Sometimes when starting the Veeam service (I have it set to MANUAL, not AUTOMATIC) and/or launching the tray application (I just launch the tray application and the tray app starts the service), something in Windows with the crypto / protect (CNG, NCrypt, CryptoAPI, DP API? I don't know exactly which one) gets either removed, deleted, corrupted, reset or overwritten!
The results is that the following happens:
- All cookies removed from ALL chromium based browsers that I have on my PC (Microsoft Edge, Google Chrome, Chromium)
- All stored passwords removed from ALL chromium based browsers that I have on my PC (Microsoft Edge, Google Chrome, Chromium)
- All my stored passphrase protected global private/public RSA keypairs (Client Keys) are gone from Bitvise SSH client
Firefox somehow is not affected, I get to keep the cookies and passwords.
I have used the following script to list the files in all DP API, CNG, CryptoAPI and NCrypt modules:
Code: Select all
$items = ChildItem -Force -Recurse $env:APPDATA\Microsoft\Crypto\
$items += ChildItem -Force -Recurse $env:APPDATA\Microsoft\Protect\
$items += ChildItem -Force -Recurse $env:ALLUSERSPROFILE\Microsoft\Crypto\
$items += ChildItem -Force -Recurse $env:WINDIR\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto
$items += ChildItem -Force -Recurse $env:WINDIR\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Crypto
$items += ChildItem -Force -Recurse $env:WINDIR\System32\Microsoft\Crypto\
$items += ChildItem -Force -Recurse $env:WINDIR\System32\Microsoft\Protect\
The results, when everything is "working fine":
When everything is fine, before starting Veeam: https://pastebin.com/T6yfmDbc
After running Veeam, and launching Chromium and figuring out that all my cookies and passwords are gone again: https://pastebin.com/j1dLHsAE
The only differences are these:
Code: Select all
@83 Removed: d---s- 24-1-2023 22:17 S-1-5-21-961490082-1215747072-64943361-1001
@83 Added : d---s- 25-1-2023 00:29 S-1-5-21-961490082-1215747072-64943361-1001
@96 Added : -a-hs- 25-1-2023 00:29 468 6350321b-327c-4cd0-88fc-51901cc2fb26
@114 Removed: -a-hs- 24-1-2023 22:17 24 Preferred
@115 Added : -a-hs- 25-1-2023 00:29 24 Preferred
@180 Removed: d---s- 22-11-2022 12:09 S-1-5-18
@181 Added : d---s- 25-1-2023 00:22 S-1-5-18
@725 Removed: -a-hs- 24-1-2023 22:17 536 Diagnostic
@726 Added : -a-hs- 25-1-2023 00:29 564 Diagnostic
This doesn't seem to happen on my laptop (same OS, i7-4710MQ, GTX 980M 4GB, 32 GB DDR3 1600MHz RAM (4 modules), 1x 256GB Kingston SATA SSD) and other pc (same OS, 12100F, 16GB RAM DDR4 3600MHz (2 modules), HP NVIDIA GEFORCE RTX 3080 10GB, 1x 2TB Samsung SATA SSD).
These are my system specifications:
Code: Select all
>systeminfo
Host Name: **********
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: **********
Registered Organization:
Product ID: ******************************
Original Install Date: 15-4-2022, 19:52:42
System Boot Time: 24-1-2023, 00:54:43
System Manufacturer: ASUS
System Model: System Product Name
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 151 Stepping 2 GenuineIntel ~3200 Mhz
BIOS Version: American Megatrends Inc. 1403, 6-4-2022
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
Total Physical Memory: 65,349 MB
Available Physical Memory: 59,091 MB
Virtual Memory: Max Size: 67,397 MB
Virtual Memory: Available: 58,923 MB
Virtual Memory: In Use: 8,474 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\*****************
Hotfix(s): 15 Hotfix(s) Installed.
[01]: KB5022405
[02]: KB5003791
[03]: KB5012170
[04]: KB5015684
[05]: KB5022282
[06]: KB5011651
[07]: KB5012677
[08]: KB5014032
[09]: KB5014035
[10]: KB5014671
[11]: KB5015895
[12]: KB5016705
[13]: KB5018506
[14]: KB5020372
[15]: KB5005699
Network Card(s): 6 NIC(s) Installed.
