deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 20:33:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Resolve merge conflict

Browse Source
This commit is contained in:
Vinay Pamnani
2023-06-06 10:33:05 -04:00
parent a777d269ce ab200d3bbe
commit 9a4cf7a855
69 changed files with 974 additions and 1237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/auditing/audit-security-group-management.md
View File

@ -83,7 +83,7 @@ This subcategory allows you to audit events generated by changes to security gro
> [!IMPORTANT]
> Event 4754(S) generates only for domain groups, so the Local sections in event [4731](event-4731.md) do not apply.
- 4755(S): A security-enabled universal group was changed. See event _[4735](event-4735.md): A security-enabled local group was changed._ Event 4737 is the same, but it is generated for a **universal** security group instead of a **local** security group. All event fields, XML, and recommendations are the same. The type of group is the only difference.
- 4755(S): A security-enabled universal group was changed. See event _[4735](event-4735.md): A security-enabled local group was changed._ Event 4755 is the same, but it is generated for a **universal** security group instead of a **local** security group. All event fields, XML, and recommendations are the same. The type of group is the only difference.
> [!IMPORTANT]
> Event 4755(S) generates only for domain groups, so the Local sections in event [4735](event-4735.md) do not apply.

2
windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
View File

@ -90,7 +90,7 @@ There are no security audit event policies that can be configured to view output
This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB replay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the
NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB relay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the
Kerberos version 5 protocol, or different authentication mechanisms, such as smart cards.
### Vulnerability