1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-12-22 06:41:47 -05:00

Update policies

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2023-12-30 21:54:28 -07:00
parent 5fc82e27fc
commit 5906bad9b8
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
8 changed files with 24 additions and 12 deletions

View File

@ -1,5 +0,0 @@
# Device Guard
`Computer Configuration\Administrative Templates\System\Device Guard`
- Turn On Virtualization Based Security -> Enabled (**Only do this if you are running Windows on bare metal or with nested virtualization**)

View File

@ -1,5 +0,0 @@
# Controlled Folder Access
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access`
- Configure Controlled folder access -> Enabled -> Block

View File

@ -0,0 +1,11 @@
# Device Guard
`Computer Configuration\Administrative Templates\System\Device Guard`
- Turn On Virtualization Based Security -> Enabled (**Only do this if you are running Windows on bare metal or with nested virtualization**)
1. Select Platform Security Level: Secure Boot and DMA Protection
2. Virtualization Based Protection of Code Integrity: Enabled with UEFI lock
3. Credential Guard Configuration: Enabled with UEFI lock
4. Secure Launch Configuration: Enabled
5. Kernel-mode Hardware-enforced Stack Protection: Enabled in enforcement mode

View File

@ -1,4 +1,9 @@
# Network Protection
# Microsoft Defender Antivirus
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus`
## Network Protection
Only relevant if SmartScreen is used.
@ -9,4 +14,10 @@ Documentation:
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection`
This settings controls whether Network protection is allowed to be configured into block or audit mode on Windows -> Enabled (Only relevant if running Windows Server)
Prevent users and apps from accessing dangerous websites -> Enabled -> Block
Prevent users and apps from accessing dangerous websites -> Enabled -> Block
## Controlled Folder Access
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access`
- Configure Controlled folder access -> Enabled -> Block