diff --git a/Group Policies Objects/Default Domain Policy/*Windows Copilot.md b/Group Policies Objects/Default Domain Policy/*Windows Copilot.md deleted file mode 100644 index 6941c8a..0000000 --- a/Group Policies Objects/Default Domain Policy/*Windows Copilot.md +++ /dev/null @@ -1,7 +0,0 @@ -# Windows Copilot - -`User Configuration\Administrative Templates\Windows Components\Windows Copilot` - -**This somehow still doesn't show up in the latest policy template - -- Turn off Windows Copilot -> Enabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/App Privacy.md b/Group Policies Objects/Default Domain Policy/App Privacy.md index ec566e4..24fa012 100644 --- a/Group Policies Objects/Default Domain Policy/App Privacy.md +++ b/Group Policies Objects/Default Domain Policy/App Privacy.md @@ -1,6 +1,6 @@ # App Privacy -`Computer Configuration\Administrative Templates\Windows Components\App Privacy` +`Computer Configuration\Policies\Administrative Templates\Windows Components\App Privacy` These contains some settings that are not in the Settings app (and vice versa). Most of these stuff I will never use, therefore I am forcing them to be off. You do not need to follow me on this, but you should at least check out all of the policies there. diff --git a/Group Policies Objects/Default Domain Policy/Application Compatibility.md b/Group Policies Objects/Default Domain Policy/Application Compatibility.md index c8849a6..ef27c6e 100644 --- a/Group Policies Objects/Default Domain Policy/Application Compatibility.md +++ b/Group Policies Objects/Default Domain Policy/Application Compatibility.md @@ -1,6 +1,6 @@ # Application Compatibility -`Computer Configuration\Administrative Templates\Windows Components\Application Compatibility` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Application Compatibility` **These look quite old so I am not sure if they apply to modern Windows versions or not. It doesn't hurt to set them either ways.** diff --git a/Group Policies Objects/Default Domain Policy/AutoPlay.md b/Group Policies Objects/Default Domain Policy/AutoPlay.md index 9e0029d..672e4e7 100644 --- a/Group Policies Objects/Default Domain Policy/AutoPlay.md +++ b/Group Policies Objects/Default Domain Policy/AutoPlay.md @@ -1,5 +1,5 @@ # AutoPlay Policies -`Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies` +`Computer Configuration\Policies\Administrative Templates\Windows Components\AutoPlay Policies` - Turn off Autoplay -> Enabled diff --git a/Group Policies Objects/Default Domain Policy/Biometrics.md b/Group Policies Objects/Default Domain Policy/Biometrics.md index b6566c3..db3c318 100644 --- a/Group Policies Objects/Default Domain Policy/Biometrics.md +++ b/Group Policies Objects/Default Domain Policy/Biometrics.md @@ -1,5 +1,5 @@ # AutoPlay Policies -`Computer Configuration\Administrative Templates\Windows Components\Biometrics\Facial Features` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Biometrics\Facial Features` - Configure enhanced anti-spoofing -> Enabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Bitlocker.md b/Group Policies Objects/Default Domain Policy/Bitlocker.md index 2843998..df43cd6 100644 --- a/Group Policies Objects/Default Domain Policy/Bitlocker.md +++ b/Group Policies Objects/Default Domain Policy/Bitlocker.md @@ -2,7 +2,7 @@ **On Domain Controllers, Bitlocker and tools need to be installed as a feature in Server Manager first.** -`Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Bitlocker Drive Encryption` Choose drive encryption method and cipher strength-> Enable -> XTS-AES 256-bit for operating system, fixed data, and removable drives. For Windows Vista, Windows Server 2008, etc... use AES 256-bit if you wanna set it. diff --git a/Group Policies Objects/Default Domain Policy/Cloud Content.md b/Group Policies Objects/Default Domain Policy/Cloud Content.md index 3f7c918..9d2f0ad 100644 --- a/Group Policies Objects/Default Domain Policy/Cloud Content.md +++ b/Group Policies Objects/Default Domain Policy/Cloud Content.md @@ -2,14 +2,14 @@ I mostly disable all cloud content because they are way too annoying. There are also a few group policies relating to "personalization", so I am not entirely sure on the privacy implication of that either. -`Computer Configuration\Administrative Templates\Windows Components\Cloud Content` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Cloud Content` - Turn