I'd rather be sure than just assume that all my devices are using Secure-RPC. As I mentioned, we have at least one Server 2003 machine on our domain. Is there any confirmation of which operating systems would be using Secure-RPC by default? I've had the patches installed for a couple weeks and haven't seen anything in the logs yet, so either my entire domain is fully protected (including out of support OS and non-Windows devices), or I'm missing something. Running that cmdlet is not as easy as it sounds, you need to install RSAT tools first and then import the active directory module in Powershell, so it will be quite difficult to run it on my Server 2003 machine.
Not seeing event 5829 since August's updates
In reference to August's changes with "How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472",
I am not seeing any 5829 events in the System logs on my DCs. The DC's are Server 2012 and I have Windows 7 clients out there so I thought I would start seeing these events, logging that a vulnerable Netlogon secure channel connection was allowed. Am I missing something?
12 answers
Sort by: Most helpful
-
-
Erik42de 1 Reputation point
2021-01-13T09:20:36.793+00:00 Hello,
I also have problems reprducing the warninngs in Windows Event-Log, on client side, I have moved back to even systems with Windows XP Build 2600 (no service pack), and even these really old systems do not generate any warnings on my DC, which is of course updated to the current state as of January 11 2020.
So my question is: which Operating systems do produce the event-id 5829 at all? Which other prerequisites must the domain controller meet in order for this to happen?
I read the answer stating that you can use Test-ComputerSecureChannel in powershell, so if this command returns true, does that mean that the system is really safe and does not produce event-id 5829?
I would really like to get more details about that topic, so any information especially on how to intentionally produce this behaviour would be really helpful. Thanks.