![]() ![]() The recent WannaCry threat exploited known weaknesses in its architecture. Click OK to save changes.ĭisable SMBv1: Version 1 of the file sharing protocol (Server Message Block or SMB) is out of date and contains major security vulnerabilities. Make sure the slider is all the way up at Always notify. Control Panel > User Accounts select Change User Account Control settings. If you leave it off, you are basically inviting malware to do whatever the hell it wants on your PC, without you noticing. Not using your camera? Don’t want other apps to access it, or the other parts of your device? Then put the smack-down on that stuff right from here.Įnable UAC:User Account Control (UAC) is not an optional protection. Visit Start > Settings > Privacy to browse what is going on with your device and data. If I don’t know what it is, I disable it–it can always be turned on later. I try to disable anything that looks like it might be sharing marketing data, location or other information unless it specifically benefits me, and those benefits are made clear to me. ![]() Privacy settings: Everyone has a different level of comfort when it comes to these settings. More on how to enable this without TPM here. And really, why wouldn’t you just do it anyway? Visit Control Panel > BitLocker Drive Encryption to turn it on. If you access or store Personally Identifiable Information (PII) or Electronic Health Protected Information (ePHI), then this is a MUST. Seriously, get every available update from Settings > Update & Security.Įnable BitLocker: BitLocker will encrypt your entire hard drive. Updates: I almost didn’t include this because it’s so obvious, but then I thought: someone out there will take this checklist list too literally and overlook this critical step, so I better include it. Start > Settings > Accounts > Sign– in Options > Find Setup under Windows Hello. You need to select a non-trivial PIN (not 1111 or 1234), and make sure it is different for different devices, or you’re missing the point of this technology. ![]() ![]() if you have finger print reader or infra-red camera for facial recognition). Usually this involves setting up a PIN of your choosing, but you can also configure other options (e.g. Setup Hello/PIN:Hello is a personal sign-in that is to this specific device. Microsoft account: You can sign into your Windows 10 Device with a Microsoft account, which is recommended since it comes with some great benefits such as syncing certain settings and preferences, being able to store your BitLocker keys in the cloud, and more! Be sure to enable two-factor authentication on this account, too. You can usually get in here by paying attention to what your screen says before Windows loads–often “ Setup” is accessed by pressing “ Delete” or “ F1” or some other “ F-key.” Make sure TPM is enabled if you have that option, and SecureBoot, for sure. There are some really great security features built-in to modern UEFI–you should be aware of them, and you should absolutely leverage them. Harden your BIOS/UEFI: Before the OS loads, something called UEFI (formerly known as BIOS) boots up first, and remains running the entire time your PC is on. Feel free to add your own favorites or other notes in the comments section, too! I usually do these things with security / compliance in mind–but some of it comes down to preference (I think the differences between these will be obvious). This post features the things I do when setting up any (personal) Windows 10 Pro device, whether it’s for myself, my family members, clients, or anyone really. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |