This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mudasir_malik
Level 2
‎May 15, 2021 01:26 PM

CredSSP Registry key keeps reverting

Hi all,
I am not pro. Just a starter, so please ignore anything that does not seem the way it should be.

I am patching a vulnerability CredSSP Remote code execution

Whenever I change AllowEncryptionOracle DWORD value to 1 to mitigate the issue. But it keeps on reverting to 2. I am quite sure that this is GPO changing it. My question is how to check it. I went to event viewer, then in the security, I can see the part where it shows that I changed the value of the key in the registry but it does not show anywhere on who is changing it back to 2. Is there a way to find out who is changing the value. If it's GPO, will it not show GPO changing the value in key or GPO will just show GPO implemented/successful something like that. If this is the case is there a solution on how to find out who changed reverted the value back to 2.

0 Kudos

This thread has been automatically locked due to inactivity.

To continue the discussion, please start a new thread.
1 Reply
raslam
Level 7 Flexeran
Level 7 Flexeran
‎May 17, 2021 02:29 AM

Hi, 

Please try to use event viewer in windows to see what happened when it is reverted. Please look at the below article, which might help you how you can use event viewer. 

https://www.dummies.com/computers/operating-systems/windows-10/how-to-use-event-viewer-in-windows-10/

Regards,

Raheel

 

 

0 Kudos