Hi all, I am not pro. Just a starter, so please ignore anything that does not seem the way it should be.
I am patching a vulnerability CredSSP Remote code execution
Whenever I change AllowEncryptionOracle DWORD value to 1 to mitigate the issue. But it keeps on reverting to 2. I am quite sure that this is GPO changing it. My question is how to check it. I went to event viewer, then in the security, I can see the part where it shows that I changed the value of the key in the registry but it does not show anywhere on who is changing it back to 2. Is there a way to find out who is changing the value. If it's GPO, will it not show GPO changing the value in key or GPO will just show GPO implemented/successful something like that. If this is the case is there a solution on how to find out who changed reverted the value back to 2.
May 15, 202101:26 PM - last edited on Jul 22, 202104:09 AM by ChrisG