Windows 10 is the most widely used desktop operating system in enterprise environment. It features extensive security policies, allowing in-depth configuration of each security subsystem. To ensure secure computing, administrators must take in consideration all the threats the enterprise might face and deploy appropriate policies. This often includes strict firewall and AppLocker rules.With the rapid pace of Windows 10 feature updates, the recommended security policies change very often, and security guides should change accordingly. This paper will provide an in-depth guide to hardening Windows 10, including configuration of BitLocker, AppLocker, and Windows Firewall. For each security policy or recommendation, impact to security and usability is assessed, along with a MITRE ATT&CK technique mitigated by the policy. Some of the security policies mentioned require additional configuration by administrator based on a specific use cases, a set of deployed software and a network environment. Wedo not recommend home users to deploy the policies.
• Computer running Windows 10 Enterprise/Education, version 20H1 / 20H2 (most of these settings will apply to older versions of Windows 10 or lower SKUs, but compatibility is not guaranteed).
• TPM module.
Not all policies are suitable for all types of users. For this reason, we will be analyzing the suitability of each policy for two types of users depending on their role:
Administrator/Developer – Uses an administrator account, launches a lot of software, and connects different accessories and hardware.
Office Worker – Uses a standard account and the set of their software is limited. Office Workers do not change hardware and accessories without the assistance of the IT
Download Guide to Hardening Windows 10 Technical Guide to learn more.
- Windows 10 Hardening-Non-Enterprise Environment
- Part 1 of Windows Memory Forensics Technical Guide
- Part 2 of Windows Memory Forensics Technical Guide
- Part 3 of Windows Memory Forensics Guide.