Recommand same build across Laptop & Desktop <\/p>\n\n\n\n
Choose Hardware from Tier1 vendor (IBM,HP,Dell) these provide firmware updates for longer. Favor hardware that include; TPM module, finger print scanner. Disable IPv6; windows prefers IPv6 over IPv4. an intruder can use this to create a Preferred DC or DNS service.<\/p>\n\n\n\n Windows Admin Center; convenient management<\/p>\n","protected":false},"excerpt":{"rendered":" Recommand same build across Laptop & Desktop Choose Hardware from Tier1 vendor (IBM,HP,Dell) these provide firmware updates for longer. Favor hardware that include; TPM module, finger print scanner.Bios WakeOnLan =…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[3],"class_list":["post-183","post","type-post","status-publish","format-standard","hentry","category-uncategorised","tag-smb"],"_links":{"self":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=183"}],"version-history":[{"count":9,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/183\/revisions"}],"predecessor-version":[{"id":1249,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/183\/revisions\/1249"}],"wp:attachment":[{"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Bios
WakeOnLan = on
Wake @ 7am a standard time for installing updates
Power loss state = last
TPM = on Trusted Platform Module
Windows 10 Enterprise; to avoid users unknowingly or purposefully installing malware, engage “S mode<\/a>“. Which only allows installs from Windows store. This can be enabled after installing company standard software. Controlling this via Group Policy requires a Forest and Domain level of Windows2016+. This trade off allows users to install programs that have passed the scrutiny of the Microsoft Store. To manually test this, Settings > Apps > Apps & Features; under the Installing Apps heading, choose Allow Apps From The Store Only. I will be testing how this feature works with Group Policy Published Applications. Link<\/a>
encrypted HDD
Rename local administrator to AdminL, set 63 char password
Automatic Updates @ 7am
System Restore ON
HVCI ON https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-exploit-guard\/enable-virtualization-based-protection-of-code-integrity
Disable WPAD https:\/\/increasec.com\/wp-admin\/post.php?post=82&action=edit
Wins\/Netbios\/MasterBrowser Off. Set 1-2 wired PC’s ON (per subnet) if no Domain present.
Disable Powershell to Public https:\/\/increasec.com\/wp-admin\/post.php?post=167&action=edit
Firefox \/ Chrome browser
uBlock Origin plugin
LastPass plugin
NonEmail Chat Microsoft Teams\/Slack\/RocketChat\/Telegram\/Wire\/Signal\/Google Hangouts
Asset Mgt Spiceworks?
VPN Client Fortinet \/ ZeroTier \/ Tunnel Bear
Fingerprint reader https:\/\/www.amazon.ca\/Fingerprint-PQI-Matching-Biometric-Security\/dp\/B06XG4MHFJ\/ref=sr_1_5?keywords=fingerprint+keyboard&qid=1566494596&s=gateway&sr=8-5
Remote access laptop teamviewer, remotedesktop.google.com, splashtop
Video Conference & screen sharing; WebEx \/ Zoom \/ Join.me \/ BigBlueButton<\/p>\n\n\n\n