Standard Laptop build

Recommand same build across Laptop & Desktop

Choose Hardware from Tier1 vendor (IBM,HP,Dell) these provide firmware updates for longer. Favor hardware that include; TPM module, finger print scanner.
WakeOnLan = on
Wake @ 7am a standard time for installing updates
Power loss state = last
TPM = on Trusted Platform Module
Windows 10 Enterprise; if possible in S mode. Only allows installs from Windows store
encrypted HDD
Rename local administrator to AdminL, set 63 char password
Automatic Updates @ 7am
System Restore ON
HVCI ON https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity
Disable WPAD http://increasec.com/wp-admin/post.php?post=82&action=edit
Wins/Netbios/MasterBrowser Off. Set 1-2 wired PC’s ON (per subnet) if no Domain present.
Disable Powershell to Public http://increasec.com/wp-admin/post.php?post=167&action=edit
Chrome browser
uBlock Origin plugin
LastPass plugin
NonEmail Chat Microsoft Teams/Slack/RocketChat/Telegram/Wire/Signal/Google Hangouts
Asset Mgt Spiceworks?
VPN Client Fortinet / ZeroTier / Tunnel Bear
Fingerprint reader https://www.amazon.ca/Fingerprint-PQI-Matching-Biometric-Security/dp/B06XG4MHFJ/ref=sr_1_5?keywords=fingerprint+keyboard&qid=1566494596&s=gateway&sr=8-5
Remote access laptop teamviewer, remotedesktop.google.com, splashtop
Video Conference & screen sharing; WebEx / Zoom / Join.me / BigBlueButton

Leave a Reply

Your email address will not be published. Required fields are marked *