Windows Client Hardening: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
Line 5: | Line 5: | ||
= Settings = | = Settings = | ||
* Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account | * Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account | ||
* | * Enable bitlocker | ||
* | * Enable applocker | ||
= GPO settings = | = GPO settings = | ||
Line 15: | Line 15: | ||
| Don't connect to a wifi without logging on || Do not display network selection UI || gpedit Computer Configuration\Administrative Templates\system\logon | | Don't connect to a wifi without logging on || Do not display network selection UI || gpedit Computer Configuration\Administrative Templates\system\logon | ||
|- | |- | ||
| | | Remap utilman on lockscreen || Example || Example | ||
|- | |- | ||
| | | Disable USB || Example || Example | ||
|- | |- | ||
| | | Disable NTLM || Example || Example | ||
|- | |- | ||
| Enable NLA for RDP || Example || Example | |||
|- | |- | ||
| Example || Example || Example | | Example || Example || Example |
Revision as of 15:09, 12 December 2016
Software
- EMET
- Firefox
Settings
- Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account
- Enable bitlocker
- Enable applocker
GPO settings
Setting | Configure | Location |
---|---|---|
Don't connect to a wifi without logging on | Do not display network selection UI | gpedit Computer Configuration\Administrative Templates\system\logon |
Remap utilman on lockscreen | Example | Example |
Disable USB | Example | Example |
Disable NTLM | Example | Example |
Enable NLA for RDP | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
security