Windows Client Hardening: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
Line 2: | Line 2: | ||
* EMET | * EMET | ||
* Firefox | * Firefox | ||
* Sandboxie | |||
* VMware | |||
* RSAT | |||
= Settings = | = Settings = | ||
* Reset TPM chip in bios | |||
* Change boot order in bios, only allow hard disk | |||
* Set password on bios | |||
* Enable secure boot | |||
* Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account | * Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account | ||
* Enable bitlocker | * Enable bitlocker | ||
* Enable applocker | * Enable <s>applocker</s> Software Restriction Policies and add ps1 to disallowed list... AppLocker doesn't not block .htm or .hta and does not allow custom extentions :-( | ||
* Enable return to lockscreen on screensaver, and set screensaver to 1 minute | |||
* Instal [https://www.google.be/search?q=rsat+windows+10 RSAT] | |||
= GPO settings = | = GPO settings = |
Revision as of 16:33, 12 December 2016
Software
- EMET
- Firefox
- Sandboxie
- VMware
- RSAT
Settings
- Reset TPM chip in bios
- Change boot order in bios, only allow hard disk
- Set password on bios
- Enable secure boot
- Don't use UAC, instead use 2 accounts: 1 admin account, 1 day to day work account
- Enable bitlocker
- Enable
applockerSoftware Restriction Policies and add ps1 to disallowed list... AppLocker doesn't not block .htm or .hta and does not allow custom extentions :-( - Enable return to lockscreen on screensaver, and set screensaver to 1 minute
- Instal RSAT
GPO settings
Setting | Configure | Location |
---|---|---|
Don't connect to a wifi without logging on | Do not display network selection UI | gpedit Computer Configuration\Administrative Templates\system\logon |
Remap utilman on lockscreen | Example | Example |
Disable USB | Example | Example |
Disable NTLM | Example | Example |
Enable NLA for RDP | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
security