STIGQter STIGQter: STIG Summary: Windows Server 2008 R2 Member Server Security Technical Implementation Guide Version: 1 Release: 30 Benchmark Date: 26 Jul 2019: Services using Local System that use negotiate when reverting to NTLM authentication will use the computer identity vs. authenticating anonymously.

DISA Rule

SV-32445r1_rule

Vulnerability Number

V-21951

Group Title

Computer Identity Authentication for NTLM

Rule Version

3.151

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Network Security: Allow Local System to use computer identity for NTLM” to “Enabled”.

Check Contents

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.

If the value for “Network Security: Allow Local System to use computer identity for NTLM” is not set to “Enabled”, then this is a finding.

The policy referenced configures the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: \System\CurrentControlSet\Control\LSA\

Value Name: UseMachineId

Type: REG_DWORD
Value: 1

Vulnerability Number

V-21951

Documentable

False

Rule Version

3.151

Severity Override Guidance

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.

If the value for “Network Security: Allow Local System to use computer identity for NTLM” is not set to “Enabled”, then this is a finding.

The policy referenced configures the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: \System\CurrentControlSet\Control\LSA\

Value Name: UseMachineId

Type: REG_DWORD
Value: 1

Check Content Reference

M

Responsibility

System Administrator

Target Key

1823

Comments