4-7B69-4640-ACDB-2BAFB7FA84E8, WS2012 Member Server Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" setting to "Not Defined". (8061CF8A-F2CC-4113-9D92-5F9B08694BFB, WS2012 Member Server Security Compliance, 1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.1_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.1.1_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.1_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.1.2_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.1_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.1.1_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.1_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.1.2_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller.This policy is supported on at least Windows Server 2008 R2. Configure this setting in … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.13_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.13.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller.This policy is supported on at least Windows Server 2008 R2. Configure this setting in … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.13_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.13.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller.This policy is supported on at least Windows Server 2008 R2. Configure this setting in … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.13_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.13.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller.This policy is supported on at least Windows Server 2008 R2. Configure this setting in … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.13_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.13.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.113_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.113.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.113_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.113.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.113_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.113.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.113_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.113.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.7_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.7.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.7_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.7.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.7_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.7.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' Description: This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events are re… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.7_Configure_Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.7.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • The 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' setting should be configured correctly. Technical Mechanisms: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Audit NTLM authentication… (CCE-10057-8, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)