Hard_Configurator - Windows Hardening Configurator

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
You have to test it. Copy the H_C shortcut to the Downloads folder and try to run it. It should be blocked if SRP works well. You can also create any shortcut in the Downloads folder and run it.
Thanks. It works on my machine :D I suppose we'll have to see what happens with next big Win 11 update but good to see it's working ;)

1673568895411.png
 
F

ForgottenSeer 97327

I am glad Software Restriction Policies still work on Windows 11 devices which have Smart Application Control disabled. First it felt like being excluded from a new feature, now I am thankful for still having this Windows XP feature on my wife's laptop. I find H_C easier to use than secpol.msc, so thanks for your great tools (y)
 
F

ForgottenSeer 97327

My wife's HP laptop came with Windows11. I bought it online and with free update service (bios, drivers etc) and doa check. The update service did not mention updating Windows. The laptop had Windows 11 installed and executed first run settings initialization procedure (so I assumed it came with clean installed Windows11). It now runs 22H2 with SAC switched off and SRP is fully functional.
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
SRP seems dysfunctional on Windows 11 due to SAC, although there is no official note from Microsoft. SAC works on the systems in Europe and North America. Some people reported that it did not work after updating Windows 11 to ver. 22H2 (from previous Windows 11 versions) and some reported that SRP still works.
The problem is that Microsoft is silent about this issue, so there can be some surprises in the future.
 

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
484
SRP seems dysfunctional on Windows 11 due to SAC, although there is no official note from Microsoft. SAC works on the systems in Europe and North America. Some people reported that it did not work after updating Windows 11 to ver. 22H2 (from previous Windows 11 versions) and some reported that SRP still works.
The problem is that Microsoft is silent about this issue, so there can be some surprises in the future.

Hi Andy

I use NTLite, which i think you are familiar with, to remove items from my Os, if i remove SAC, would H_C or SWH function ok?
 

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
484
If the system is based on Windows 11 22H2 and the region (Europe, North America) is supported, then probably not. :(

Forgot to mention that, yes W11 22H2. Probably not you say, that you have to clarify because i can not see, do not understand why not.
 
  • Like
Reactions: vtqhtr413

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Forgot to mention that, yes W11 22H2. Probably not you say, that you have to clarify because i can not see, do not understand why not.
The information about the source of the issue is insufficient. I doubt if it is possible to remove SAC and all dependencies with the help of NTLite, so most probably SRP will not work. Anyway, I will not insist that I am right, because I did not test it. (y)
 

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
484
The information about the source of the issue is insufficient. I doubt if it is possible to remove SAC and all dependencies with the help of NTLite, so most probably SRP will not work. Anyway, I will not insist that I am right, because I did not test it. (y)
Yeah, you are right. The issue is surrounded by a lot of uncertainties.
 

Griz

New Member
Feb 26, 2023
1
I read a blog where someone was able to solve the problem. After deleting the keys SRP should work again. Can anyone confirm this?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000002
"LastWriteTime"=hex(b):01,00,00,00,00,00,00,00



Here you can also read that there is a bypass in SRP and how to close it.
The bypass nonsensically allows restricted users to create subdirectories in %SystemDrive%.
A Demonstration and how to prevent.
 
Last edited:

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
I read a blog where someone was able to solve the problem. After deleting the keys SRP should work again. Can anyone confirm this?




Here you can also read that there is a bypass in SRP and how to close it.
The bypass nonsensically allows restricted users to create subdirectories in %SystemDrive%.
A Demonstration and how to prevent.
After some trial and error, I found out that the Kanthak correction can be simplified by the tweak:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000000

Simply, one has to correct the invalid number of Applocker rules under this key (there are no rules at all). This value will not change, because SAC uses WDAC policies to control AppLocker, so no policies are added under this key.
This tweak works well with SAC, also if it is turned ON.
Discussed here:
@Andy Ful Do you have plans to update the first post an your GitHub page with this info?
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top