Smithy — Security Hardening Service

Smithy is a Python-based service that hardens the game seat environment before sessions begin. It enforces the GFN security posture by locking down the system, configuring desktop restrictions, and removing attack surface.

Log Location

C:\Asgard\logs\GCIS\Smithy\Smithy.log
C:\Asgard\logs\GCIS\Smithy\Smithy.err

What Smithy Does

1. GCIS Module Initialization

Detects and initializes security profiles based on rig configuration.

2. Browser Module Configuration

Configures the GFN in-rig browser with restricted policies — limiting what users can access via the built-in browser during sessions.

3. Desktop Enforcement

Enforces the GFN kiosk desktop environment:

Restricts taskbar and desktop icons
Blocks access to shell features
Ensures only GFN-managed applications are visible

4. Windows Error Reporting — Disabled

python

# WerSvc (Windows Error Reporting Service) is configured/stopped
# to prevent WER dialogs from interrupting sessions

5. Shared Drive Removal

Smithy removes default Windows administrative shares:

C$    → deleted
ADMIN$ → deleted
IPC$  → deleted

This prevents remote access to the rig via standard Windows shares.

6. LanmanServer Termination

The LanmanServer service (Windows File & Printer Sharing) is stopped and disabled — removing the attack surface from SMB/CIFS file sharing.

7. File Ownership & ACL Hardening

Extensive ACL (Access Control List) modifications:

Changes ownership of critical directories to SYSTEM
Restricts write access from the Kiosk user account
Locks down C:\Asgard\ service directories
Hardens NVIDIA service directories in C:\Program Files\
Applies deny ACEs to prevent privilege escalation paths

8. Sysmon Configuration

Applies the sysmon-ngn.xml monitoring configuration:

xml

<!-- Sysmon 6.00+ required, hashing: MD5+SHA256 -->
<!-- Monitored processes: -->
C:\Asgard\Services\AutoOnboarder\scraper.exe
C:\Asgard\Services\SeatAgent\SeatAgent.exe
C:\Asgard\Services\nvcloudinit\nvcloudinit.exe
C:\Asgard\Tools\accelSwitch.exe
C:\Asgard\Tools\devcon.exe

Sysmon events captured:

Process creation (with command lines and hashes)
Network connections from monitored processes
Registry modifications by monitored processes

Security Model

Smithy enforces a layered security model:

Layer 1: Smithy (system hardening — before session)
Layer 2: GciPlugin (kernel driver monitoring — during session)
Layer 3: ElmPlugin (process violation detection — during session)
Layer 4: UadMLPlugin (ML anomaly detection — during session)

Smithy handles the pre-session hardening. The GCIS plugins handle runtime enforcement.

Smithy Errors

From Smithy.err:

Errors are minimal and non-fatal in normal operation
Critical failures would prevent session from starting

Smithy — Security Hardening Service ​

Log Location ​

What Smithy Does ​

1. GCIS Module Initialization ​

2. Browser Module Configuration ​

3. Desktop Enforcement ​

4. Windows Error Reporting — Disabled ​

5. Shared Drive Removal ​

6. LanmanServer Termination ​

7. File Ownership & ACL Hardening ​

8. Sysmon Configuration ​

Security Model ​

Smithy Errors ​