cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Win2019 standalone baseline testing (lab)

Mughal1
Copper Contributor

‎Sep 02 2021 01:15 AM

‎Sep 02 2021 01:15 AM

Win2019 standalone baseline testing (lab)

Hello,

 

I'm running a Win2019 Core lab instance where I'm experimenting with the application of an SCT baseline to harden the system. The use case for the production rollout would be for an standalone Internet facing web server, so I'd like to ensure that I've done my best to prep it for exposure. The lab 2019 instance is running in Hyper-V and has been fully patched.

 

-) Any recommendations on running the PolicyAnalyzer on a server running Core? I can execute the PolicyAnalyzer software from the server CLI console, but I think that, since Windows Explorer isn't available, certain key aspects of the tool become unusable (Example: when I try to select a directory for Policy Templates, the directory/location selection area is blank and I cannot select an alternate directory. See screenshot)

 

-) When running the Baseline installation PS script, there is an error message that is displayed during the installation:

 

-----

Installing Exploit Protection settings...
Set-ProcessMitigation : Unable to load DLL 'MitigationConfiguration.dll': The specified module could not be found.
(Exception from HRESULT: 0x8007007E)
At C:\sct\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Local_Script\BaselineLocalInstall.ps1:250
char:1
+ Set-ProcessMitigation -PolicyFilePath $rootDir\ConfigFiles\EP.xml
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-ProcessMitigation], DllNotFoundException
+ FullyQualifiedErrorId : System.DllNotFoundException,Microsoft.Samples.PowerShell.Commands.SetProcessMitigationsC
ommand

-----

 

Is there any way to understand what this error is and why it is occurring?

 

Thanks,

 

T.

Preview file
25 KB
2,014 Views
1 Like
4 Replies
Reply
4 Replies
Dynom

‎Nov 18 2021 12:00 AM - edited ‎Nov 18 2021 12:02 AM

‎Nov 18 2021 12:00 AM - edited ‎Nov 18 2021 12:02 AM

Re: Win2019 standalone baseline testing (lab)

I've been struggling with this as well. I think it's because of running a Core version.

FWIW, this does NOT fix it:

 

Install-Module -Name ProcessMitigations -Force -SkipPublisherCheck
Import-Module ProcessMitigations

 

 

A relevant thread to "follow" might be: https://github.com/microsoft/PowerStig/issues/866

0 Likes
Reply
Rick_Munck

‎Nov 22 2021 06:06 AM

‎Nov 22 2021 06:06 AM

Re: Win2019 standalone baseline testing (lab)

It looks like you are failing on the Exploit Protection portion of the script which we have removed from all baselines starting in the fall of 2019.
0 Likes
Reply
Ian-Cervantez-Volusion

‎Apr 09 2022 03:46 PM

‎Apr 09 2022 03:46 PM

Re: Win2019 standalone baseline testing (lab)

@Rick_Munck Can you shed some light on where to get the latest baseline?  The version I downloaded said it was published on 3/4/2022.  It still has the following lines:

LogAndShowProgress "Installing Exploit Protection settings..."
# TODO: Some way to capture this output?
Set-ProcessMitigation -PolicyFilePath $rootDir\ConfigFiles\EP.xml

 

Based on your statement, it sounds like this has been removed from all baselines for a few years now??

 

I've downloaded it from https://www.microsoft.com/en-us/download/details.aspx?id=55319

0 Likes
Reply
Rick_Munck

‎Apr 11 2022 11:20 AM

‎Apr 11 2022 11:20 AM

Re: Win2019 standalone baseline testing (lab)

@Ian-Cervantez-Volusion it depends on what version you are referring to.  Starting in version 1909 we no longer include Exploit Protection settings.  The baselines are point in time and evolved with each version.  For 2019 I would recommend using the 20H2 baseline. 

0 Likes
Reply