Q&A Need some config ideas


New Member
Aug 19, 2021
I'm looking for some recommendations as to what security configuration I should set up for my old man. He's not the brightest when it comes to avoiding sketchy sites or sketchy software. He’ll be getting a new PC soon and I’m trying to think in advance of how I should set it up for him. He’s gonna need the admin password since it’ll be his computer and he’ll have to occasionally install updates and such, so this makes things even more complicated. Of course, I would have him primarily use a standard account and teach him to only enter the admin password for things like updates, but ultimately there’s no guaranteeing how careful he will be. He also multitasks a lot with spreadsheets, so I don’t want to use something that’ll noticeably slow down his PC. Whatever he uses should ideally be lightweight, but also very effective at preventing infection. I also have a strong preference for a free solution, but if I think it’s worth it I might consider getting a paid product.

I was looking through some free AV options and Kaspersky caught my eye. It seems to cover all the essentials, but I’m not sure how true that is or how it affects performance. I’m wondering what others think is best in this situation. I also thought it might be good to harden Windows and Microsoft Edge, so any advice on that would also be appreciated.


Level 22
Feb 25, 2017
I would just use Microsoft Defender with the ConfigureDefender tool by @Andy Ful set to either High or Max. If you don't want him to accidentally play around with the security settings of Windows you can even set the Security Center visibility to invisible within the tool.

ConfigureDefender: Updates - ConfigureDefender utility for Windows 10

To avoid sketchy sites I'd recommend setting up NextDNS as his DNS provider which has multiple web-protection shields for different scenarios. It can for example recognize when he accidentally tries to access Gooogle.com instead of Google.com (Typosquatting protection)

There are different ways of setting up a new DNS provider. You can either do it network-wide (router) or just on a single device. It may sound complicated at first but NextDNS has an easy step by step setup guide.










NextDNS: NextDNS
Last edited:

Andy Ful

Level 72
Content Creator
Dec 23, 2014
I also thought it might be good to harden Windows and Microsoft Edge, so any advice on that would also be appreciated.

If your old man (dad?) is a cautious and reasonable person when using the computer, then you can follow the @SecureCongo advice. Instruct him about the danger of opening attachments and following URLs in emails, some basics about phishing, etc. Warn him about the danger of ignoring SmartScreen.

If you can configure the software to auto-update on SUA and your dad does not need to install new applications by himself, then there is a simple way to make him safe by using Windows hardening + Microsoft Defender. Otherwise, after hardening the occasional help from the Home Administrator will be required.
Windows, Edge, Chrome, Microsoft Store Apps, and some other applications can auto-update when the user works on a Standard User Account (SUA). Microsoft applications can be updated via Windows Updates (requires the right setup of Windows Updates). Generally, all software that uses scheduled tasks configured to use high privileges can auto-update when the user works on SUA.

If it is not possible and your dad is going to use the computer without any help, then the simplest way is to buy Kaspersky Internet Security and configure it to @harlan4096 setup. This will work well for popular software. Otherwise, some software updates and some new versions of applications will be blocked for a few days. A similar setup (but slightly less safe) can be applied by using Norton 360 or Avast (set to Hardened Mode).

There are many other possibilities depending on how strong are your dad's safe habits, how frequently he installs new applications, how risky can be his activities, etc.:)(y)
Last edited: