Hard_Configurator - Windows Hardening Configurator

ErzCrz

ErzCrz

Level 22
Verified
Top Poster
Well-known
Aug 19, 2019
1,157
Andy Ful said:
You have to test it. Copy the H_C shortcut to the Downloads folder and try to run it. It should be blocked if SRP works well. You can also create any shortcut in the Downloads folder and run it.
Click to expand...
Thanks. It works on my machine :D I suppose we'll have to see what happens with next big Win 11 update but good to see it's working ;)

1673568895411.png
 
  • Like
Reactions: mkoundo, Andy Ful, Moonhorse and 3 others
F

ForgottenSeer 97327

I am glad Software Restriction Policies still work on Windows 11 devices which have Smart Application Control disabled. First it felt like being excluded from a new feature, now I am thankful for still having this Windows XP feature on my wife's laptop. I find H_C easier to use than secpol.msc, so thanks for your great tools (y)
 
  • Like
Reactions: cryogent, Andy Ful, vtqhtr413 and 2 others
F

ForgottenSeer 97327

My wife's HP laptop came with Windows11. I bought it online and with free update service (bios, drivers etc) and doa check. The update service did not mention updating Windows. The laptop had Windows 11 installed and executed first run settings initialization procedure (so I assumed it came with clean installed Windows11). It now runs 22H2 with SAC switched off and SRP is fully functional.
 
Last edited by a moderator:
  • Like
Reactions: vtqhtr413, oldschool, simmerskool and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
SRP seems dysfunctional on Windows 11 due to SAC, although there is no official note from Microsoft. SAC works on the systems in Europe and North America. Some people reported that it did not work after updating Windows 11 to ver. 22H2 (from previous Windows 11 versions) and some reported that SRP still works.
The problem is that Microsoft is silent about this issue, so there can be some surprises in the future.
 
  • Like
  • Wow
Reactions: vtqhtr413, oldschool, simmerskool and 3 others
P

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
471
Andy Ful said:
SRP seems dysfunctional on Windows 11 due to SAC, although there is no official note from Microsoft. SAC works on the systems in Europe and North America. Some people reported that it did not work after updating Windows 11 to ver. 22H2 (from previous Windows 11 versions) and some reported that SRP still works.
The problem is that Microsoft is silent about this issue, so there can be some surprises in the future.
Click to expand...

Hi Andy

I use NTLite, which i think you are familiar with, to remove items from my Os, if i remove SAC, would H_C or SWH function ok?
 
  • Like
Reactions: vtqhtr413 and [correlate]
P

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
471
Andy Ful said:
If the system is based on Windows 11 22H2 and the region (Europe, North America) is supported, then probably not. :(
Click to expand...

Forgot to mention that, yes W11 22H2. Probably not you say, that you have to clarify because i can not see, do not understand why not.
 
  • Like
Reactions: vtqhtr413
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
pxxb1 said:
Forgot to mention that, yes W11 22H2. Probably not you say, that you have to clarify because i can not see, do not understand why not.
Click to expand...
The information about the source of the issue is insufficient. I doubt if it is possible to remove SAC and all dependencies with the help of NTLite, so most probably SRP will not work. Anyway, I will not insist that I am right, because I did not test it. (y)
 
  • Like
Reactions: vtqhtr413, oldschool and simmerskool
P

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
471
Andy Ful said:
The information about the source of the issue is insufficient. I doubt if it is possible to remove SAC and all dependencies with the help of NTLite, so most probably SRP will not work. Anyway, I will not insist that I am right, because I did not test it. (y)
Click to expand...
Yeah, you are right. The issue is surrounded by a lot of uncertainties.
 
  • Like
Reactions: vtqhtr413 and Andy Ful
G

Griz

New Member
Feb 26, 2023
1
I read a blog where someone was able to solve the problem. After deleting the keys SRP should work again. Can anyone confirm this?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000002
"LastWriteTime"=hex(b):01,00,00,00,00,00,00,00
Click to expand...

borncity.com

Software Restriction Policies (SAFER) still possible under Windows 11 22H2 …

[German]We was told, that Software Restriction Policies and SAFER no longer work out-of-the-box under Windows 11 22H2. This is caused by registry entries left in the ISO images, that make Windows 11…
borncity.com borncity.com


Here you can also read that there is a bypass in SRP and how to close it.
The bypass nonsensically allows restricted users to create subdirectories in %SystemDrive%.
A Demonstration and how to prevent.

Prevent Bypass of AppLocker and SAFER alias Software Restriction Policies

skanthak.homepage.t-online.de skanthak.homepage.t-online.de
 
Last edited:
  • Like
Reactions: vtqhtr413 and Gandalf_The_Grey
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,233
Griz said:
I read a blog where someone was able to solve the problem. After deleting the keys SRP should work again. Can anyone confirm this?


borncity.com

Software Restriction Policies (SAFER) still possible under Windows 11 22H2 …

[German]We was told, that Software Restriction Policies and SAFER no longer work out-of-the-box under Windows 11 22H2. This is caused by registry entries left in the ISO images, that make Windows 11…
borncity.com borncity.com


Here you can also read that there is a bypass in SRP and how to close it.
The bypass nonsensically allows restricted users to create subdirectories in %SystemDrive%.
A Demonstration and how to prevent.

Prevent Bypass of AppLocker and SAFER alias Software Restriction Policies

skanthak.homepage.t-online.de skanthak.homepage.t-online.de
Click to expand...
After some trial and error, I found out that the Kanthak correction can be simplified by the tweak:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000000

Simply, one has to correct the invalid number of Applocker rules under this key (there are no rules at all). This value will not change, because SAC uses WDAC policies to control AppLocker, so no policies are added under this key.
This tweak works well with SAC, also if it is turned ON.
Click to expand...
Discussed here:
malwaretips.com

Deprecated - Windows 11 22H2 no longer supports Software Restriction Policies (SRP)

A brief note to Windows administrators who still rely on Software Restriction Policies (SRP). This security feature has been deprecated since 2020, but is still supported in Windows 10. But Windows 11 version 22H2 will definitely put an end to the use of Software Restriction Policies –...
malwaretips.com malwaretips.com
@Andy Ful Do you have plans to update the first post an your GitHub page with this info?
 
Last edited:
  • Like
Reactions: vtqhtr413, Mercenary, simmerskool and 1 other person
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,596
Last edited:
  • Like
Reactions: vtqhtr413, simmerskool, Andy Ful and 1 other person

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,431
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,117
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top