Application compatibility

Signed-off-by: Tommy <contact@tommytran.io>
Mention the disable new DMA devices policy
2024-09-19 09:54:50 -04:00 · 2023-11-14 14:27:34 -07:00 · 2023-11-14 14:18:42 -07:00 · 2023-11-14 14:16:16 -07:00
3 changed files with 23 additions and 1 deletions
--- a/Configuration/System/Internet
+++ b/Configuration/System/Internet
@ -0,0 +1,13 @@
+# Internet Communication settings
+
+`Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings`
+
+These look quite old so I am not sure if they apply to modern Windows versions or not. It doesn't hurt to set them either ways
+
+- Turn off Windows Customer Experience mprovement Program -> Enabled
+- Turn off downloading of print drivers over HTTP -> Enabled
+Turn off printing over HTTP -> Enabled
+- Turn off Help and Support Center "Did you know?" content -> Enabled (These are probably not that useful and will just be annoying)
+- Turn off Windows Error Reporting -> Enabled
+- turn off Search Companion content file updates -> Enabled
+- Turn off Windows Messenger Customer Experience Improvement Program -> Enabled
--- a/Components/Application
+++ b/Components/Application
@ -0,0 +1,7 @@
+# Application Compatibility
+
+`Computer Configuration\Administrative Templates\Windows Components\Application Compatibility`
+
+These look quite old so I am not sure if they apply to modern Windows versions or not. It doesn't hurt to set them either ways.
+
+- Turn off Application Telemetry -> Enabled
--- a/Configuration/Windows
+++ b/Configuration/Windows
@ -4,7 +4,9 @@

 Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) -> Enable -> XTS-AES 256-bit for operating system, fixed data, and removable drives.

+**The disable new DMA devices when computer is locked should only be enabled if your computer does not support kernel DMA protection.**
+
 ## Operating System Drives

 - Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
- Allow enhanced PINs for startup -> Enabled.
+- Allow enhanced PINs for startup -> Enabled.
Author	SHA1	Message	Date
Tommy	e014370480	Application compatibility Signed-off-by: Tommy <contact@tommytran.io>	2023-11-14 14:27:34 -07:00
Tommy	1863c622cd	Mention the disable new DMA devices policy Signed-off-by: Tommy <contact@tommytran.io>	2023-11-14 14:18:42 -07:00
Tommy	fb28b39fda	Internet Communication setting Signed-off-by: Tommy <contact@tommytran.io>	2023-11-14 14:16:16 -07:00