How to remediate "Disable the local storage of passwords and credentials" secure score recommendation via Microsoft Intune / Microsoft endpoint manager.
Unfortunately when testing the Remediation script for setting the for Disabling local storage of usernames and passwords failed in Powershell due to the following error, Can anyone help please...
Set-ItemProperty : Requested registry access is not allowed.
At C:\Users\*User*\P-Shell Scripts\Disable User and Pass Remed.ps1:22 char:5
I'm writing this email just to congratulate you for the article about Defender Secure Score.
I was struggling with that specific "Disable the local storage of passwords and credentials".
I don't know if it's in your plans to do more posts about it but it would be really great! I'm struggling with the "Set 'Minimum password length' to '14 or more characters'" since I'm using Intune only.
Diogo, Greetings !
Thank you for my First EVER blog post comment. Really appreciate the feedback and I’m glad it’s helped!
This "Set 'Minimum password length' to '14 or more characters'" will be in a blog post as soon as I get time!
If you found this Blog via the Microsoft Community page. It would be greatly appreciated to upvote the answer to help other also !
Have a great day!
:) Great to be the first. I don't believe I got here from MSFT Community page. I think it was from Reddit.
Well...not want to abuse but if you could do the article about this setting and also this ones...would be great! :P
Set 'Enforce password history' to '24 or more password(s)'
Set 'Minimum password age' to '1 or more day(s)'
Set 'Reset account lockout counter after' to 15 minutes or more
Set 'Account lockout duration' to 15 minutes or more
Tks!
Very cool, thank you. This helped big time!
Unfortunately when testing the Remediation script for setting the for Disabling local storage of usernames and passwords failed in Powershell due to the following error, Can anyone help please...
Set-ItemProperty : Requested registry access is not allowed.
At C:\Users\*User*\P-Shell Scripts\Disable User and Pass Remed.ps1:22 char:5
+ Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (HKEY_LOCAL_MACH...Set\Control\Lsa:String) [Set-ItemProperty], SecurityException
+ FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
WARNING: Remediation failed
I am assuming that this is due to not having rights to amend the registry setting or the Cmdlet SetItem-Property, Can anyone help with this?
Hi Marcus and greetings from Portugal!
I'm writing this email just to congratulate you for the article about Defender Secure Score.
I was struggling with that specific "Disable the local storage of passwords and credentials".
I don't know if it's in your plans to do more posts about it but it would be really great! I'm struggling with the "Set 'Minimum password length' to '14 or more characters'" since I'm using Intune only.
Did you passed by this one?
Keep up the good work!