Configures LSASS to run as a protected processID: oval:org.secpod.oval:def:95713 | Date: (C)2023-12-12 (M)2023-12-12 |
Class: COMPLIANCE | Family: windows |
This policy setting controls whether the Local Security Authority Subservice Service (LSASS) runs in protected mode and also has the option to lock in protected mode with Unified Extensible Firmware Interface (UEFI). The Local Security Authority (LSA), which includes the LSASS process, validates users for local and remote sign-ins and enforceslocal security policies.
The recommended state for this setting is: Enabled: Enabled with UEFI Lock.
Fix:
(1) GPO: Computer Configuration\Policies\Administrative Templates\System\Local Security Authority\Configures LSASS to run as a protected process
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa:ConfigureLsaProtectedProcess
Platform: |
Microsoft Windows 10 |