Reply to thread

Message

<blockquote data-quote="Andy Ful" data-source="post: 953408" data-attributes="member: 32260">I think that you could simply apply the profile Windows_10_Basic_Recommended_Settings and additionally:<ul>
<li data-xf-list-type="ul">Enhanced Sponsors + CMD</li>
<li data-xf-list-type="ul">Validate Admin C.S. = ON</li>
<li data-xf-list-type="ul">Block Windows Script Host = ON</li>
<li data-xf-list-type="ul">Disable SMB = ON123</li>
</ul>Besides your current protection, this would protect also shortcuts and prevent the user from opening files with non-safe extensions.Edit.If you remove the file extensions from the Designated File Types, then you will get the equivalent of the settings from your previous post (*.bat and *.cmd scripts will be protected).[ATTACH=full]259973[/ATTACH]To protect also shortcuts you have to keep LNK file extension and set &lt;Protecte Shortcuts&gt; = ONThis setup is almost default-deny even when Default Security Level = Disallowed.</blockquote>

[QUOTE="Andy Ful, post: 953408, member: 32260"] I think that you could simply apply the profile Windows_10_Basic_Recommended_Settings and additionally: [LIST] [*]Enhanced Sponsors + CMD [*]Validate Admin C.S. = ON [*]Block Windows Script Host = ON [*]Disable SMB = ON123 [/LIST] Besides your current protection, this would protect also shortcuts and prevent the user from opening files with non-safe extensions. Edit. If you remove the file extensions from the Designated File Types, then you will get the equivalent of the settings from your previous post (*.bat and *.cmd scripts will be protected). [ATTACH type="full" alt="1627915206705.png"]259973[/ATTACH] To protect also shortcuts you have to keep LNK file extension and set <Protecte Shortcuts> = ON This setup is almost default-deny even when Default Security Level = Disallowed. [/QUOTE]

Verification