- Apr 5, 2021
- 621
When using SAC, one must fully rely on Microsoft. So, there is much to do for making SAC usable.
This limitation of SAC makes it a dealbreaker from my pov.
When using SAC, one must fully rely on Microsoft. So, there is much to do for making SAC usable.
SAC is still in the alpha\early beta stage. So it's too early to judge it, but I wouldn't bet 1 euro that Microsoft will make SAC a well-polished product. Just look at MDAC; Microsoft started on it, but then further development came to a crawl. The only real options in the same class of default deny are SMB and enterprise third party security software.This limitation of SAC makes it a dealbreaker from my pov.
So it's too early to judge it, but I wouldn't bet 1 euro that Microsoft will make SAC a well-polished product.
Everyone thinks Microsoft's development teams operate in a proficient and military manner. Nothing could be further from the truth. For one, Microsoft has employee turnover that impacts their projects. Then there are competing priorities within the company itself and a lack of long-term commitment to sub-projects.It's like their development team is made up people with stunted attention spans who can't concentrate on anything for more than a few minutes at a time, and are unable to see anything through to to its completion.
No. This is a new Windows policy. It is possible that I will add it to SWH and H_C. It is not necessary at home, because brute force attacks can hardly happen with current H_C settings. Anyway, such attacks can sometimes happen when the computer is used for hybrid work.@Andy Ful Out of curiosity, this blocking of brute force attacks aready covered with H_C Recommended settings?
All Windows Versions Can Now Block Admin Brute Force Attacks
Thanks for the info!No. This is a new Windows policy. It is possible that I will add it to SWH and H_C. It is not necessary at home, because brute force attacks can hardly happen with current H_C settings. Anyway, such attacks can sometimes happen when the computer is used for hybrid work.
This is an internal feature of SRP, related to Default Security Level (Disallowed or BasicUser).what registry key enables contrained language mode?
on windows 11 pro 22h2 i tested H_C:This is an internal feature of SRP, related to Default Security Level (Disallowed or BasicUser).
Yes. IIRC it has a W8 and other profiles, but I haven't used it in quite some time.@Andy Ful I have an old PC that has Win 8.1 installed. Does Hard Configurator work on that version of windows? or is it only on windows 10 and 11? Thanks!
It works for Windows Vista up to Windows 10. On Windows 11, it works only when upgraded from Windows 10.@Andy Ful I have an old PC that has Win 8.1 installed. Does Hard Configurator work on that version of windows? or is it only on windows 10 and 11? Thanks!
on windows 11 pro 22h2 i tested H_C:
upgraded system windows 10 to 11SRP does not work on Windows 11 22H2.
Hard_Configurator - Windows Hardening Configurator
Post updated in September 2024. The current version can be downloaded from GitHub or Softpedia: https://github.com/AndyFul/Hard_Configurator/raw/master/Hard_Configurator_setup_7.0.0.0.exe https://www.softpedia.com/get/Tweak/System-Tweak/Hard-Configurator.shtml WARNING! The fake domain...malwaretips.com
Interesting - if SRP works fine then Constrained Language Mode (CLM) should work too. I cannot say for sure, but there can be some incompatibility with other security layers. After your post, I tested SRP + CLM on Windows Home 21H2 (works well) and on Windows Pro 22H2 (did not work). But, in the second case, the issue was related to my tests with HomeApplocker.upgraded system windows 10 to 11
not clean install 11 22h2
srp works fine; constrained language mode does not get set
it is strange behaviorInteresting - if SRP works fine then Constrained Language Mode (CLM) should work too. I cannot say for sure, but there can be some incompatibility with other security layers. After your post, I tested SRP + CLM on Windows Home 21H2 (works well) and on Windows Pro 22H2 (did not work). But, in the second case, the issue was related to my tests with HomeApplocker.
It is interesting that removing HomeApplocker policies did not work. The SRP functionality has been restored after removing two folders:
c:\Windows\System32\AppLocker\MDM
c:\Windows\SysWOW64\AppLocker\MDM