off cloud optimized content -> Enabled - Turn off cloud consumer account state content -> Enabled - Do not show Windows tips -> Enabled - Turn of Microsoft consumer experiences -> Enabled -`User Configuration\Administrative Templates\Windows Components\Cloud Content` +`User Configuration\Policies\Administrative Templates\Windows Components\Cloud Content` - Do not use diagnostic data for tailored experiences -> Enabled - Turn off all Windows spotlight features -> Enabled diff --git a/Group Policies Objects/Default Domain Policy/Control Panel.md b/Group Policies Objects/Default Domain Policy/Control Panel.md index 218bb56..7ce2e80 100644 --- a/Group Policies Objects/Default Domain Policy/Control Panel.md +++ b/Group Policies Objects/Default Domain Policy/Control Panel.md @@ -1,6 +1,6 @@ # Control Panel -`Computer Configuration\Administrative Templates\Control Panel` +`Computer Configuration\Policies\Administrative Templates\Control Panel` - Allow Online Tips -> Disabled (Not sure about privacy implications, but no reason for it to be on) diff --git a/Group Policies Objects/Default Domain Policy/Credentials Delegation.md b/Group Policies Objects/Default Domain Policy/Credentials Delegation.md index b7e283c..5dde225 100644 --- a/Group Policies Objects/Default Domain Policy/Credentials Delegation.md +++ b/Group Policies Objects/Default Domain Policy/Credentials Delegation.md @@ -1,5 +1,5 @@ # Credentials Delegation -`Computer Configuration\Administrative Templates\System\Credentials Delegation` +`Computer Configuration\Policies\Administrative Templates\System\Credentials Delegation` - Encryption Oracle Remediation -> Enabled -> Force Updated Clients diff --git a/Group Policies Objects/Default Domain Policy/Data Collection and Preview Builds.md b/Group Policies Objects/Default Domain Policy/Data Collection and Preview Builds.md index d554efd..04fee33 100644 --- a/Group Policies Objects/Default Domain Policy/Data Collection and Preview Builds.md +++ b/Group Policies Objects/Default Domain Policy/Data Collection and Preview Builds.md @@ -1,6 +1,6 @@ # Data Collection and Preview Builds -`Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Data Collection and Preview Builds` - Toggle user control over Insider builds -> Disabled - Allow Diagnostic Data -> Enabled -> Diagnostic Data off (Only affects Enterprise, Education, and Server) diff --git a/Group Policies Objects/Default Domain Policy/Device Guard.md b/Group Policies Objects/Default Domain Policy/Device Guard.md index b8ba067..74ee8c1 100644 --- a/Group Policies Objects/Default Domain Policy/Device Guard.md +++ b/Group Policies Objects/Default Domain Policy/Device Guard.md @@ -1,6 +1,6 @@ # Device Guard -`Computer Configuration\Administrative Templates\System\Device Guard` +`Computer Configuration\Policies\Administrative Templates\System\Device Guard` - Turn On Virtualization Based Security -> Enabled diff --git a/Group Policies Objects/Default Domain Policy/Device Health Attestation Service.md b/Group Policies Objects/Default Domain Policy/Device Health Attestation Service.md index 0b77d81..6ac2e54 100644 --- a/Group Policies Objects/Default Domain Policy/Device Health Attestation Service.md +++ b/Group Policies Objects/Default Domain Policy/Device Health Attestation Service.md @@ -1,5 +1,5 @@ # Device Health Attestation Service -`Computer Configuration\Administrative Templates\System\Device Health Attestation Service` +`Computer Configuration\Policies\Administrative Templates\System\Device Health Attestation Service` - Enable Device Health Attestation Monitoring and Reporting -> Disabled (Not inherently bad, but unless you have access to the cloud based reporting portal, why even bother keeping it on?) \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Early Launch Antimalware.md b/Group Policies Objects/Default Domain Policy/Early Launch Antimalware.md index 2d531e0..3eb91ec 100644 --- a/Group Policies Objects/Default Domain Policy/Early Launch Antimalware.md +++ b/Group Policies Objects/Default Domain Policy/Early Launch Antimalware.md @@ -1,6 +1,6 @@ # Early Launch Antimalware -`Computer Configuration\Administrative Templates\System\Early Launch Antimalware` +`Computer Configuratio\Policiesn\Administrative Templates\System\Early Launch Antimalware` Probably doesn't do anything unless you use a 3rd party Antimalware with this feature, but there is no harm in enabling