Detections
Analytics
WN22-DC-000406 - Windows Server 2022 must be configured for name-based strong mappings for certificates.
Information
Weak mappings give rise to security vulnerabilities and demand hardening measures. Certificate names must be correctly mapped to the intended user account in Active Directory. A lack of strong name-based mappings allows certain weak certificate mappings, such as Issuer/Subject AltSecID and User Principal Names (UPN) mappings, to be treated as strong mappings.Solution
Configure the policy value for Computer Configuration >> Administrative Template >> System >> KDC >> Allow name-based strong mappings for certificates to 'Enabled'.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2022_V2R8_STIG.zip
Item Details
Audit Name: DISA Microsoft Windows Server 2022 STIG v2r8
Category: ACCESS CONTROL
References: 800-53|AC-3, CAT|II, CCI|CCI-000213, Rule-ID|SV-271427r1137691_rule, STIG-ID|WN22-DC-000406, Vuln-ID|V-271427
Plugin: Windows
Control ID: a2bfb120aeb1e8eb8be3a760f6de53340e37851ae8d21e01d1685f3c02858afc