I'm running a Win2019 Core lab instance where I'm experimenting with the application of an SCT baseline to harden the system. The use case for the production rollout would be for an standalone Internet facing web server, so I'd like to ensure that I've done my best to prep it for exposure. The lab 2019 instance is running in Hyper-V and has been fully patched.
-) Any recommendations on running the PolicyAnalyzer on a server running Core? I can execute the PolicyAnalyzer software from the server CLI console, but I think that, since Windows Explorer isn't available, certain key aspects of the tool become unusable (Example: when I try to select a directory for Policy Templates, the directory/location selection area is blank and I cannot select an alternate directory. See screenshot)
-) When running the Baseline installation PS script, there is an error message that is displayed during the installation:
Installing Exploit Protection settings... Set-ProcessMitigation : Unable to load DLL 'MitigationConfiguration.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E) At C:\sct\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Local_Script\BaselineLocalInstall.ps1:250 char:1 + Set-ProcessMitigation -PolicyFilePath $rootDir\ConfigFiles\EP.xml + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Set-ProcessMitigation], DllNotFoundException + FullyQualifiedErrorId : System.DllNotFoundException,Microsoft.Samples.PowerShell.Commands.SetProcessMitigationsC ommand
Is there any way to understand what this error is and why it is occurring?