1.
HARDENING AS PART OF A
HOLISTIC SECURITY STRATEGY

2.
Who is talking to you?
Fabian Böhm
CEO & Founder @ TEAL
Florian Bröder
CEO & Founder @ FB Pro GmbH
https://www.fb-pro.com/
LinkedIn
https://www.teal-consulting.de/
LinkedIn
Volker Wassermann
CEO & Founder @ bridge4IT®
https://www.bridge4it.de/
LinkedIn

3.
Agenda
••• networker.NRW
••• IT Forensics
••• Hardening – the why
••• Hardening – the what
••• Hardening – tool based
••• Hardening – how hard can it be?
••• Q&A

4.
Networker NRW – short facts
Your advantages
••• ​Expand competencies
••• Promote cooperation potential
••• free initial telephone consultation
••• by lawyers specializing in IT law
Other competencies
••• Vocational training in the industrial-technical field
••• Graphic design
••• IT Consulting
••• IT Marketing
••• IT Legal Advice
••• Knowledge Management
••• Qualification and Training
••• Quality Management Systems
••• Environmental Management Systems
••• Advertising and advertising design
Key areas of expertise
••• Cloud Computing/Internet
••• Information Security
••• IT Infrastructure
••• Software
Contact for media, companies and individuals seeking advice

5.
System hardening and IT forensics?
••• Attackers leave more traces, as they can only attack via detours, e. g. private escalation
••• Investigation / preservation of evidence requires less effort / time and money
••• Hardening makes it possible to trace whether the incident occurred before or after the attack
••• What is switched off no longer needs to be checked in the incident
••• Backdoors are closed before attacks will find them to be used
••• No cross-effects from running services or software during analysis
••• Data outflow is condensed to only a few services
••• Number of log entries is reduced, what is not logged does not need to be analyzed
••• Operating system updates do not reopen the gap if security configuration is controlled and monitored

6.
HARDENING – THE WHY

7.
Real life examples
Fritzmeier Group: Hacker legen deutschen Fahrzeugzulieferer lahm - cio.de Fahrradbauer Prophete: Erste Details zum Cyber-Angriff | heise online

8.
Real life examples
Bericht des "Handelsblatt": Gehackte Daten von Continental im Darknet
| tagesschau.de
Nach Cyberangriff auf Continental: Hacker veröffentlichen Liste mit erbeuteten Daten
(handelsblatt.com)
Medibank hack: Email reveals staff details compromised by
data breach | news.com.au — Australia’s leading news site

9.
Real life examples
PrintNightmare: Schon wieder eine Drucker-Lücke in Windows ohne Patch | heise online

10.
Real life examples
Top 5 AWS Misconfigurations That Led to Data Leaks in 2021 | Spiceworks It Security
Clear statement
 99% of cloud breaches can be traced to
“misconfigurations”
 Missing secure configuration
 Missing “hardening”
 No control
 No process / no checks
Clear statement
 80% percent of ransomware can be traced to common
configuration errors
 Missing secure configuration
 Missing “hardening”
 No control
 No process / no checks
Extortion Economics | Security Insider (microsoft.com)

11.
Questions

12.
HARDENING – THE WHAT

13.
Real life demonstrates the inadequacy of the classic
"detect and respond" pattern. It seems that this
pattern is no longer sufficient!

14.
Shifting the responsibility for IT security and asset
protection to back-office, accounting, and "non-IT"
people seems like a very strange approach.

15.
Definition
In computing, hardening is usually the process of securing a system by reducing its surface area of vulnerability,
which is greater as a system performs more functions.
Hardening
…considers information security as well as
data protection
…is one of several technical measures' organizations
may adopt
Legal requirements are in place
 …GDPR enforce “state of technology” (Art. 32
“security of processing”)
 “State of the art” is defined (see Teletrust e.V.)
 Several industry specific requirements enforce more
detailed configuration (e. g. VAIT for insurances, IT-
Sicherheitsgesetz for KRITIS relevant organizations, ISO
27001:2022, B3S "Medizinische Versorgung", e.g.)