it just in case you need it. diff --git a/Group Policies Objects/Default Domain Policy/File Explorer.md b/Group Policies Objects/Default Domain Policy/File Explorer.md index 672c3c5..08ffe3c 100644 --- a/Group Policies Objects/Default Domain Policy/File Explorer.md +++ b/Group Policies Objects/Default Domain Policy/File Explorer.md @@ -1,9 +1,9 @@ # File Explorer -`Computer Configuration\Administrative Templates\Windows Components\File Explorer` +`Computer Configuration\Policies\Administrative Templates\Windows Components\File Explorer` - Turn off account-based insights, recent, favorite, and recommended files in File Explorer -> Enabled (Not sure if this is actually privacy invasive or not, but best to keep it off anyways.) -`User Configuration\Administrative Templates\Windows Components\File Explorer` +`User Configuration\Policies\Administrative Templates\Windows Components\File Explorer` - Turn off display of recent search entries in the File Explorer search box -> Enabled (**EXTREMELY INVASIVE**. This stores your search history in the registry according to the docs, and is also responsible for the Bing search in the Start Menu just like the policies in Search even though the description does not mention it.) \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Filesystem.md b/Group Policies Objects/Default Domain Policy/Filesystem.md index 3546aec..ba2154f 100644 --- a/Group Policies Objects/Default Domain Policy/Filesystem.md +++ b/Group Policies Objects/Default Domain Policy/Filesystem.md @@ -1,5 +1,5 @@ # Filesystem -`Computer Configuration\Administrative Templates\System\Filesystem` +`Computer Configuration\Policies\Administrative Templates\System\Filesystem` - Enable Dev drive -> Disabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Find My Device.md b/Group Policies Objects/Default Domain Policy/Find My Device.md index 471ba64..45c9054 100644 --- a/Group Policies Objects/Default Domain Policy/Find My Device.md +++ b/Group Policies Objects/Default Domain Policy/Find My Device.md @@ -1,5 +1,5 @@ # Find My Device -`Computer Configuration\Administrative Templates\Windows Components\Find My Device` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Find My Device` - Turn On/Off Find My Device -> Disabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Internet Communication settings.md b/Group Policies Objects/Default Domain Policy/Internet Communication settings.md index 9d4799c..e505f39 100644 --- a/Group Policies Objects/Default Domain Policy/Internet Communication settings.md +++ b/Group Policies Objects/Default Domain Policy/Internet Communication settings.md @@ -1,6 +1,6 @@ # Internet Communication settings -`Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings` +`Computer Configuration\Policies\Administrative Templates\System\Internet Communication Management\Internet Communication settings` **Old and very likely to be obsolete.** diff --git a/Group Policies Objects/Default Domain Policy/Kernel DMA Protection.md b/Group Policies Objects/Default Domain Policy/Kernel DMA Protection.md index 61c2201..f5207a3 100644 --- a/Group Policies Objects/Default Domain Policy/Kernel DMA Protection.md +++ b/Group Policies Objects/Default Domain Policy/Kernel DMA Protection.md @@ -1,5 +1,5 @@ # Kernel DMA Protection -`Computer Configuration\Administrative Templates\System\Kernel DMA Protection` +`Computer Configuration\Policies\Administrative Templates\System\Kernel DMA Protection` - Enumeration policy for external devices incompatible with Kernel DMA Protection -> Enabled -> Block all \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Legacy Microsoft Edge.md b/Group Policies Objects/Default Domain Policy/Legacy Microsoft Edge.md index 080587f..53f04a1 100644 --- a/Group Policies Objects/Default Domain Policy/Legacy Microsoft Edge.md +++ b/Group Policies Objects/Default Domain Policy/Legacy Microsoft Edge.md @@ -1,6 +1,6 @@ # Legacy Microsoft Edge -`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Edge` **Legacy Microsoft Edge, not the Chromium based one. Obsolete.