PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Domain Controller: Kerberos user logon restrictions must be enforced

4ba38a42-507b-4cf9-842d-d8ea09801e59

This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default, which is the most secure setting for validating that access to target resources is not circumvented.

Satisfies: SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Policies
|_ Windows Settings
|_ Security Settings
|_ Account Policies
|_ Kerberos Policy
|_ Enforce user logon restrictions to "Enabled".

STIG: Server
2022: https://system32.eventsentry.com/stig/viewer/V-254386
2019: https://system32.eventsentry.com/stig/viewer/V-205702
2016: https://system32.eventsentry.com/stig/viewer/V-224965

NIST 800-53 : AC-3, IA-2, CM-6
NIST 800-171: 3.1.1, 3.1.2, 3.4.6
CMMC v2.0 L2: AC.L2-3.1.1, AC.L2-3.1.2, CM.L2-3.4.6
PCI-DSS v4.0: 2.2.1, 8.2.1
HIPAA SR : §164.312(a)(1), §164.312(d)
HIPAA HICP : Practice 3 (Identity and Access Management)



Tags

stig-medium-server nist800-171-server nist800-53-server pci-dss-v4-server hipaa-server cmmc2-l2-server

Your Privacy Choices

Manage your cookie preferences below:

Helps us improve website performance and understand how visitors use our site.

Allows us to collect feedback about our products and improve them based on your input.

To learn more about our use of cookies, please see our
Privacy Policy.