From 4b37f8bc1f024c87f7b98cf685d80d18d3291665 Mon Sep 17 00:00:00 2001
From: Ashley Hooper <ashleyghooper@gmail.com>
Date: Thu, 13 Nov 2025 16:46:38 +1300
Subject: [PATCH] Invert win22cis_restrict_sending_ntlm_traffic values - 1 is
 Audit All, 2 is Deny All

Signed-off-by: Ashley Hooper <ashleyghooper@gmail.com>
---
 defaults/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 10d0203..b5d92ae 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -827,10 +827,10 @@ win22cis_ldap_client_integrity: 1
 # Log\Microsoft\Windows\NTLM). Configuring this setting to Deny All also conforms to the benchmark.
 # The recommended state for this setting is: Audit All.
 # Note: Possible Valid Settings
-# 1 - Deny All
-# 2 - Audit All
-# Default: 2
-win22cis_restrict_sending_ntlm_traffic: 2
+# 1 - Audit All
+# 2 - Deny All
+# Default: 1
+win22cis_restrict_sending_ntlm_traffic: 1
 
 # 2.3.17.2
 # win22cis_consent_prompt_behavior_admin is the policy setting controls the behavior of the elevation prompt for administrators.