SV-36295r2_rule
V-4407
LDAP Signing Requirements
AD.3106_2008_R2
CAT II
10
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> "Domain controller: LDAP server signing requirements" to "Require signing".
Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.
If the value for "Domain Controller: LDAP Server signing requirements" is not set to "Require signing", this is a finding.
The policy referenced configures the following registry value:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Services\NTDS\Parameters\
Value Name: LDAPServerIntegrity
Value Type: REG_DWORD
Value: 2
Documentable Explanation: If LDAP Signing is not supported by a client, service or application, this must be documented with the IAO with supporting vendor information.
V-4407
True
AD.3106_2008_R2
Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.
If the value for "Domain Controller: LDAP Server signing requirements" is not set to "Require signing", this is a finding.
The policy referenced configures the following registry value:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Services\NTDS\Parameters\
Value Name: LDAPServerIntegrity
Value Type: REG_DWORD
Value: 2
Documentable Explanation: If LDAP Signing is not supported by a client, service or application, this must be documented with the IAO with supporting vendor information.
M
HK
System Administrator
1823