Session security for NTLM SSP-based servers must be configured to require NTLMv2 session security and 128-bit encryption.
An XCCDF Rule
Description
Microsoft has implemented a variety of security support providers for use with Remote Procedure Call (RPC) sessions. All of the options must be enabled to ensure the maximum security level.
- ID
- SV-225057r991589_rule
- Version
- WN16-SO-000410
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" to "Require NTLMv2 session security" and "Require 128-bit encryption" (all options selected).