STIGQter STIGQter: STIG Summary: Windows Server 2008 R2 Member Server Security Technical Implementation Guide Version: 1 Release: 30 Benchmark Date: 26 Jul 2019: The system will be configured to require a strong session key.

DISA Rule

SV-32322r1_rule

Vulnerability Number

V-3374

Group Title

Strong Session Key

Rule Version

4.044

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Domain Member: Require Strong (Windows 2000 or Later) Session Key” to “Enabled”.

Check Contents

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.

If the value for “Domain Member: Require Strong (Windows 2000 or Later) Session Key” is not set to “Enabled”, then this is a finding.

The policy referenced configures the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Services\Netlogon\Parameters\

Value Name: RequireStrongKey

Value Type: REG_DWORD
Value: 1

Warning: This setting may prevent a system from being joined to a domain if not configured consistently between systems.

Vulnerability Number

V-3374

Documentable

False

Rule Version

4.044

Severity Override Guidance

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.

If the value for “Domain Member: Require Strong (Windows 2000 or Later) Session Key” is not set to “Enabled”, then this is a finding.

The policy referenced configures the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Services\Netlogon\Parameters\

Value Name: RequireStrongKey

Value Type: REG_DWORD
Value: 1

Warning: This setting may prevent a system from being joined to a domain if not configured consistently between systems.

Check Content Reference

M

Potential Impact

Setting this value in a domain containing Windows
NT or older operating systems will prevent those systems from
authenticating. This setting can also prevent a system from being
joined to a domain.

Third-Party Tools

HK

Responsibility

Information Assurance Officer

Target Key

1823

Comments