16.
It is necessary
Product law in America
Designed to make “everything” work to avoid legal
impacts
 “Dry the guinea in a microwave oven”
 …other stories
Vendors recommend hardening
Microsoft: “We recommend that you implement an
industry-standard configuration that is broadly known
and well-tested, such as Microsoft security baselines,
as opposed to creating a baseline yourself. This helps
increase flexibility and reduce costs.”
How critical is secure configuration?
 A running print spooler service was considered
uncritical until printer nightmare end of 2021.
 Using SMBv1 was uncritical until WannaCry
Ransomware used EternalBlue exploit in 2017
 Using Kerberos tickets based on RC4 encryption is
outdated since 2015 – why is it still activated?
 A “non configured” Office installation is again target
of an attack - so is “non configuration” of Office
uncritical?
…an open door in your house is uncritical until
somebody walks in who is not allowed to do so?
Security baselines guide - Windows security | Microsoft Docs

17.
It is necessary
The NIST Cyber Security Framework covers five critical
functions where the marked ones are most relevant for
securing (known) endpoints.
PROTECT
DETECT
RESPOND
RECOVER
IDENTIFY
Technology PROTECT DETECT RESPOND
Anti-Malware solutions X X
Threat-Intel solutions X X
EDR/XDR solutions X X
MDR solutions X X
Vulnerability scanner X
SIEM solutions X
X
(SOC, IM
process)
Compromise Assessment X X
Hardening X
Enforce Administrator X X IM process
What does make more sense? Have a 24/7 team monitoring the door or just close the door and lock it?

18.
Frameworks and legal:
System hardening is widely mentioned (some examples)
https://www.cisecurity.org/controls/
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kom
pendium/IT_Grundschutz_Kompendium_Edition2020.pdf?__blob=publication
File&v=6
https://www.teletrust.de/publikationen/broschueren/stand-der-
technik/?tx_reintdownloadmanager_reintdlm%5Bdownloaduid%5D=10505&
cHash=f39d74868a8b38e98e6cc09b0ab16f6f

19.
Frameworks and legal
Extract from SWIFT questionnaire (end 2021)
BAFIN for banking and insurance sector (03/2022)
Cyber risk insurance questionaire (2022)
Questions for companies starting with 50.000.000 €
revenue up to 150.000.000 €. “Hardening” is first
questions in sector “basic”.

20.
Frameworks and legal:
System hardening (“secure configuration”) in ISO 27001(2):2022
ISO 27001:2022
is updated and published!

21.
System hardening - strategical part
NIST defines it as…
“The management and control of
configurations for an information system to
enable security and facilitate the
management of risk.”
NIST also published a…
Guide for Security-Focused Configuration
Management of Information Systems | NIST
SecCM consists of four phases:
Security Configuration Management (SecCM) - Glossary | CSRC (nist.gov)
Guide for Security-Focused Configuration Management of Information Systems (nist.gov)
Planning
Identifying and
Implementing
Configurations
Controlling
Configuration
Changes
Monitoring
Figure 2-1 – Security-focused Configuration Management Phases

22.
Hardening in context of a security landscape
Infrastructure Security Endpoint Security Application Security
Managed Security Service Provider Messaging Security Web Security
IoT Security Security Operations & Incident Response Threat Intelligence Mobile Security Data Security
Cloud Security
Identity & Access Management
Risk & Compliance
Specialized Threat Analysis &
Protection
Transaction Security

23.
Hardening in context of a security landscape
Infrastructure Security Endpoint Security Application Security
Messaging Security Web Security
IoT Security Security Operations & Incident Response Threat Intelligence
Risk & Compliance
Specialized Threat Analysis &
Protection
Transaction Security
Mobile Security Data Security
Cloud Security
Identity & Access Management
Managed Security Service Provider

24.
HARDENING – TOOL BASED

25.
Enforce Administrator as „hardening tool“
Enforce Administrator
With Enforce Suite, we offer you a comprehensive enterprise
security solution for continuous monitoring of your clients
and servers. With the central management tool Enforce Suite,
you configure hardening policies according to common
industry standards and monitor their compliance. We at TEAL
Technology Consulting support you in the implementation of
the Enforce Suite and optionally manage your Enforce
solution professionally with our Managed Service offering.
Your advantages
 Automated optimization of your system configuration
 Continuous monitoring of your security
 Comprehensive and up-to-date system curing packages
 Reduced operating costs through auto-optimization
 Professional operation via the Teal Managed Service

26.
High level architecture

27.
System hardening – the benefits
Security
Configuration
Management
Raise efficiency and save
(internal) resources
Raise protection level
Be compliant and
transparent
Security of investment
A new insight?
Detected mistakes fixed early in a chain reduce
overhead and save money in the end.
Conclusion: Hardening is cost effective!
§
€

