Guidance on CVE-2020-1472 - GPO - Allow vulnerable Netlogon secure channel connections - Security descriptor

Ryan 26 Reputation points
2020-10-25T19:54:36.33+00:00

In reference to the Microsoft article below on the recent Netlogon CVE, we have patched and not seen any events associated with step 2 and plan to proceed with enabling enforcement mode. I expected the Allow vulnerable Netlogon secure channel connections GPO to be a simple enable/disable option but it has a security descriptor setting. This seems to default to allow administrators or do I want to just leave it blank to disallow all vulnerable connections?

its also not clear to me whether the GPO and Reg key are require or if its an either or

any guidance from experience with enabling enforcement mode would be appreciated

https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#theGroupPolicy

34840-2020-10-25-11-27-59-it-04-connectwise-control-conn.jpg

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,310 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous
    2020-10-25T20:10:31.29+00:00

    For the suspect clients you can confirm them via PowerShell
    Test-ComputerSecureChannel
    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/test-computersecurechannel?view=powershell-5.1

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  2. Vicky Wang 2,731 Reputation points
    2020-10-29T07:19:33.82+00:00

    Hi,
     
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
     
    Best Regards,
    Vicky

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.