Table of Contents
Advertisement
Instructions for Use
CLARUS® 500
Turn on convenience PIN sign-in
Turn on PowerShell Script Block Logging
Log script block invocation start / stop events:
Untrusted Font Blocking
Mitigation Options
Use a hardware security device
Use enhanced anti-spoofing when available
User Account Control: Admin Approval Mode for the Built-in Administrator
account
User Account Control: Allow UIAccess applications to prompt for elevation
without using the secure desktop
User Account Control: Behavior of the elevation prompt for administrators in
Admin Approval Mode
User Account Control: Behavior of the elevation prompt for standard users
User Account Control: Detect application installations and prompt for elevation
User Account Control: Only elevate executables that are signed and validated
User Account Control: Only elevate UIAccess applications that are installed in
secure locations
User Account Control: Run all administrators in Admin Approval Mode
User Account Control: Switch to the secure desktop when prompting for
elevation
User Account Control: Virtualize file and registry write failures to per-user
locations
WDigest Authentication (disabling may require KB2871997)
Windows Firewall: Domain: Display a notification
Windows Firewall: Domain: Inbound connections
Inbound Connections
Windows Firewall: Domain: Logging: Log dropped packets
Windows Firewall: Domain: Logging: Log successful connections
Windows Firewall: Domain: Logging: Name
2660021171806 Rev. A 2019-01
Policy
5 Configuration
5.11 System Administration
Setting
Disabled
Enabled
TRUE
Enabled
Block untrusted
fonts and log
events
Enabled
Enabled
Enabled
Disabled
Elevate without
prompting
Prompt for
credentials
Enabled
Disabled
Enabled
Enabled
Enabled
Enabled
Disabled
No
Enabled
Block
Yes
Yes
%SYSTEMROOT%
\System32\
logfiles
\firewall\doma
infw.log
95 / 192
Advertisement
Table of Contents
Troubleshooting