** diff --git a/Group Policies Objects/Default Domain Policy/Location and Sensors.md b/Group Policies Objects/Default Domain Policy/Location and Sensors.md index 27b0fce..7090623 100644 --- a/Group Policies Objects/Default Domain Policy/Location and Sensors.md +++ b/Group Policies Objects/Default Domain Policy/Location and Sensors.md @@ -1,6 +1,6 @@ # Location and Sensors -`Computer Configuration\Administrative Templates\Windows Components\Location and Sensors` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Location and Sensors` I do not see these ever being used on my system, therefore they are disabled. Obviously, you don't have to apply them if you want to use location and sensors. diff --git a/Group Policies Objects/Default Domain Policy/MDM.md b/Group Policies Objects/Default Domain Policy/MDM.md index f8b07a4..e71b2a8 100644 --- a/Group Policies Objects/Default Domain Policy/MDM.md +++ b/Group Policies Objects/Default Domain Policy/MDM.md @@ -1,6 +1,6 @@ # MDM -`Computer Configuration\Administrative Templates\Windows Components\MDM` +`Computer Configuration\Policies\Administrative Templates\Windows Components\MDM` Unless you run your own MDM system or something, this probably should not be on with a personal computer. diff --git a/Group Policies Objects/Default Domain Policy/Messaging.md b/Group Policies Objects/Default Domain Policy/Messaging.md index e8757c5..51aa46d 100644 --- a/Group Policies Objects/Default Domain Policy/Messaging.md +++ b/Group Policies Objects/Default Domain Policy/Messaging.md @@ -1,5 +1,5 @@ # Messaging -`Computer Configuration\Administrative Templates\Windows Components\Messaging` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Messaging` - Allow Message Service Cloud Sync -> Disabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Microsoft Defender Antivirus.md b/Group Policies Objects/Default Domain Policy/Microsoft Defender Antivirus.md index d8d7423..06e1fe0 100644 --- a/Group Policies Objects/Default Domain Policy/Microsoft Defender Antivirus.md +++ b/Group Policies Objects/Default Domain Policy/Microsoft Defender Antivirus.md @@ -2,7 +2,7 @@ **MAPS and features dependent on it are not enabled using this policy. It just configures how aggressive MAPS should be. This is quite invasive so I will only enable it for certain OUs.** -`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus` ## MAPS diff --git a/Group Policies Objects/Default Domain Policy/Microsoft Edge.md b/Group Policies Objects/Default Domain Policy/Microsoft Edge.md index 3f5a22e..1b5d9ac 100644 --- a/Group Policies Objects/Default Domain Policy/Microsoft Edge.md +++ b/Group Policies Objects/Default Domain Policy/Microsoft Edge.md @@ -1,5 +1,8 @@ # Microsoft Edge +`Computer Configuration\Policies\Administrative Templates\Microsoft Edge` +`Computer Configuration\Policies\Administrative Templates\Microsoft Edge - Default Settings (users can override)` + You will need to download the Edge policies from https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ and install it. For the actual policies to set, you can follow my repo at https://github.com/TommyTran732/Microsoft-Edge-Policies at set the equivalent group policies of what is being set there. \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Microsoft account.md b/Group Policies Objects/Default Domain Policy/Microsoft account.md index 1275434..964e90a 100644 --- a/Group Policies Objects/Default Domain Policy/Microsoft account.md +++ b/Group Policies Objects/Default Domain Policy/Microsoft account.md @@ -1,5 +1,5 @@ # Microsoft account -`Computer Configuration\Administrative Templates\Windows Components\Microsoft account` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft account` - Block all consumer Microsoft account user authentication -> Enabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Mitigation Options.md b/Group Policies Objects/Default Domain Policy/Mitigation Options.md index f47ee37..ce12ca4 100644 --- a/Group Policies Objects/Default Domain Policy/Mitigation Options.md +++ b/Group Policies Objects/Default Domain Policy/Mitigation Options.md @@ -1,5 +1,5 @@ # Mitigation Options -`Computer Configuration\Administrative Templates\System\Mitigation Options` +`Computer Configuration\Policies\Administrative Templates\System\Mitigation Options` - Untrusted Font Blocking -> Enabled -> Block untrusted fonts and log events (This may break some games) \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/OS Policies.md b/Group Policies Objects/Default Domain Policy/OS Policies.md index 32c6eb2..fa66a33 100644 --- a/Group Policies Objects/Default Domain Policy/OS Policies.md +++ b/Group Policies Objects/Default Domain Policy/OS Policies.md @@ -1,6 +1,6 @@ # OS Policies -`Computer