File Explorer shell protocol must run in protected mode

Hello,

In the current Lab Challenge one of the tasks is to ensure that “File Explorer shell protocol must run in protected mode.”

The instructions on how to fix the issue don’t work in the challenge. I have tried setting both Local Policy and Domain Group Policy to Disabled and Not Configured, as the instructions say to do, but it doesn’t count it as right. The only way to fix this has been through directly changing the regedit key. Looking at the investigation portion of the instructional page, if I directly set the REGEDIT key to what is Not A Finding, it is only then that I pass that task.
Should this task be taken care of by doing a REGEDIT key change in the GPO?
File Explorer shell protocol must run in protected mode. (stigviewer.com)

Hi @matthew.stricker15

Check the nondescript GPO.

Ricardo

All vulnerabilities can be solved via GPO. If check RSOP.msc to see what is configuring that setting to not be fixed. Most likely I suspect another GPO is configuring it and is taking precedence over your configured settings.

Would it be possible to have this lab still available after the lab challenge is over? This would be so I can look at it some more l, even after the deadline?

Hi @matthew.stricker15

This lab will be available for 28 more days. If you need more time than that let us know to arrange something for you.

Ricardo

@matthew.stricker15 like @ricardo.p said I decided to extend the this lab challenge since it had issues in the beginning.

Also I am working on setting up a page where you can at least view archived lab challenges. I will think about adding the ability to launch them as well.

Oh wow. Haha. After you said that I didn’t realize that it was literally what you meant.

Thanks, I had forgotten about that tool. I did that and found the issue.
I do appreciate these challenges. They are a great learning experience.

Awesome! I am glad to hear it! If you have any ideas for future challenges please let us know.

Have you thought about adding course material for a print server or email server? I know one thing that would be useful for me to learn is how to setup a good email server to relay out alarms from different servers on my network.
Our network is, generally, disconnected from the outside world. So having a central email server that hosts and other servers can send alarms and notifications to would be beneficial. And then that server setup to forwarding those notifications to our business network.
But I do know that whole task involves many parts. Servers, relays, firewall configuration, etc. Any individual concepts learned about that brings me that much closer to my goals.

Very interesting idea. What tools are you using to generate alarms and alerts? At Server Academy we use Graylog to send webhook notifications to our internal discord server. Obviously this won’t work in disconnected environments.

I think installing the SMTP server role on a server could work - what do you think? Appendix D: Create the SMTP Server - BizTalk Server | Microsoft Docs

I think it would be great to create some training on this subject.

We use vSphere for server administration. But our antivirus, and other server types, have the option to also send emails notifications.

I never did reply to this. I was able to make an SMTP relay server that is able to relay those email notifications out to us. I appreciate the help.
Similar question: Is an SNMP trap required for trouble notifications? I ask because my vSphere isn’t sending out trouble notifications. It currently doesn’t an SNMP server configured. If this might be the reason, and if I understand the issue correctly, is there any good rule of thumb for knowing how to configure an SNMP server so a program can trap those trouble notifications to be able to send them out?

It seems that vSphere can be monitored via SNMP if enabled.

I have used SNMP mostly on networking devices but if it has the option to configure it might be worth testing it.