Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Kerberos policy user ticket renewal maximum lifetime must meet minimum standards.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2379 | AD.4032_2008_R2 | SV-36182r1_rule | ECSC-1 | Medium |
| Description |
|---|
| This setting determines the period of time (in days) during which a users TGT may be renewed. This security configuration limits the amount of time an attacker has to crack the TGT and gain access. |
| STIG | Date |
|---|---|
| Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide | 2012-09-05 |
Details
| Check Text ( C-471r1_chk ) |
|---|
| 1. Analyze the system using the Security Configuration and Analysis. 2. Expand the Security Configuration and Analysis tree view. 3. Navigate to Account Policies -> Kerberos Policy. 4. If the “Maximum lifetime for user ticket renewal” is greater than ‘7’ days, then this is a finding. |
| Fix Text (F-5784r1_fix) |
|---|
| Configure the Kerberos policy option "Maximum lifetime for user ticket renewal" to a maximum of 7 days or less. |