Tomster/Windows-Setup
1
0
Fork 0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-11-09 09:41:46 -05:00
Code

Compare commits

base: Tomster:3aa5d50728e320d9f79b311bf80839684eb2173a
Branches Tags
Tomster:main
...
compare: Tomster:e0143704808d4d9abf000db15bbab9661e1abc45
Branches Tags
Tomster:main

3 Commits
3aa5d50728 ... e014370480

Author SHA1 Message Date
Tommy
e014370480
Application compatibility 
Signed-off-by: Tommy <contact@tommytran.io>
 2023-11-14 14:27:34 -07:00
Tommy
1863c622cd
Mention the disable new DMA devices policy 
Signed-off-by: Tommy <contact@tommytran.io>
 2023-11-14 14:18:42 -07:00
Tommy
fb28b39fda
Internet Communication setting 
Signed-off-by: Tommy <contact@tommytran.io>
 2023-11-14 14:16:16 -07:00
3 changed files with 23 additions and 1 deletions
Show Stats Expand all files Collapse all files

13
Group Policies/Computer Configuration/System/Internet Communication settings.md Normal file
View File

@ -0,0 +1,13 @@
# Internet Communication settings
`Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings`
These look quite old so I am not sure if they apply to modern Windows versions or not. It doesn't hurt to set them either ways
- Turn off Windows Customer Experience mprovement Program -> Enabled
- Turn off downloading of print drivers over HTTP -> Enabled
Turn off printing over HTTP -> Enabled
- Turn off Help and Support Center "Did you know?" content -> Enabled (These are probably not that useful and will just be annoying)
- Turn off Windows Error Reporting -> Enabled
- turn off Search Companion content file updates -> Enabled
- Turn off Windows Messenger Customer Experience Improvement Program -> Enabled

7
Group Policies/Computer Configuration/Windows Components/Application Compatibility.md Normal file
View File

@ -0,0 +1,7 @@
# Application Compatibility
`Computer Configuration\Administrative Templates\Windows Components\Application Compatibility`
These look quite old so I am not sure if they apply to modern Windows versions or not. It doesn't hurt to set them either ways.
- Turn off Application Telemetry -> Enabled

2
Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md
View File

@ -4,6 +4,8 @@
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) -> Enable -> XTS-AES 256-bit for operating system, fixed data, and removable drives.
**The disable new DMA devices when computer is locked should only be enabled if your computer does not support kernel DMA protection.**
## Operating System Drives
- Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)