๐ย Secure Bits ๐ก
โ๐๐ผ ๐ป๐ผ๐ ๐ฎ๐น๐น๐ผ๐ ๐๐๐ผ๐ฟ๐ฎ๐ด๐ฒ ๐ผ๐ณ ๐ฝ๐ฎ๐๐๐๐ผ๐ฟ๐ฑ๐ ๐ฎ๐ป๐ฑ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐ ๐ณ๐ผ๐ฟ ๐ป๐ฒ๐๐๐ผ๐ฟ๐ธ ๐ฎ๐๐๐ต๐ฒ๐ป๐๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ปโ โ harmless sounding, right?
Well, It is good to think twice before enabling Security Baselines blindly.
๐ This setting disablesย whether Credential Manager saves passwords and credentials, which can break more than you expect.
๐ฅย ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ถ๐บ๐ฝ๐ฎ๐ฐ๐๐:
โย DFS shareย mapping stops working (normal SMB shares are fine)
โย Scheduled Tasksย with stored creds fail (unless using MSA/GMSA/DMSA)
โย RDPย wonโt store credentials (better to use Restricted Admin mode or Remote Credential Guard anyway in combination with a good AD design)
๐ย ๐ฃ๐ผ๐น๐ถ๐ฐ๐ ๐ฝ๐ฎ๐๐ต:
Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
โย ๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ ๐ฎ๐ฐ๐ฐ๐ฒ๐๐: ๐๐ผ ๐ป๐ผ๐ ๐ฎ๐น๐น๐ผ๐ ๐๐๐ผ๐ฟ๐ฎ๐ด๐ฒ ๐ผ๐ณ ๐ฝ๐ฎ๐๐๐๐ผ๐ฟ๐ฑ๐ ๐ฎ๐ป๐ฑ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐ ๐ณ๐ผ๐ฟ ๐ป๐ฒ๐๐๐ผ๐ฟ๐ธ ๐ฎ๐๐๐ต๐ฒ๐ป๐๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป
โ
๐ฌ๐ผ๐ ๐ฑ๐ผ ๐๐ฎ๐ป๐ ๐๐ต๐ถ๐ ๐ฒ๐ป๐ฎ๐ฏ๐น๐ฒ๐ฑ โ ๐ถ๐โ๐ ๐ฎ ๐๐ผ๐น๐ถ๐ฑ ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐บ๐ฒ๐ฎ๐๐๐ฟ๐ฒ.
But you should also understand the real-world tradeoffs and know when an exception might be needed.
๐ ๐ฐ๐ผ๐๐ฒ๐ฟ ๐ต๐ผ๐ ๐๐ผ ๐ฎ๐ฝ๐ฝ๐น๐ ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ฏ๐ฎ๐๐ฒ๐น๐ถ๐ป๐ฒ๐ properly (with the why) in myย ๐๐๐ถ๐น๐ฑ๐ถ๐ป๐ด ๐ฎ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ฒ ๐๐ฐ๐๐ถ๐๐ฒ ๐๐ถ๐ฟ๐ฒ๐ฐ๐๐ผ๐ฟ๐ ๐ฐ๐ผ๐๐ฟ๐๐ฒ, which you can find on my website.
๐ฌ Got another item from Security Baselines that broke something in your environment?
