1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-12-21 22:31:44 -05:00

Update policies

This commit is contained in:
Tommy 2024-01-01 09:05:48 -07:00 committed by GitHub
parent 15cffaf469
commit 122674463a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 2 deletions

View File

@ -1,5 +1,5 @@
# AutoPlay Policies
`Computer Configuration\Administrative Templates\Windows Components\AutoPlay`
`Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies`
- Turn off Autoplay -> Enabled

View File

@ -0,0 +1,5 @@
# AutoPlay Policies
`Computer Configuration\Administrative Templates\Windows Components\Biometrics\Facial Features`
- Configure enhanced anti-spoofing -> Enabled

View File

@ -12,6 +12,5 @@ Choose drive encryption method and cipher strength-> Enable -> XTS-AES 256-bit f
- Disallow standard users from changing the PIN or password -> Enabled
- Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
- Require additional authentication at startup (Windows Server 2008 and Windows Vista) -> Enabled -> Uncheck "Allow Bitlocker without a compatible TPM". Not necessary because you shouldn't be running these versions anyways, but just in case you do have them.
- Allow enhanced PINs for startup -> Enabled.
- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,6,7,11