Check: AD.4029_2008
Win2k8 Audit:
AD.4029_2008
(in version v6 r1.22)
Title
The Kerberos policy option must be configured to enforce user logon restrictions. (Cat II impact)
Discussion
This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.
Check Content
Fix Text
Navigate to Account Policies -> Kerberos Policy and set “Enforce user logon restrictions” to "Enabled".
Additional Identifiers
Rule ID: SV-28494r1_rule
Vulnerability ID: V-2376
Group Title: AD.4029 Kerberos-User Logon Restrictions
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |