can any one tell how can I create relevance to check below GPO.
@AlanM @jgstew @JasonWalker @strawgate @Nagaraj
Configure the policy value in the Default Domain Policy for Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy -> “Enforce user logon restrictions” to “Enabled”.
you can refer this --> Digging into the Local Security Policy
As per my information it does not creating any registry value.
I believe ‘enforce user logon restrictions’ is a setting that only applies to domain controllers.
Do you have BigFix Compliance? I checked in the DISA STIG Checklist for 2012 Domain Controllers and the setting “Kerberos user logon restrictions must be enforced” has an analysis in it.
Hi @Jeff
I am looking for attached links GPO for windows 10.
Location
Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy
I don’t think you will find the settings on Windows 10 computers, since it is being checked on domain controllers.
I checked in the console for the DISA STIG sites we have enabled for BigFix Compliance. There is an analysis for the ‘enforce user logon restrictions’ in the DISA STIG 2012 DC checklist, 2008 DC, 2008R2 DC, and Server 2016 checklists. I did not see the setting in the Windows 10 DISA STIG checklist.
I also took the analysis from the 2012 DC checklist and loaded it in the the Fixlet Debugger on my Windows 10 computer and it did not return any information.