Enable 'Local Security Authority (LSA) protection'

Table of Contents

Description

Forces LSA to run as Protected Process Light (PPL).

Potential risk

If LSA isn't running as a protected process, attackers could easily abuse the low process integrity for attacks (such as Pass-the-Hash).

Remediation options

Set the following registry value:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL

To the following REG_DWORD value:
1