mirror of
https://github.com/TommyTran732/Windows-Setup.git
synced 2024-12-22 06:41:47 -05:00
Update policies
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
5fc82e27fc
commit
5906bad9b8
@ -1,5 +0,0 @@
|
||||
# Device Guard
|
||||
|
||||
`Computer Configuration\Administrative Templates\System\Device Guard`
|
||||
|
||||
- Turn On Virtualization Based Security -> Enabled (**Only do this if you are running Windows on bare metal or with nested virtualization**)
|
@ -1,5 +0,0 @@
|
||||
# Controlled Folder Access
|
||||
|
||||
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access`
|
||||
|
||||
- Configure Controlled folder access -> Enabled -> Block
|
11
Group Policies Objects/Device Guard.md
Normal file
11
Group Policies Objects/Device Guard.md
Normal file
@ -0,0 +1,11 @@
|
||||
# Device Guard
|
||||
|
||||
`Computer Configuration\Administrative Templates\System\Device Guard`
|
||||
|
||||
- Turn On Virtualization Based Security -> Enabled (**Only do this if you are running Windows on bare metal or with nested virtualization**)
|
||||
|
||||
1. Select Platform Security Level: Secure Boot and DMA Protection
|
||||
2. Virtualization Based Protection of Code Integrity: Enabled with UEFI lock
|
||||
3. Credential Guard Configuration: Enabled with UEFI lock
|
||||
4. Secure Launch Configuration: Enabled
|
||||
5. Kernel-mode Hardware-enforced Stack Protection: Enabled in enforcement mode
|
@ -1,4 +1,9 @@
|
||||
# Network Protection
|
||||
# Microsoft Defender Antivirus
|
||||
|
||||
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus`
|
||||
|
||||
|
||||
## Network Protection
|
||||
|
||||
Only relevant if SmartScreen is used.
|
||||
|
||||
@ -9,4 +14,10 @@ Documentation:
|
||||
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection`
|
||||
|
||||
This settings controls whether Network protection is allowed to be configured into block or audit mode on Windows -> Enabled (Only relevant if running Windows Server)
|
||||
Prevent users and apps from accessing dangerous websites -> Enabled -> Block
|
||||
Prevent users and apps from accessing dangerous websites -> Enabled -> Block
|
||||
|
||||
## Controlled Folder Access
|
||||
|
||||
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access`
|
||||
|
||||
- Configure Controlled folder access -> Enabled -> Block
|
Loading…
Reference in New Issue
Block a user