Some users may have issues creating a community account See more here.

mudasir_malik
Flexera beginner

CredSSP Registry key keeps reverting

Hi all,
I am not pro. Just a starter, so please ignore anything that does not seem the way it should be.

I am patching a vulnerability CredSSP Remote code execution

Whenever I change AllowEncryptionOracle DWORD value to 1 to mitigate the issue. But it keeps on reverting to 2. I am quite sure that this is GPO changing it. My question is how to check it. I went to event viewer, then in the security, I can see the part where it shows that I changed the value of the key in the registry but it does not show anywhere on who is changing it back to 2. Is there a way to find out who is changing the value. If it's GPO, will it not show GPO changing the value in key or GPO will just show GPO implemented/successful something like that. If this is the case is there a solution on how to find out who changed reverted the value back to 2.

0 Kudos
1 Reply
raslam
Flexera
Flexera

Hi, 

Please try to use event viewer in windows to see what happened when it is reverted. Please look at the below article, which might help you how you can use event viewer. 

https://www.dummies.com/computers/operating-systems/windows-10/how-to-use-event-viewer-in-windows-10...

Regards,

Raheel

 

 

0 Kudos