I just need to skip something simple, but I can’t understand for life why the site refuses to scan PCI. It specifically fails for "account firewall capabilities through the IIS NTLM authentication scheme."
I searched the Internet and came up with an apartment. The only thing I found was here: https://sites.google.com/site/pcidssadventures/remediation/86693
This means that the local policy "Do not store the LAN Manager hash value the next time you change the password" is set to "enable". What it already was.
I confirmed both through the interface and apphostconfig that WindowsAuthentication is disabled, but the verification still fails, and it obviously fails for a good reason - it returns with an NTLM error code.
My only assumption is that IIS is still responding to an NTLM attempt, even if NTLM is disabled. Does anyone know how I can prevent this? Is anyone
Thanks in advance.
source
share