Windows Client Hardening: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
| Line 1: | Line 1: | ||
= Software = | |||
* EMET | |||
* Firefox | |||
= Settings = | |||
* Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account | |||
* enable bitlocker | |||
* enable applocker | |||
= GPO settings = | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| Line 5: | Line 15: | ||
| Don't connect to a wifi without logging on || Do not display network selection UI || gpedit Computer Configuration\Administrative Templates\system\logon | | Don't connect to a wifi without logging on || Do not display network selection UI || gpedit Computer Configuration\Administrative Templates\system\logon | ||
|- | |- | ||
| Example || | | Example || Disable USB || Example | ||
|- | |- | ||
| Example || | | Example || Disable NTLM || Example | ||
|- | |- | ||
| Example || | | Example || Enable NLA for RDP || Example | ||
|- | |- | ||
| Example || | | Example || remap utilman on lockscreen || Example | ||
|- | |- | ||
| Example || Example || Example | | Example || Example || Example | ||
Revision as of 16:07, 12 December 2016
Software
- EMET
- Firefox
Settings
- Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account
- enable bitlocker
- enable applocker
GPO settings
| Setting | Configure | Location |
|---|---|---|
| Don't connect to a wifi without logging on | Do not display network selection UI | gpedit Computer Configuration\Administrative Templates\system\logon |
| Example | Disable USB | Example |
| Example | Disable NTLM | Example |
| Example | Enable NLA for RDP | Example |
| Example | remap utilman on lockscreen | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
security