28.
Examples of rollout approaches
Rollout approach depends on customers infrastructure and could controlled via several dimensions, for example:
 Role oriented
 Technology oriented (operating system, e.g.)
 Location oriented
 Rollout approach based, for example process integrated only targeting newly deployed systems
Wave 1
• Domain
Controllers
Wave 2
• Member Servers
(file, application)
Wave 3
• Web, DB Servers
Wave 4
• Clients of IT
team
• Clients org
oriented Wave 1
• (NEW) Windows
Server 2022
systems
Wave 2
• Installed systems
risk oriented
Wave 3
• Client world
starting with
Windows 10 (not
7,8)

29.
Why not via “Group Policy objects”?
1) How quickly are several hundred hardening settings implemented? We are ready to use after installation.
2) How is it controlled that all settings arrive on the target systems?
3) How is a "restore" of settings performed when an application is no longer functional due to hardening
configurations?
4) How is the IT team notified if IT systems are suddenly no longer "compliant" with the specified settings?
5) How does meaningful process integration (incident management, ConfigMgmt) take place?

30.
HARDENING –
HOW HARD CAN IT BE?

31.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding

32.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
SMB v1 is outdated - still being used in customer environments
Example: A board member used an unmanaged tablet to access an
old NAS to view presentations stored there.

33.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
KNOWN ATTACKS
https://www.golem.de/news/wannacry-nsa-exploits-legen-
weltweit-windows-rechner-lahm-1705-127801.html

34.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO VERIFY
whether SMB v1 is still in use.
enable auditing in smaller environments via PowerShell (Set-
SmbServerConfiguration -AuditSmb1Access $true)
or distribute the following registry key via GPO in larger
environments.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanm
anServerParameters- “AuditSmb1Access”=dword:00000001
Auditing should be performed at least on all domain controllers and
file servers. The logs can either be collected via PowerShell or
forwarded to a log collector via event log forwarding.

35.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO SOLVE
Either the systems can be configured for SMB v2 or v3, or
they need to be replaced.

36.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
SMB v1 is outdated - still being used in customer environments example: A board member used an unmanaged tablet
to access an old NAS to view presentations stored there.
KNOWN ATTACKS
https://www.golem.de/news/wannacry-nsa-exploits-legen-weltweit-windows-rechner-lahm-1705-127801.html
HOW TO SOLVE
Either the systems can be configured for SMB v2 or v3, or they need to be replaced.
HOW TO VERIFY
whether SMB v1 is still in use. To do this, you can enable auditing in smaller environments via PowerShell (Set-
SmbServerConfiguration -AuditSmb1Access $true) or distribute the following registry key via GPO in larger
environments.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameter s
“AuditSmb1Access”=dword:00000001
Auditing should be performed at least on all domain controllers and file servers. The logs can either be collected via
PowerShell or forwarded to a log collector via event log forwarding.

37.
CHALLENGE
ntlm v1 is outdated - still being used in customer environments
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding

38.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
KNOWN ATTACKS
ProxyLogon (CVE-2021-28655 , CVE-2021-27065) and
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)
Orange Tsai, PetitPotam (VDB-179650) from topotam,
Active Directory Certificate Services (ADCS) from Will Schroeder
and Lee Christensen

39.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO VERIFY
Audit ntlm v1 usage via a gpo setting
Collect event:
$Events = Get-WinEvent -Logname Security -FilterXPath
“Event[System[(EventID=4624)]]and
Event[EventData[Data[@Name=’LmPackageName’]=’NTLM V1′]]” |
Select-Object `
@{Label=’Time’;Expression={$_.TimeCreated.ToString(‘g’)}},
@{Label=’UserName’;Expression={$_.Properties[5].Value}},
@{Label=’WorkstationName’;Expression={$_.Properties[11].Value}},
@{Label=’LogonType’;Expression={$_.properties[8].value}},
@{Label=’ImpersonationLevel’;Expression={$_.properties[20].value}}

40.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO SOLVE
Turn NTLM authentication off or enforce ntlm v2 only.
If a system needs to be reconfigured anyway, this is a good time
to move directly to Kerberos if the application supports it.

