CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow Local System to use computer identity for NTLM

Impact:

Services running as Local System that use Negotiate when reverting to NTLM authentication will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error.

Default Value:

Disabled. (Services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously.)

References:

1. CCE-33141-3

CIS Controls:

Version 6

14 Controlled Access Based on the Need to Know Controlled Access Based on the Need to Know

16 Account Monitoring and Control Account Monitoring and Control

Version 7

5.1 Establish Secure Configurations Maintain documented, standard security configuration standards for all authorized operating systems and software. 16.2 Configure Centralized Point of Authentication Configure access for all accounts through as few centralized points of authentication as possible, including network, security, and cloud systems.

252 | P a g e