1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-11-08 01:01:43 -05:00

Enforce SMB encryption

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-04-18 01:43:57 -07:00
parent 662b7b9e87
commit 4b89e17eb5
Signed by: Tomster
GPG Key ID: 555C902A34EC968F

View File

@ -6,7 +6,9 @@ Documentation: https://learn.microsoft.com/en-us/windows/security/application-se
- Domain controller: LDAP server signing requirements: Require signing (**Follow this guide to setup LDAPS if you do not have key server: https://www.dvolve.net/blog/2019/12/using-lets-encrypt-for-active-directory-domain-controller-certificates/**)
- Domain controller: LDAP server channel binding token requirements: Always
- Microsoft network client: Digitally sign communications: Always
- Domain member: Digitally encrypt or sign secure channel data (always) -> Enabled
- Microsoft network client: Digitally sign communications (always) -> Enabled
- Microsoft network server: Digitally sign communications (always) -> Enabled
- Network security: LDAP client signing requirements: Require signing
- Shutdown: Clear virtual memory pagefile -> Enabled
- User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop -> Disabled