Windows Client Hardening: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
No edit summary   (change visibility)
Line 5: Line 5:
= Settings =
= Settings =
* Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account
* Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account
* enable bitlocker
* Enable bitlocker
* enable applocker
* Enable applocker


= GPO settings =
= GPO settings =
Line 15: Line 15:
| Don't connect to a wifi without logging on || Do not display network selection UI || gpedit Computer Configuration\Administrative Templates\system\logon
| Don't connect to a wifi without logging on || Do not display network selection UI || gpedit Computer Configuration\Administrative Templates\system\logon
|-
|-
| Example || remap utilman on lockscreen || Example
| Remap utilman on lockscreen || Example  || Example
|-
|-
| Example || Disable USB || Example
| Disable USB || Example  || Example
|-
|-
| Example || Disable NTLM || Example
| Disable NTLM || Example  || Example
|-
|-
| Example || Enable NLA for RDP || Example
| Enable NLA for RDP || Example  || Example
|-
|-
| Example || Example || Example
| Example || Example || Example

Revision as of 15:09, 12 December 2016

Software

  • EMET
  • Firefox

Settings

  • Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account
  • Enable bitlocker
  • Enable applocker

GPO settings

Setting Configure Location
Don't connect to a wifi without logging on Do not display network selection UI gpedit Computer Configuration\Administrative Templates\system\logon
Remap utilman on lockscreen Example Example
Disable USB Example Example
Disable NTLM Example Example
Enable NLA for RDP Example Example
Example Example Example
Example Example Example
Example Example Example
Example Example Example


security