pingcastle
pingcastle copied to clipboard
KDC armoring reports inaccurate
Scans for the KDC armoring settings do not include the WOW6432Node path for the policy templates and therefore sometimes do not recognize the correctly configured GPOs:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters
Issue encountered on a fresh Windows Server 2022 based domain (DFL/FFL 2016) localized in German
https://github.com/vletoux/pingcastle/blob/b099a83a1bfa9ef7d5ac0c58405296e9c66f8f51/Healthcheck/HealthcheckAnalyzer.cs#L2759