Check: AD.4029_2008_R2
Win2k8 R2 Audit:
AD.4029_2008_R2
(in version v1 r8)
Title
Kerberos user logon restrictions must be enforced. (Cat II impact)
Discussion
This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources are not circumvented.
Check Content
Fix Text
Set the Kerberos policy option “Enforce user logon restrictions” to ‘Enabled’
Additional Identifiers
Rule ID: SV-36170r1_rule
Vulnerability ID: V-2376
Group Title: AD.4029 Kerberos-User Logon Restrictions
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |