SBM powered by Microsoft Lync™ Administrator's Guide 2011-11

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

231

232

233

234

235

236

237

238

239

240

B-9

HP SBM Security Hardening

Security Hardening at the SBM Factory Default Settings

HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMM

inClientSec

Policy setting:

Network security: Minimum session security for NTLM SSP based

(including secure RPC) clients

Require NTLMv2 session

security, Require 128 bit

encryption

HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMM

inServerSec

Policy setting:

Network security: Minimum session security for NTLM SSP based

(including secure RPC) servers

Require NTLMv2 session

security, Require 128 bit

encryption

HKLM\System\CurrentControlSet\Control\Lsa\pku2u\Allow

OnlineID

Policy setting:

Network Security: Allow PKU2U authentication requests to the

computer to use online identities

Disabled

HKLM\System\CurrentControlSet\Control\Lsa\Restrict

Anonymous

Policy setting:

Network access: Do not allow anonymous enumeration of SAM

accounts and shares

Enabled

HKLM\System\CurrentControlSet\Control\Lsa\UseMachineId

Policy setting:

Network security: Allow Local System to use computer identity for

NTLM

Enabled

HKLM\System\CurrentControlSet\Services\LanManServer\

Parameters\EnableSecuritySignature

Policy setting:

Microsoft network server: Digitally sign communications (if client

agrees)

Enabled

HKLM\System\CurrentControlSet\Services\LanManServer\

Parameters\RequireSecuritySignature

Policy setting:

Microsoft network server: Digitally sign communications (always)

Enabled

HKLM\System\CurrentControlSet\Services\LanmanWorkstation\

Parameters\RequireSecuritySignature

Policy setting:

Microsoft network client: Digitally sign communications (always)

Enabled