Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Windows Home/Pro owner? Use Software Restriction Policies!
Message
<blockquote data-quote="ForgottenSeer 95367" data-source="post: 1005711"><p><h2>System Requirements</h2><p>Config lock will be available for all Windows Professional and Enterprise Editions running on <a href="https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-highly-secure" target="_blank">secured-core PCs</a>. When the device isn't a secured-core PC, the Config lock won't apply.</p><p></p><p>Config lock isn't enabled by default, or turned on by the OS during boot. Rather, you need to turn it on. Turn on config lock using Microsoft Endpoint Manager (Microsoft Intune).</p><p></p><p>Secured-core configuration lock (config lock) is a new <a href="https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-highly-secure" target="_blank">secured-core PC (SCPC)</a> feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a secured-core PC remains a secured-core PC.</p><p></p><p>For general purpose laptops, tablets, 2-in-1’s, mobile workstations, and desktops, Microsoft recommends using Security baselines for optimal configuration. For more info, see <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines" target="_blank">Windows security baselines</a>.</p><p></p><p>Even though Windows and Windows Server are designed to be secure out-of-the-box, many organizations still want more granular control over their security configurations. To navigate the large number of controls, organizations need guidance on configuring various security features. Microsoft provides this guidance in the form of security baselines.</p><p></p><p>We recommend that you implement an industry-standard configuration that is broadly known and well-tested, such as Microsoft security baselines, as opposed to creating a baseline yourself. This industry-standard configuration helps increase flexibility and reduce costs.</p><h2>Baseline principles</h2><p>Our recommendations follow a streamlined and efficient approach to baseline definitions. The foundation of that approach is essentially:</p><ul> <li data-xf-list-type="ul">The baselines are designed for well-managed, security-conscious organizations in which standard end users don't have administrative rights.</li> <li data-xf-list-type="ul">A baseline enforces a setting only if it mitigates a contemporary security threat <strong><em>and doesn't cause operational issues that are worse than the risks they mitigate.</em></strong></li> <li data-xf-list-type="ul">A baseline enforces a default only if it's otherwise likely to be set to an insecure state by an authorized user:<ul> <li data-xf-list-type="ul">If a non-administrator can set an insecure state, enforce the default.</li> <li data-xf-list-type="ul">If setting an insecure state requires administrative rights, enforce the default only if it's likely that a misinformed administrator will otherwise choose poorly.</li> </ul></li> </ul><p>You can download the security baselines from the <a href="https://www.microsoft.com/download/details.aspx?id=55319" target="_blank">Microsoft Download Center</a>.</p><p></p><p>Microsoft Baselines:</p><ul> <li data-xf-list-type="ul">Documentation (PDFs and Excel)</li> <li data-xf-list-type="ul">GPOs (xml)</li> <li data-xf-list-type="ul">Scripts (PowerShell)</li> <li data-xf-list-type="ul">Templates</li> </ul><p></p><p>[ATTACH=full]269604[/ATTACH]</p><p></p><p></p><p>[ATTACH=full]269607[/ATTACH]</p></blockquote><p></p>
[QUOTE="ForgottenSeer 95367, post: 1005711"] [HEADING=1]System Requirements[/HEADING] Config lock will be available for all Windows Professional and Enterprise Editions running on [URL='https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-highly-secure']secured-core PCs[/URL]. When the device isn't a secured-core PC, the Config lock won't apply. Config lock isn't enabled by default, or turned on by the OS during boot. Rather, you need to turn it on. Turn on config lock using Microsoft Endpoint Manager (Microsoft Intune). Secured-core configuration lock (config lock) is a new [URL='https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-highly-secure']secured-core PC (SCPC)[/URL] feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a secured-core PC remains a secured-core PC. For general purpose laptops, tablets, 2-in-1’s, mobile workstations, and desktops, Microsoft recommends using Security baselines for optimal configuration. For more info, see [URL='https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines']Windows security baselines[/URL]. Even though Windows and Windows Server are designed to be secure out-of-the-box, many organizations still want more granular control over their security configurations. To navigate the large number of controls, organizations need guidance on configuring various security features. Microsoft provides this guidance in the form of security baselines. We recommend that you implement an industry-standard configuration that is broadly known and well-tested, such as Microsoft security baselines, as opposed to creating a baseline yourself. This industry-standard configuration helps increase flexibility and reduce costs. [HEADING=1]Baseline principles[/HEADING] Our recommendations follow a streamlined and efficient approach to baseline definitions. The foundation of that approach is essentially: [LIST] [*]The baselines are designed for well-managed, security-conscious organizations in which standard end users don't have administrative rights. [*]A baseline enforces a setting only if it mitigates a contemporary security threat [B][I]and doesn't cause operational issues that are worse than the risks they mitigate.[/I][/B] [*]A baseline enforces a default only if it's otherwise likely to be set to an insecure state by an authorized user: [LIST] [*]If a non-administrator can set an insecure state, enforce the default. [*]If setting an insecure state requires administrative rights, enforce the default only if it's likely that a misinformed administrator will otherwise choose poorly. [/LIST] [/LIST] You can download the security baselines from the [URL='https://www.microsoft.com/download/details.aspx?id=55319']Microsoft Download Center[/URL]. Microsoft Baselines: [LIST] [*]Documentation (PDFs and Excel) [*]GPOs (xml) [*]Scripts (PowerShell) [*]Templates [/LIST] [ATTACH type="full" alt="1664346814429.png"]269604[/ATTACH] [ATTACH type="full" alt="1664347663274.png"]269607[/ATTACH] [/QUOTE]
Insert quotes…
Verification
Post reply
Top