I want this info on the SW side which is what is says in the GPO: Network security: Allow PKU2U authentication requests to this computer to use online identities. This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. So this policy is set to default in the environment but you don't tell me that info in the description so I have to research it and come to find out its set to disabled by default. No need to disable it but now I wasted 10 minutes. PKU2U authentication using online identities must be prevented. V-73683 Medium 86 RULE DETAILS This rule is currently failing on 63 nodes Severity Medium Rule ID V-73683 Description PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows user accounts. Remediation (fix) description Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Allow PKU2U authentication requests to this computer to use online identities" to "Disabled". Datasource System Security Settings

This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Feature Request - More info in the policy please - What is the default setting?

cfizz34 over 3 years ago

I want this info on the SW side which is what is says in the GPO:

Network security: Allow PKU2U authentication requests to this computer to use online identities.

This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine.

So this policy is set to default in the environment but you don't tell me that info in the description so I have to research it and come to find out its set to disabled by default. No need to disable it but now I wasted 10 minutes.

PKU2U authentication using online identities must be prevented.

V-73683

Medium

RULE DETAILS

This rule is currently failing on 63 nodes

Severity

Medium

Rule ID

V-73683

Description

PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows user accounts.

Remediation (fix) description

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Allow PKU2U authentication requests to this computer to use online identities" to "Disabled".

Datasource

System Security Settings