Configuration\Administrative Templates\System\OS Policies` +`Computer Configuration\Policies\Administrative Templates\System\OS Policies` - ALlow Clipboard History -> Disabled - Allow Clipboard synchronization across devices -> Disabled diff --git a/Group Policies Objects/Default Domain Policy/Printers.md b/Group Policies Objects/Default Domain Policy/Printers.md index 414d530..437b78b 100644 --- a/Group Policies Objects/Default Domain Policy/Printers.md +++ b/Group Policies Objects/Default Domain Policy/Printers.md @@ -1,6 +1,6 @@ # Printers -`Computer Configuration\Administrative Templates\Printers` +`Computer Configuration\Policies\Administrative Templates\Printers` - Isolate print drivers from applications -> Enabled - Configure Redirection Guard -> Enabled diff --git a/Group Policies Objects/Default Domain Policy/Remote Assistance.md b/Group Policies Objects/Default Domain Policy/Remote Assistance.md index fb28802..81b4c18 100644 --- a/Group Policies Objects/Default Domain Policy/Remote Assistance.md +++ b/Group Policies Objects/Default Domain Policy/Remote Assistance.md @@ -1,5 +1,5 @@ # Remote Assistance -`Computer Configuration\Administrative Templates\System\Remote Assistance` +`Computer Configuration\Policies\Administrative Templates\System\Remote Assistance` - Allow only Windows Vista or later connections -> Enabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Search.md b/Group Policies Objects/Default Domain Policy/Search.md index 789c804..0a6145c 100644 --- a/Group Policies Objects/Default Domain Policy/Search.md +++ b/Group Policies Objects/Default Domain Policy/Search.md @@ -1,6 +1,6 @@ # Search -`Computer Configuration\Administrative Templates\Windows Components\Search` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Search` Very confusing, you need to consult https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-cortana-and-search-group-policies diff --git a/Group Policies Objects/Default Domain Policy/Security Options.md b/Group Policies Objects/Default Domain Policy/Security Options.md index b149b90..e95a755 100644 --- a/Group Policies Objects/Default Domain Policy/Security Options.md +++ b/Group Policies Objects/Default Domain Policy/Security Options.md @@ -2,7 +2,7 @@ Documentation: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/user-account-control/settings-and-configuration?tabs=gpo -`Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options` +`Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options` - User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode -> Prompt for credentials - User Account Control: Only elevate executables that are signed and validated -> Enabled diff --git a/Group Policies Objects/Default Domain Policy/Service Control Manager Settings.md b/Group Policies Objects/Default Domain Policy/Service Control Manager Settings.md index 4fc233b..8963504 100644 --- a/Group Policies Objects/Default Domain Policy/Service Control Manager Settings.md +++ b/Group Policies Objects/Default Domain Policy/Service Control Manager Settings.md @@ -1,5 +1,5 @@ # Service Control Manager Settings -`Computer Configuration\Administrative Templates\System\Service Control Manager Settings` +`Computer Configuration\Policies\Administrative Templates\System\Service Control Manager Settings` - Security Settings -> Enable svchost.exe mitigation options -> Enabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Software Protection Platform.md b/Group Policies Objects/Default Domain Policy/Software Protection Platform.md index f7df076..2ef7934 100644 --- a/Group Policies Objects/Default Domain Policy/Software Protection Platform.md +++ b/Group Policies Objects/Default Domain Policy/Software Protection Platform.md @@ -1,5 +1,5 @@ # Software Protection Platform -`Computer Configuration\Administrative Templates\Windows Components\Software Protection Platform` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Software Protection Platform` - Turn off KMS Client Online AVS Validation -> Enabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Start Menu and Taskbar.md b/Group Policies Objects/Default Domain Policy/Start Menu and Taskbar.md index 4560d53..2c8e90a 100644 --- a/Group Policies Objects/Default Domain Policy/Start Menu and Taskbar.md +++ b/Group Policies Objects/Default Domain Policy/Start Menu and Taskbar.md @@ -1,6 +1,6 @@ # Start Menu and Taskbar -`Computer Configuration\Administrative