Windows Server 2019 must be configured for certificate-based authentication for domain controllers.

An XCCDF Rule

Details
Profiles

Description

Active Directory domain services elevation of privilege vulnerability could allow a user rights to the system, such as administrative and other high-level capabilities.

ID: SV-271428r1059563_rule
Version: WN19-DC-000391
Severity: Medium
References: CCI-000213
Updated: 6 days ago

Remediation Templates

Configure the registry value.
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: SYSTEM\CurrentControlSet\Services\Kdc
 
Value Name: StrongCertificateBindingEnforcement
 Value Type: REG_DWORD
Value: 0x00000001 (1) or 0x00000002 (2)

Windows Server 2019 must be configured for certificate-based authentication for domain controllers.

Description

Remediation Templates

A Manual Procedure