Hardening LSASS process

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md

https://hotcakex.github.io

MIT License

1.87k stars 148 forks source link

Hardening LSASS process #61

Closed keneos-dev closed 1 year ago

keneos-dev commented 1 year ago

I may have missed it, but I couldn't find any activation of RunAsPPL in the registry. This could be a simple but effective security measure, endorsed by Microsoft, in addition to the UEFI lock.

HotCakeX commented 1 year ago

Hi, only very few security measures are applied using registry, those that can't be enabled using Group Policy or PowerShell cmdlets.

This one is enabled using Group policy in the Device Guard category https://github.com/HotCakeX/Harden-Windows-Security#device-guard

keneos-dev commented 1 year ago

Oh, my mistake. Thank you! 🙏

HotCakeX commented 1 year ago

Oh, my mistake. Thank you! 🙏

You're welcome, no worries 🙂