Templates\Start Menu and Taskbar` +`Computer Configuration\Policies\Administrative Templates\Start Menu and Taskbar` This is not strictly problematic, though I get quite irritated with most used apps/recently added apps/recently opened documents/etc showing up on my start menu. Someone may inadvertently see something when I show them my screen. diff --git a/Group Policies Objects/Default Domain Policy/Sync your settings.md b/Group Policies Objects/Default Domain Policy/Sync your settings.md index 0c269d1..1a593bd 100644 --- a/Group Policies Objects/Default Domain Policy/Sync your settings.md +++ b/Group Policies Objects/Default Domain Policy/Sync your settings.md @@ -1,5 +1,5 @@ # Sync your settings -`Computer Configuration\Administrative Templates\Windows Components\Sync your settings` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Sync your settings` - Do not sync -> Enabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Text Input.md b/Group Policies Objects/Default Domain Policy/Text Input.md index bc5f67e..93bcb9a 100644 --- a/Group Policies Objects/Default Domain Policy/Text Input.md +++ b/Group Policies Objects/Default Domain Policy/Text Input.md @@ -1,5 +1,5 @@ # Text Input -`Computer Configuration\Administrative Templates\Windows Components\Text Input` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Text Input` - Improve inking and typing recognition -> Disabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Widgets.md b/Group Policies Objects/Default Domain Policy/Widgets.md index a4c6901..1b5a2a3 100644 --- a/Group Policies Objects/Default Domain Policy/Widgets.md +++ b/Group Policies Objects/Default Domain Policy/Widgets.md @@ -1,6 +1,6 @@ # Widgets -`Computer Configuration\Administrative Templates\Windows Components\Widgets` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Widgets` Probably not a huge privacy/security issue, it just fetches news and stuff from the internet. I disable it as it is extremely annoying. diff --git a/Group Policies Objects/Default Domain Policy/Windows Calendar.md b/Group Policies Objects/Default Domain Policy/Windows Calendar.md index 42f32cf..cc2d605 100644 --- a/Group Policies Objects/Default Domain Policy/Windows Calendar.md +++ b/Group Policies Objects/Default Domain Policy/Windows Calendar.md @@ -1,6 +1,6 @@ # Windows Calendar -`Computer Configuration\Administrative Templates\Windows Components\Windows Calendar` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Calendar` **Obsolete** diff --git a/Group Policies Objects/Default Domain Policy/Windows Copilot.md b/Group Policies Objects/Default Domain Policy/Windows Copilot.md new file mode 100644 index 0000000..d0ac798 --- /dev/null +++ b/Group Policies Objects/Default Domain Policy/Windows Copilot.md @@ -0,0 +1,5 @@ +# Windows Copilot + +`User Configuration\Policies\Administrative Templates\Windows Components\Windows Copilot` + +- Turn off Windows Copilot -> Enabled \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Windows Defender SmartScreen.md b/Group Policies Objects/Default Domain Policy/Windows Defender SmartScreen.md index 69b0418..f32cb5a 100644 --- a/Group Policies Objects/Default Domain Policy/Windows Defender SmartScreen.md +++ b/Group Policies Objects/Default Domain Policy/Windows Defender SmartScreen.md @@ -1,6 +1,6 @@ # Windows Defender SmartScreen -`Computer Configuration\Administrative Templates\Windows Components\Windows Defender SmartScreen` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen` - Enhanced Phishing Protection -> Service Enabled -> Disabled (**Does not show on Windows Server 2022 by default**) - Microsoft Edge -> Configure Windows Defender SmartScreen -> Disabled diff --git a/Group Policies Objects/Default Domain Policy/Windows Error Reporting.md b/Group Policies Objects/Default Domain Policy/Windows Error Reporting.md index 8f056dd..5edab0d 100644 --- a/Group Policies Objects/Default Domain Policy/Windows Error Reporting.md +++ b/Group Policies Objects/Default Domain Policy/Windows Error Reporting.md @@ -1,5 +1,5 @@ # Windows Error Reporting -`Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Error Reporting` - Disable Windows Error Reporting -> Enable \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Windows Game Recording and Broadcasting.md b/Group Policies Objects/Default Domain Policy/Windows Game Recording and Broadcasting.md index 483e78c..a9f91be 100644 --- a/Group Policies Objects/Default Domain Policy/Windows Game Recording and Broadcasting.md +++ b/Group Policies Objects/Default Domain Policy/Windows Game Recording and Broadcasting.md @@ -1,6 +1,6 @@ # Windows Game Recording and Broadcasting -`Computer Configuration\Administrative Templates\Windows Components\Windows Game Recording and Broadcasting` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Game Recording and Broadcasting` If you wanna record your screen and stuff, don't apply this. Otherwise, why not just disable it? Unnecessary stuff. diff --git a/Group Policies Objects/Default Domain Policy/Windows Media Digital Rights Management.md b/Group Policies Objects/Default Domain Policy/Windows Media Digital Rights Management.md index e62168a..ad2b171 100644 --- a/Group Policies Objects/Default Domain Policy/Windows Media Digital Rights Management.md +++ b/Group Policies Objects/Default Domain Policy/Windows Media Digital Rights Management.md @@ -1,6 +1,6 @@ # Windows Media Digital Rights Management -`Computer Configuration\Administrative Templates\Windows Components\Windows Media Digital Rights Management` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Media Digital Rights Management` Obviously do not set this if you need Windows Media DRM, but I have never seen this being used so I don't see a reason for it to be allowed. diff --git a/Group Policies Objects/Default Domain Policy/Windows Messenger.md b/Group Policies Objects/Default Domain Policy/Windows Messenger.md index 64a99fc..e647f9a 100644 --- a/Group Policies Objects/Default Domain Policy/Windows Messenger.md +++ b/Group Policies Objects/Default Domain Policy/Windows Messenger.md @@ -1,6 +1,6 @@ # Windows Messenger -`Computer Configuration\Administrative Templates\Windows Components\Windows Messenger` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Messenger` **Old and very likely to be obsolete.** diff --git a/Group Policies Objects/Default Domain Policy/Windows Update.md b/Group Policies Objects/Default Domain Policy/Windows Update.md index c08a453..beec7a8 100644 --- a/Group Policies Objects/Default Domain Policy/Windows Update.md +++ b/Group Policies Objects/Default Domain Policy/Windows Update.md @@ -1,6 +1,6 @@ # Windows Update -`Computer Configuration\Administrative Templates\Windows Components\Windows Update` +`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update` - Manage updates offered from Windows Update -> Enable optional updates -> Enabled -> Automatically receive optional updates - Manage updates offered from Windows Update -> Select when Quality Updates are received -> Enabled -> Defer for 0 days diff --git a/Group Policies Objects/Gaming/Mitigation Options (Gaming).md b/Group Policies Objects/Gaming/Mitigation Options (Gaming).md index 367e2b9..7f7a3d9 100644 --- a/Group Policies Objects/Gaming/Mitigation Options (Gaming).md +++ b/Group Policies Objects/Gaming/Mitigation Options (Gaming).md @@ -2,4 +2,4 @@ `Computer Configuration\Administrative Templates\System\Mitigation Options` -- Untrusted Font Blocking -> Disabled \ No newline at end of file +- Untrusted Font Blocking -> Enabled -> Do not block untrusted fonts \ No newline at end of file diff --git a/Group Policies Objects/Parallels/Device Guard (Parallels).md b/Group Policies Objects/Parallels/Device Guard (Parallels).md index 598e913..9ae968f 100644 --- a/Group Policies Objects/Parallels/Device Guard (Parallels).md +++ b/Group Policies Objects/Parallels/Device Guard (Parallels).md @@ -1,5 +1,5 @@ # Device Guard -`Computer Configuration\Administrative Templates\System\Device Guard` +`Computer Configuration\Policies\Administrative Templates\System\Device Guard` - Turn On Virtualization Based Security -> Disabled \ No newline at end of file diff --git a/Group Policies Objects/Parallels/Windows Time Service (Parallels).md b/Group Policies Objects/Parallels/Windows Time Service (Parallels).md index bedd7e9..51f4fbd 100644 --- a/Group Policies Objects/Parallels/Windows Time Service (Parallels).md +++ b/Group Policies Objects/Parallels/Windows Time Service (Parallels).md @@ -1,5 +1,5 @@ # Windows Time Service -`Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers` +`Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers` Enable Windows NTP Client -> Disabled (**Read my notes on Date & Time. I am disabling time sync here because it is already handled by my guest agent**.)