Securing your Windows servers and Windows 10 running is vital, especially given today’s sophisticated threat landscape. These are usually the first machines to be compromised in an attack through exploitation of the weakest link in the chain — the user. Through trickery and social engineering, threat actors gain access to these machines and then seek to move laterally and elevate their privileges. Therefore, enhancing endpoint and server security can significantly reduce your risk of a security breach.
What is a Protected Process?
A process is considered protected when it meets the criteria described in this Microsoft documentation. To summarize, a process is considered protected if it has a verified signature from Microsoft and it adheres to the Microsoft Security Development Lifecycle (SDL). If those two criteria are not met, the process cannot access the content being used by the LSA in memory.
How to Enable LSA Protection
Since LSA Protection is controlled via the registry, you can enable it easily across all your devices using Group Policy: Simply set the value of RunAsPPL to 1. This setting can be found in the registry at SYSTEM\CurrentControlSet\Control\Lsa.
The following code can be leveraged as a .reg file to set this value to 1:
___
*Code Block* Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "RunAsPPL"=dword:00000001 *Code Block*
___
If this information is helpful to you read our blog for more interesting and useful content, tips and guildelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be asiisting you with your query.
Content curated by the team of COMPUTER 2000 on the bases of marketing materials provided by our partners/vendors.
Follow us to learn more
CONTACT US
Let’s walk through the journey of digital transformation together.