41.
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
ntlm v1 is outdated - still being used in customer environments
KNOWN ATTACKS
ProxyLogon (CVE-2021-28655 , CVE-2021-27065) and ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-
31207) from Orange Tsai, PetitPotam (VDB-179650), topotam,
Active Directory Certificate Services (ADCS) from Will Schroeder and Lee Christensen
HOW TO SOLVE
Turn NTLM authentication off or enforce ntlm v2 only. If a system needs to be reconfigured anyway,
this is a good time to move directly to Kerberos if the application supports it.
HOW TO VERIFY
Audit ntlm v1 usage via a gpo setting
Collect event:
$Events = Get-WinEvent -Logname Security -FilterXPath “Event[System[(EventID=4624)]]and
Event[EventData[Data[@Name=’LmPackageName’]=’NTLM V1′]]” | Select-Object `
@{Label=’Time’;Expression={$_.TimeCreated.ToString(‘g’)}}, @{Label=’UserName’;Expression={$_.Properties[5].Value}},
@{Label=’WorkstationName’;Expression={$_.Properties[11].Value}},
@{Label=’LogonType’;Expression={$_.properties[8].value}},
@{Label=’ImpersonationLevel’;Expression={$_.properties[20].value}}

42.
SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
Microsoft already tried 3 years ago to force LDAP signing
(ADV190023).
This is essentially a universal no-fix local privilege escalation in
windows domain environments where LDAP signing is not enforced
(the default settings).

43.
SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
KNOWN ATTACKS
https://github.com/Dec0ne/KrbRelayUp

44.
SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO VERIFY
Enable logging via registry key on the DCs:
Reg Add
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDS
Diagnostics /v “16 LDAP Interface Events” /t REG_DWORD /d 2
In addition, the Channel Binding Token (CBT) signing event 3041
should be generated. For this, the setting Domain controller: LDAP
server channel binding token requirements must also be configured
to “When Supported” on the domain controllers. Otherwise, only
the general events 3040 and 3041 are generated, which indicate
whether there were unsaved binds, but no details of which system
triggered this.

45.
SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO SOLVE
Armed with the list of systems, you can now talk to the people
responsible for the server and together find out which application
establishes an LDAP connection. There is usually little you can do
about the fact that the application does this without signing, but in
our experience (almost) every application supports LDAPS. Thus it
is usually done with a change of the configuration in the software.
However, we have also had the case where the operating system
(Linux, domain-joined) communicated via LDAP and it was not
possible to change the configuration. Unfortunately, no OpenSSL
package that supports signing was available in the manufacturer’s
repository for the version of the operating system used. Thus, the
server had to be reinstalled with a newer version of the operating
system.

46.
SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
Microsoft already tried 3 years ago to force LDAP signing (ADV190023).
This is essentially a universal no-fix local privilege escalation in windows domain environments where
LDAP signing is not enforced (the default settings).
KNOWN ATTACKS
https://github.com/Dec0ne/KrbRelayUp
HOW TO SOLVE
After the list of servers which establishes an LDAP connection is generated, configure the application to use LDAPS. We
had cases where the OpenSSL package used in the OS didn’t support LDAPS. Thus, the server had to be reinstalled with a
newer version of the operating system.
HOW TO VERIFY
Enable logging via registry key on the DCs:
Reg Add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics /v “16 LDAP
Interface Events” /t REG_DWORD /d 2
Log CBT signing event 3041 by configuring “Domain controller: LDAP server channel binding token
requirements” to “When supported”

47.
SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
LDAP signing /
channel binding
User rights
assignment
CHALLENGE
Sometimes there are problems with the User Right Assignments.
For example, both CIS and MS Baseline configure “Ensure ‘Access
this computer from the network’ is set to ‘Administrators,
Authenticated Users'”. However, when using Defender for Identity,
it is necessary that the service account used has just this right.

48.
SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
LDAP signing /
channel binding
User rights
assignment
HOW TO VERIFY
User Rights Assignments can be configured via GPO as well as
locally, making it difficult to conclusively check the issue up front. If
one uses the Enforce Administrator for hardening, then one can
match the settings with GPOs when creating the hardening and at
least check this way conclusively. To check locally configured
settings, one could run a script like this on all systems and check the
output.

49.
SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
LDAP signing /
channel binding
User rights
assignment
HOW TO SOLVE
You need to verify the user rights assignments with the respective
application owner and, if not documented properly, test it in a test
environment upfront rolling it out completely.

50.
SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
LDAP signing /
channel binding
User rights
assignment
CHALLENGE
Sometimes there are problems with the User Right Assignments.
For example, both CIS and MS Baseline configure “Ensure ‘Access this computer from the network’ is set to
‘Administrators, Authenticated Users'”. However, when using Defender for Identity, it is necessary that the service
account used has just this right.
HOW TO SOLVE
You need to verify the user rights assignments with the respective application owner and, if not not documented
properly, test it in a test environment upfront rolling it out completely.
HOW TO VERIFY
User Rights Assignments can be configured via GPO as well as locally, making it difficult to conclusively
check the issue up front. If one uses the Enforce Administrator for hardening, then one can match the
settings with GPOs when creating the hardening and at least check this way conclusively. To check locally
configured settings, one could run a script like this on all systems and check the output.

