AutoPlay Policies

Signed-off-by: Tommy <contact@tommytran.io>
Software Protection Platform
2024-11-09 09:41:46 -05:00 · 2023-11-20 16:24:30 -07:00 · 2023-11-20 16:17:48 -07:00 · 2023-11-20 15:46:33 -07:00 · 2023-11-20 15:41:38 -07:00
3 changed files with 12 additions and 1 deletions
--- a/Configuration/Windows
+++ b/Configuration/Windows
@ -0,0 +1,5 @@
+# AutoPlay Policies
+
+`Computer Configuration\Administrative Templates\Windows Components\AutoPlay {p;ocoesy`
+
+- Turn off Autoplay -> Enabled
--- a/Configuration/Windows
+++ b/Configuration/Windows
@ -9,4 +9,5 @@ Choose drive encryption method and cipher strength (Windows 10 [Version 1511] an
 ## Operating System Drives

 - Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
- Allow enhanced PINs for startup -> Enabled.
+- Allow enhanced PINs for startup -> Enabled.
+- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,6,7,11
--- a/Configuration/Windows
+++ b/Configuration/Windows
@ -0,0 +1,5 @@
+# Software Protection Platform
+
+`Computer Configuration\Administrative Templates\Windows Components\Software Protection Platform`
+
+- Turn off KMS Client Online AVS Validation -> Enabled
Author	SHA1	Message	Date
Tommy	6330a1f396	AutoPlay Policies Signed-off-by: Tommy <contact@tommytran.io>	2023-11-20 16:24:30 -07:00
Tommy	686ef5b0a9	Software Protection Platform Signed-off-by: Tommy <contact@tommytran.io>	2023-11-20 16:17:48 -07:00
Tommy	eeadf80b62	Add PCR 6 Signed-off-by: Tommy <contact@tommytran.io>	2023-11-20 15:46:33 -07:00
Tommy	737f4111a1	Updated PCR bindings Signed-off-by: Tommy <contact@tommytran.io>	2023-11-20 15:41:38 -07:00