To protect your environment and avoid outages, please complete the following steps:
Update all devices that host the Active Directory domain controller role by installing the November 9, 2021 update.
After the November 9, 2021 update has been installed on all Active Directory domain controllers for at least 7 days, we strongly suggest that you enable Enforcement mode on all Active Directory domain controllers.
Starting with the July 12, 2022 Enforcement Phase update, Enforcement mode will be enabled on all Windows domain controllers and will be required.
Must exists: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc
Value: PacRequestorEnforcement
No value minimum, 2 preferred.
As per: https://support.microsoft.com/en-gb/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
To protect your environment and avoid outages, please complete the following steps:
Must exists: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc Value: PacRequestorEnforcement No value minimum, 2 preferred.