Skip to main content

Authentication Job Group

The Authentication job group provides information on authentication settings within audited systems to help identify potential security vulnerabilities and reduce risk within the environment.

Authentication Job Group in the Jobs Tree

The jobs in the Authentication job group are:

  • SG_LSASettings Job – This job lists LSA settings on all targeted hosts. In particular, the RunAsPPL, RestrictAnonymous, and ValidateKdcPacSignature keys are examined. If these keys are not set to 1, a host is vulnerable to mimikatz and other exploitation tools. See the Microsoft Configuring Additional LSA Protection article for additional ininformation.
  • SG_SecuritySupportProviders Job – This job identifies security support providers on all targeted hosts, highlighting potentially malicious SSPs
  • SG_WDigestSettings Job – This job lists WDigest settings on all targeted hosts. In particular, the UseLogonCredentials key is examined. If the KB is not installed, and this key is not set properly for a given host, cleartext passwords will be stored in memory. See the Microsoft Security Advisory article for more information.