This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CredSSP Registry key keeps reverting

mudasir_malik
By
Level 2

Hi all,
I am not pro. Just a starter, so please ignore anything that does not seem the way it should be.

I am patching a vulnerability CredSSP Remote code execution

Whenever I change AllowEncryptionOracle DWORD value to 1 to mitigate the issue. But it keeps on reverting to 2. I am quite sure that this is GPO changing it. My question is how to check it. I went to event viewer, then in the security, I can see the part where it shows that I changed the value of the key in the registry but it does not show anywhere on who is changing it back to 2. Is there a way to find out who is changing the value. If it's GPO, will it not show GPO changing the value in key or GPO will just show GPO implemented/successful something like that. If this is the case is there a solution on how to find out who changed reverted the value back to 2.

‎May 15, 2021 01:26 PM - last edited on ‎Jul 22, 2021 04:09 AM by Community Manager Community Manager

0 Kudos
(1) Reply

raslam
By Level 7 Flexeran
Level 7 Flexeran

Hi, 

Please try to use event viewer in windows to see what happened when it is reverted. Please look at the below article, which might help you how you can use event viewer. 

https://www.dummies.com/computers/operating-systems/windows-10/how-to-use-event-viewer-in-windows-10/

Regards,

Raheel

 

 

‎May 17, 2021 02:29 AM

0 Kudos