-->

Windows 10 Hardening (Part II)

Using the Security Compliance Manager

SCM 4.0 provides ready-to-deploy policies based on Microsoft Security Guide recommendations and industry best practices, allowing you to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.

image

Update baselines

image

Customize baseline

Load one of the Windows 10 baselines

image

Duplicate it

image

Name it and save it:

image

Customize settings

image

Change settings:

image

Compare with the original

image

image

If you choose to merge, you’ll have to choose which setting to retain:

image

Choose another name:

image

Create new GPO

Export the new settings as a new GPO:

image

The result:

image

This GPO can now be applied/imported to any Windows 10 machine, or to a domain GPO.

Use the LGPO tool: If you didn’t get it, included in the baseline package, get it here.

image

 

Using the built-in features

Windows 10 has a number of features that can be used to harden the system:

image

List of additional tips (Lock down Windows 10)

Previous post: Windows 10 Hardening (Part I)

Next post: GPEdit vs SecPol

No comments: