1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-11-21 15:41:45 -05:00

Compare commits

...

4 Commits

Author SHA1 Message Date
6330a1f396
AutoPlay Policies
Signed-off-by: Tommy <contact@tommytran.io>
2023-11-20 16:24:30 -07:00
686ef5b0a9
Software Protection Platform
Signed-off-by: Tommy <contact@tommytran.io>
2023-11-20 16:17:48 -07:00
eeadf80b62
Add PCR 6
Signed-off-by: Tommy <contact@tommytran.io>
2023-11-20 15:46:33 -07:00
737f4111a1
Updated PCR bindings
Signed-off-by: Tommy <contact@tommytran.io>
2023-11-20 15:41:38 -07:00
3 changed files with 12 additions and 1 deletions

View File

@ -0,0 +1,5 @@
# AutoPlay Policies
`Computer Configuration\Administrative Templates\Windows Components\AutoPlay {p;ocoesy`
- Turn off Autoplay -> Enabled

View File

@ -9,4 +9,5 @@ Choose drive encryption method and cipher strength (Windows 10 [Version 1511] an
## Operating System Drives
- Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
- Allow enhanced PINs for startup -> Enabled.
- Allow enhanced PINs for startup -> Enabled.
- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,6,7,11

View File

@ -0,0 +1,5 @@
# Software Protection Platform
`Computer Configuration\Administrative Templates\Windows Components\Software Protection Platform`
- Turn off KMS Client Online AVS Validation -> Enabled