mirror of
https://github.com/TommyTran732/Windows-Setup.git
synced 2024-12-21 22:31:44 -05:00
Update policies
This commit is contained in:
parent
15cffaf469
commit
122674463a
@ -1,5 +1,5 @@
|
||||
# AutoPlay Policies
|
||||
|
||||
`Computer Configuration\Administrative Templates\Windows Components\AutoPlay`
|
||||
`Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies`
|
||||
|
||||
- Turn off Autoplay -> Enabled
|
||||
|
5
Group Policies Objects/Biometrics.md
Normal file
5
Group Policies Objects/Biometrics.md
Normal file
@ -0,0 +1,5 @@
|
||||
# AutoPlay Policies
|
||||
|
||||
`Computer Configuration\Administrative Templates\Windows Components\Biometrics\Facial Features`
|
||||
|
||||
- Configure enhanced anti-spoofing -> Enabled
|
@ -12,6 +12,5 @@ Choose drive encryption method and cipher strength-> Enable -> XTS-AES 256-bit f
|
||||
|
||||
- Disallow standard users from changing the PIN or password -> Enabled
|
||||
- Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
|
||||
- Require additional authentication at startup (Windows Server 2008 and Windows Vista) -> Enabled -> Uncheck "Allow Bitlocker without a compatible TPM". Not necessary because you shouldn't be running these versions anyways, but just in case you do have them.
|
||||
- Allow enhanced PINs for startup -> Enabled.
|
||||
- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,6,7,11
|
Loading…
Reference in New Issue
Block a user