cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CredSSP Registry key keeps reverting

Hi all,
I am not pro. Just a starter, so please ignore anything that does not seem the way it should be.

I am patching a vulnerability CredSSP Remote code execution

Whenever I change AllowEncryptionOracle DWORD value to 1 to mitigate the issue. But it keeps on reverting to 2. I am quite sure that this is GPO changing it. My question is how to check it. I went to event viewer, then in the security, I can see the part where it shows that I changed the value of the key in the registry but it does not show anywhere on who is changing it back to 2. Is there a way to find out who is changing the value. If it's GPO, will it not show GPO changing the value in key or GPO will just show GPO implemented/successful something like that. If this is the case is there a solution on how to find out who changed reverted the value back to 2.

(1) Reply
raslam
By Level 7 Flexeran
Level 7 Flexeran

Hi, 

Please try to use event viewer in windows to see what happened when it is reverted. Please look at the below article, which might help you how you can use event viewer. 

https://www.dummies.com/computers/operating-systems/windows-10/how-to-use-event-viewer-in-windows-10/

Regards,

Raheel