You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I may be unsure of the intent here, but windows-base-201 "Strong Windows NTLMv2 Authentication Enabled; Weak LM Disabled" is not set correctly according to CIS Windows 2012R2 and 2016. I'm not sure if the current implementation is for a different spec.
The CIS policy I'm referencing is:
2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication
level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'
Expected behavior HKLM\System\CurrentControlSet\Control\Lsa:LmCompatibilityLevel should be set to 5
Actual behavior HKLM\System\CurrentControlSet\Control\Lsa:LmCompatibilityLevel is set to 4
Inspec Version
1.51.21
Baseline Version
1c916e9
(master as of 2018-12-06)
Additional context
If the current implementation is correct, then I'm unsure of how to modify windows-baseline to support different specs for the same registry key. Any guidance would be helpful.
The text was updated successfully, but these errors were encountered:
Describe the bug
I may be unsure of the intent here, but
windows-base-201
"Strong Windows NTLMv2 Authentication Enabled; Weak LM Disabled" is not set correctly according to CIS Windows 2012R2 and 2016. I'm not sure if the current implementation is for a different spec.The CIS policy I'm referencing is:
Expected behavior
HKLM\System\CurrentControlSet\Control\Lsa:LmCompatibilityLevel
should be set to 5Actual behavior
HKLM\System\CurrentControlSet\Control\Lsa:LmCompatibilityLevel
is set to 4Inspec Version
Baseline Version
Additional context
If the current implementation is correct, then I'm unsure of how to modify
windows-baseline
to support different specs for the same registry key. Any guidance would be helpful.The text was updated successfully, but these errors were encountered: