mirror of
https://github.com/TommyTran732/Windows-Setup.git
synced 2024-11-09 09:41:46 -05:00
Update policies
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
5fc82e27fc
commit
5906bad9b8
@ -1,5 +0,0 @@
|
|||||||
# Device Guard
|
|
||||||
|
|
||||||
`Computer Configuration\Administrative Templates\System\Device Guard`
|
|
||||||
|
|
||||||
- Turn On Virtualization Based Security -> Enabled (**Only do this if you are running Windows on bare metal or with nested virtualization**)
|
|
@ -1,5 +0,0 @@
|
|||||||
# Controlled Folder Access
|
|
||||||
|
|
||||||
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access`
|
|
||||||
|
|
||||||
- Configure Controlled folder access -> Enabled -> Block
|
|
11
Group Policies Objects/Device Guard.md
Normal file
11
Group Policies Objects/Device Guard.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# Device Guard
|
||||||
|
|
||||||
|
`Computer Configuration\Administrative Templates\System\Device Guard`
|
||||||
|
|
||||||
|
- Turn On Virtualization Based Security -> Enabled (**Only do this if you are running Windows on bare metal or with nested virtualization**)
|
||||||
|
|
||||||
|
1. Select Platform Security Level: Secure Boot and DMA Protection
|
||||||
|
2. Virtualization Based Protection of Code Integrity: Enabled with UEFI lock
|
||||||
|
3. Credential Guard Configuration: Enabled with UEFI lock
|
||||||
|
4. Secure Launch Configuration: Enabled
|
||||||
|
5. Kernel-mode Hardware-enforced Stack Protection: Enabled in enforcement mode
|
@ -1,4 +1,9 @@
|
|||||||
# Network Protection
|
# Microsoft Defender Antivirus
|
||||||
|
|
||||||
|
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus`
|
||||||
|
|
||||||
|
|
||||||
|
## Network Protection
|
||||||
|
|
||||||
Only relevant if SmartScreen is used.
|
Only relevant if SmartScreen is used.
|
||||||
|
|
||||||
@ -10,3 +15,9 @@ Documentation:
|
|||||||
|
|
||||||
This settings controls whether Network protection is allowed to be configured into block or audit mode on Windows -> Enabled (Only relevant if running Windows Server)
|
This settings controls whether Network protection is allowed to be configured into block or audit mode on Windows -> Enabled (Only relevant if running Windows Server)
|
||||||
Prevent users and apps from accessing dangerous websites -> Enabled -> Block
|
Prevent users and apps from accessing dangerous websites -> Enabled -> Block
|
||||||
|
|
||||||
|
## Controlled Folder Access
|
||||||
|
|
||||||
|
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access`
|
||||||
|
|
||||||
|
- Configure Controlled folder access -> Enabled -> Block
|
Loading…
Reference in New Issue
Block a user