[01]: Realtek Gaming 2.5GbE Family Controller
Connection Name: Ethernet
Status: Hardware not present
[02]: Intel(R) Wi-Fi 6 AX201 160MHz
Connection Name: Wi-Fi
Status: Hardware not present
[03]: VMware Virtual Ethernet Adapter for VMnet2
Connection Name: VMnet2
Status: Hardware not present
[04]: Intel(R) Ethernet Converged Network Adapter X550-T2
Connection Name: **************************************
DHCP Enabled: No
IP address(es)
[01]: **************************************
[02]: **************************************
[05]: Intel(R) Ethernet Converged Network Adapter X550-T2
Connection Name: LAN
DHCP Enabled: Yes
DHCP Server: **************************************
IP address(es)
[01]: **************************************
[02]: **************************************
[03]: **************************************
[04]: **************************************
[06]: Bluetooth Device (Personal Area Network)
Connection Name: Bluetooth Network Connection 8
Status: Hardware not present
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
Code: Select all
Intel Core i9-12900KF SRL4J
ASUS TUF GAMING B660M-PLUS WIFI D4
Intel B660 (Alder Lake-S PCH)
64 GB DDR4-3597 / PC4-28700 UDIMM (4 modules: Corsair CMK32GX4M2D3600C18)
Inno3D GEFORCE RTX 3080 X3 OC 10GB LHR
Conceptronic Bluetooth V4.0 Nano USB Adapter 100M
ACT AC6120 4-port USB-A hub USB 3.2 gen1
Intel X550-T2 10GbE Network Adapter
be quiet! Straight Power 11 Platinum 850W
Samsung 850 EVO 1TB (SATA) (Bitlocker Encrypted Data Drive - Password + Recovery Key)
Samsung 980 1TB (NVMe) (Boot Drive) (Bitlocker Encrypted OS Drive - Password + Recovery Key)
WD Blue SN550 2TB (WDS200T2B0C) (NVMe) (Bitlocker Encrypted Data Drive - Password + Recovery Key)
Code: Select all
gpresult /Scope User /v
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
© Microsoft Corporation. All rights reserved.
Created on 25-1-2023 at 23:19:09
RSOP data for ************************************** on ************************************** : Logging Mode
--------------------------------------------------
OS Configuration: Standalone Workstation
OS Version: 10.0.19045
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\**************************************
Connected over a slow link?: No
USER SETTINGS
--------------
Last time Group Policy was applied: 24-1-2023 at 00:54:58
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: **************************************
Domain Type: <Local Computer>
Applied Group Policy Objects
-----------------------------
Local Group Policy
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
Local account and member of Administrators group
BUILTIN\Administrators
Hyper-V Administrators
Performance Log Users
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
Local account
LOCAL
NTLM Authentication
High Mandatory Level
The user has the following security privileges
----------------------------------------------
Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Remove computer from docking station
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Change the time zone
Create symbolic links
Obtain an impersonation token for another user in the same session
Increase a process working set
Resultant Set Of Policies for User
-----------------------------------
Software Installations
----------------------
N/A
Logon Scripts
-------------
N/A
Logoff Scripts
--------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Local Group Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Explorer\ShowRunAsDifferentUserInStart
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMBalloonTip
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Explorer\NoBalloonFeatureAdvertisements
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Explorer\HidePeopleBar
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Explorer\NoWindowMinimizingShortcuts
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAMeetNow
Value: 1, 0, 0, 0
State: Enabled
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
----------------------------------------
N/A
Internet Explorer Connection
----------------------------
N/A
Internet Explorer URLs
----------------------
N/A
Internet Explorer Security
--------------------------
N/A
Internet Explorer Programs
--------------------------
N/A
Code: Select all
gpresult /Scope Computer /v
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
© Microsoft Corporation. All rights reserved.
Created on 25-1-2023 at 23:20:38
RSOP data for on ************************************** : Logging Mode
---------------------------------------
OS Configuration: Standalone Workstation
OS Version: 10.0.19045
Site Name: N/A
Roaming Profile:
Local Profile:
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 24-1-2023 at 00:54:55
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: **************************************
Domain Type: <Local Computer>
Applied Group Policy Objects
-----------------------------
Local Group Policy
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
System Mandatory Level
Resultant Set Of Policies for Computer
---------------------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
N/A
Audit Policy
------------
N/A
User Rights
-----------
N/A
Security Options
----------------
N/A
N/A
Event Log Settings
------------------
N/A
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\WindowsStore\DisableOSUpgrade
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoRebootWithLoggedOnUsers
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\GameDVR\AllowGameDVR
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\OSPassphrase
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Ext\IgnoreFrameApprovalCheck
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUAsDefaultShutdownOption
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\RDVPassphraseComplexity
Value: 2, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\Reporting\DisableEnhancedNotifications
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\InputPersonalization\RestrictImplicitTextCollection
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Biometrics\Credential Provider\Domain Accounts
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\UX Configuration\SuppressRebootNotification
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Internet Explorer\AllowServicePoweredQSA
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CloudContent\DisableCloudOptimizedContent
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Microsoft\OneDrive\PreventNetworkTrafficPreUserSignIn
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Biometrics\Enabled
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AlwaysAutoRebootAtScheduledTimeMinutes
State: disabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\ConcatenateDefaults_AllowSaved
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRawWriteNotification
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\ConnectedSearchUseWeb
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender Security Center\Family options\UILockdown
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\ActiveHoursStart
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\DisableWebSearch
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCortanaInAAD
State: disabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials\2
Value: 42, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows NT\Security Center\SecurityCenterInDomain
