Enable auditing of Lsass.exe to evaluate feasibility of enabling LSA protection. For more information, see http://technet.microsoft.com/en-us/library/dn408187.aspx Counter Measure: Enable and configure this setting. Potential Impact: Some unprotected LSA processes will be unable to function. Fix: (1) GPO: Computer Configuration\Administrative Templates\SCM: Pass the Hash Mitigations\Lsass.exe audit mode (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe!AuditLevel