Extended Protection for LDAP Authentication (Domain Controllers only)
Configures the LdapEnforceChannelBinding registry value to increase protection against "man-in-the-middle" attack.
For more information, see https://support.microsoft.com/help/4034879 . Some important points:
* Before configuring this setting to "Enabled, always," all clients must have installed the security update described in CVE-2017-8563 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8563).
* See additional support requirements for Windows Server 2008 in linked pages.
Supported on: Windows Server 2008 and newer
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | System\CurrentControlSet\Services\NTDS\Parameters |
Value Name | LdapEnforceChannelBinding |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |
secguide.admx