Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tom_allen
Contributor

RDP No Authentication ??

Keep seeing this in the compliance reports tab. Not sure why. Can someone help me out?

Thanks!!

0 Kudos
8 Replies
Mark_Mitchell
Advisor

Hi Tom,

Could you post a screenshot please? 

It could be that a destination server a connection has been made to doesn't have the NLA (Network Level Authentication) enabled so the gateway is flagging it .

Which compliance report is thus generated against?

Regards

Mark

0 Kudos
tom_allen
Contributor

0 Kudos
Mark_Mitchell
Advisor

Hi Tom, 

From your screenshot, this looks like compliance within Endpoint Security? Rather than the Compliance blade for Security management, is this correct?

Regards

Mark

0 Kudos
tom_allen
Contributor

0 Kudos
Mark_Mitchell
Advisor

Ok so this the compliance check against Endpoint Security. 

I've had a look into it and the compliance check is checking for the existence of the following registry key. 

HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\UserAuthentication

Will need to look into this key to find out whether this is relevant to your OS version and company Windows configuration. 

Hope this helps. 

Regards

Mark

0 Kudos
tom_allen
Contributor

Mark, where do I check on what  the compliance is checking? I go into the policy and do not see any mention of the registry. I go thru each one and click edit but don't see any reference to the registry. Thanks for the help.

0 Kudos
Mark_Mitchell
Advisor

Hi Tom, 

Within the screen in your last screenshot. If you "right click" on "Prohibited - Malicious and Vulnerable Applications" and select "Edit Shared Action" you will see the list of checks. You can then select the RDP one, "Right Click" again and edit. You can then see the affected keys that the check is looking for. 

In this occasion, the compliance check is actually checking for the existence of the registry key mentioned above. 

Regards

Mark

tom_allen
Contributor

Found it. Thanks. I will have a look at this. Thank you very much for your quick response.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events