Enable LSA protection. For more information, see http://technet.microsoft.com/en-us/library/dn408187.aspx
Counter Measure:
Enable and configure this setting.
Potential Impact:
Some unprotected LSA processes will be unable to function.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\SCM: Pass the Hash Mitigations\LSA Protection
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCo ...
Local Administrator Password Solution (LAPS) tool is free and supported software that allows an organization to automatically set randomized and unique local Administrator account passwords on domain-attached workstations and member servers. The passwords are stored in a confidential attribute of the domain computer account and can be retrieved from Active Directory by approved Sysadmins when need ...
Windows includes support for Structured Exception Handling Overwrite Protection (SEHOP). We recommend enabling this feature to improve the security profile of the computer. The recommended state for this setting is: Enabled.Note: After you enable SEHOP, existing versions of Cygwin, Skype, and Armadillo-protected applications may not work correctly.Fix:(1) GPO: Computer Configuration\Policies\Admin ...
This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.If you disable this policy setting, the SMB client will reject insecure guest logons.Insecure guest logons are used by file servers to allow unauthenticated access to shar ...
This policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller. This policy does not affect interactive logon to this domain controller.
This policy is supported on at least Windows Server 2008 R2.
Note: Block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/W ...
This policy setting configures the time in minutes before a detection in the "completed" state moves to the "cleared" state.
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Reducing the time in minutes before a detection in the "completed" state is moved to the &qu ...
This policy setting configures the time in minutes before a detection in the "non-critically failed" state moves to the "cleared" state.
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Reducing the time in minutes before a detection in the "non-critically failed" state ...
This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.
If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payl ...
This policy setting configures the time in minutes before a detection in the "critically failed" state to moves to either the "additional action" state or the "cleared" state.
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Reducing the time in minutes before a detecti ...
This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
This policy is supported on at least Windows 7 or Windows Server 2008 R2.
Note: Audit and block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Micros ...