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials\1
Value: 84, 0, 69, 0, 82, 0, 77, 0, 83, 0, 82, 0, 86, 0, 47, 0, 42, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\AllowFastServiceStartup
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\OneDrive\DisableFileSyncNGSC
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly\3
Value: 42, 0, 47, 0, 42, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CloudContent\DisableSoftLanding
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCortanaAboveLock
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCortana
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel
State: disabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\InputPersonalization\RestrictImplicitInkCollection
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\ConcatenateDefaults_AllowSavedNTLMOnly
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\SecondaryIntranetSearchScopeUrl
State: disabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\UseEnhancedPin
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\OneDrive\DisableFileSync
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\OneDrive\DisableMeteredNetworkFileSync
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Feeds\EnableFeeds
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Biometrics\Credential Provider\Enabled
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\LocationAndSensors\DisableSensors
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\InputPersonalization\AllowInputPersonalization
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\SQMClient\Windows\StudyId
State: disabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly\1
Value: 84, 0, 69, 0, 82, 0, 77, 0, 83, 0, 82, 0, 86, 0, 47, 0, 42, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\UseTPMKey
Value: 2, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\System\EnableSmartScreen
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\OneDrive\DisableLibrariesDefaultSaveToOneDrive
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\FDVEnforcePassphrase
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows NT\Printers\KMPrintersAreBlocked
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\FDVPassphrase
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Personalization\NoLockScreen
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\UseAdvancedStartup
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\EnabledV9
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\RDVPassphraseLength
Value: 8, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\OSPassphraseLength
Value: 8, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\FDVPassphraseComplexity
Value: 2, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\SQMClient\CorporateSQMURL
State: disabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\LocationAndSensors\DisableWindowsLocationProvider
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\LocationAndSensors\DisableLocationScripting
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\UX Configuration\Notification_Suppress
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCortanaInAADPathOOBE
State: disabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender Security Center\Notifications\DisableNotifications
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender\ServiceKeepAlive
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly\2
Value: 42, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\FDVPassphraseLength
Value: 8, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\UseTPMKeyPIN
Value: 2, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowSearchToUseLocation
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCloudSearch
State: disabled
GPO: Local Group Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Ext\DisableAddonLoadTimePerformanceNotifications
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: System\CurrentControlSet\Control\FileSystem\LongPathsEnabled
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\ConnectedSearchUseWebOverMeteredConnections
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowOnlineTips
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\PreventOverride
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\RDVPassphrase
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AlwaysAutoRebootAtScheduledTime
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\EdgeUI\AllowEdgeSwipe
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows Defender Security Center\Notifications\DisableEnhancedNotifications
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials\3
Value: 42, 0, 47, 0, 42, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\EdgeUI\DisableHelpSticker
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\HomeGroup\DisableHomeGroup
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\CloudContent\DisableWindowsConsumerFeatures
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\EnableBDEWithNoTPM
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\OSPassphraseComplexity
Value: 2, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\SetActiveHours
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\UseTPM
Value: 2, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\SetAutoRestartNotificationDisable
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\OSPassphraseASCIIOnly
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
Value: 255, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\ActiveHoursEnd
Value: 23, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\RDVEnforcePassphrase
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\LocationAndSensors\DisableLocation
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AutoIndexSharedFolders
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\FVE\UseTPMPIN
Value: 2, 0, 0, 0
State: Enabled
GPO: Local Group Policy
Folder Id: Software\Policies\Microsoft\Windows\Windows Search\PrimaryIntranetSearchScopeUrl
State: disabled
Startup programs:
- Monitorian
- T-Clock Redux
Background Programs (that do not come with Windows):
- KeePass2
- Telegram
- Monitorian
- T-Clock Redux
- Microsoft Office Click-To-Run (SxS)
- NVIDIA Container
- SQL Server VSS Writer - 64 bit
- SQL Server Windows NT - 64 bit
- VMWare Services (4x)
Disk Layout:
Every time I have to restore the cookies using an extension that allows backing up and importing cookies to/from a file. Passwords I import through a CSV file into Chromium.
This issue I initially attributed to a buggy chromium but the more it happened the more I realized it only happens (sometimes) when I run Veeam after it has not ran for a long time (days or weeks or more).
This issue also affects other programs that use Windows Encryption APIs like Bitvise SSH for private RSA key storage.
The only "differences" that quickly come to mind compared to other computers:
- Two more NVMe SSDs (could it be??)
- 64GB of RAM instead of 32GB or 16GB (could it be??)
- Installed VMWare Workstation software (no running virtual machines) (Doubt this is the problem)
- Installed Visual Studio 2022 (Doubt this is the problem)
- Installed WSL2 (Doubt this is the problem)
- T-Clock Redux? (Doubt this is the problem)
- Two screens connected (laptop and other PC only have one screen each) (Doubt this is the problem)
- GPO (but should mostly be the same between machines..) (could it be??)