51.
SMBv1
NTLM v1
Client
challenges
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
CHALLENGE
Attack Surface Reduction is a fairly new feature of Windows
Defender. It is supposed to help prevent cyber attacks.

52.
SMBv1
NTLM v1
Client
challenges
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
HOW TO SOLVE
To be on the safe side, it is advisable to first configure the rules in
audit mode, check the messages in the event viewer and only when
all problems have been solved, switch the rules to block mode.
The common curing standards do not call for all ASR Rules to be
turned on, however, we think it is a good idea, even if it is a little
more work.

53.
SMBv1
NTLM v1
Client
challenges
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
CHALLENGE
Attack Surface Reduction is a fairly new feature of Windows Defender. It is supposed to help prevent cyber attacks.
HOW TO SOLVE
To be on the safe side, it is advisable to first configure the rules in audit mode, check the messages in the event
viewer and only when all problems have been solved, switch the rules to block mode.
The common curing standards do not call for all ASR Rules to be turned on, however, we think it is a good idea,
even if it is a little more work.

54.
SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
CHALLENGE 1 - APPLICATIONS AND UNC PATHS
Applications are often placed on network shares and launched from
there via a UNC path to simplify application updates. After applying
the Security Baseline for Windows in such cases, you may receive a
popup with the security warning: “The publisher could not be
verified. Are you sure you want to run the software”. By clicking
Run, the user can still launch the application.

55.
SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
HOW TO SOLVE
This error message is annoying for the user, but can be disabled by adding the
UNC path to the Intranet Zone file. For this purpose there is a so-called Site to
Zone Mapping which is stored in the registry (the mapping can be set for the
whole system or for the user):
• HKLMSOFTWAREPoliciesMicrosoftWindowsCurrentVersionIntern
et SettingsZoneMap
• HKCUSOFTWAREPoliciesMicrosoftWindowsCurrentVersionIntern
et SettingsZoneMapKey
Both settings can also be configured via Group Policy configure:
• Computer Configuration > Administrative Templates > Windows
Components > Internet Explorer > Internet Control Panel > Security
Page
• User Configuration > Administrative Templates > Windows
Components > Internet Explorer > Internet Control Panel > Security
Page
The name of the server is entered there, e.g. file://myserver1 with a value of 2,
which stands for the intranet zone.

56.
SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
CHALLENGE 2 - HTTP AUTHENTICATION SCHEMES
The baseline for Microsoft Edge and the CIS Microsoft Edge
benchmark disable Basic Authentication among the supported
authentication schemes. Basic Authentication is an outdated and
insecure authentication method and the clear recommendation
here is to switch applications that require it to a more modern login
method.

57.
SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
HOW TO SOLVE
For troubleshooting, Basic Authentication can be re-enabled using
the following Group Policy setting:
Computer Configuration > Administrative Templates > Microsoft
Edge > HTTP authentication > Supported authentication schemes
Append the value ‘basic’ to the comma-separated list (all values
must be lowercase).

58.
SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
CHALLENGE 3 – OFFICE FILE FORMAT
A recurring theme in client hardening is the handling of older Office
formats. The Microsoft 365 Apps for Enterprise Baseline and the CIS
Microsoft Office Excel Benchmark are quite restrictive and disable
all older Office formats. This affects all old binary formats of the
Office version older than 2007, before Office had introduced
modern file formats based on XML. Most companies still use older
Office formats at least in some areas and therefore have to soften
the Microsoft baseline again in this area.

59.
SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
HOW TO SOLVE
Verify which old office templates exists which cannot be renewed….
Unblock excel version via GPO
User Configuration > Administrative Templates > Microsoft Excel 2016 > Excel Options >
Security > Trust Center > File Block Settings > Excel 97-2003 workbooks and templates.
We provide here a small script that searches a certain directory incl. subdirectories for
files with the extension . xls and determines the exact version. However, the script must
open the file, so it must only be applied to trusted files, because macro code may be
executed when the file is opened, and macros that start automatically and display a
dialog box, for example, must be clicked away manually.
After knowing which file formats are available, it should first be checked to what extent
the older file formats can be converted into the current XML-based file formats of
Office.

60.
Q & A –
What questions do you have?

61.
Contact us for more information
INFO PAGE
https://aktionen.teal-consulting.de/
enforce-suite/
CONTACT US
E-Mail: info@teal-consulting.de
Phone: 0211/93675225

62.
Thank you!