From 1407430134a61d8e842960558e5c47da96ab0920 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 6 Feb 2024 10:18:26 -0500 Subject: [PATCH] Update lock-down configuration for Windows 10 AppLocker --- .../kiosk/lock-down-windows-10-applocker.md | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/windows/configuration/kiosk/lock-down-windows-10-applocker.md b/windows/configuration/kiosk/lock-down-windows-10-applocker.md index 2781e1b640..24561726a8 100644 --- a/windows/configuration/kiosk/lock-down-windows-10-applocker.md +++ b/windows/configuration/kiosk/lock-down-windows-10-applocker.md @@ -63,32 +63,20 @@ After you install the desired apps, set up AppLocker rules to only allow specifi In addition to specifying the apps that users can run, you should also restrict some settings and functions on the device. For a more secure experience, we recommend that you make the following configuration changes to the device: - Remove **All apps**. - Go to **Group Policy Editor** > **User Configuration** > **Administrative Templates\\Start Menu and Taskbar\\Remove All Programs list from the Start menu**. - - Hide **Ease of access** feature on the logon screen. - Go to **Control Panel** > **Ease of Access** > **Ease of Access Center**, and turn off all accessibility tools. - - Disable the hardware power button. - Go to **Power Options** > **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**. - - Disable the camera. - Go to **Settings** > **Privacy** > **Camera**, and turn off **Let apps use my camera**. - - Turn off app notifications on the lock screen. - Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**. - - Disable removable media. - Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation. - **Note** - - To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**. + > [!NOTE] + > To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**. To learn more about locking down features, see [Customizations for Windows 10 Enterprise](/windows-hardware/customize/enterprise/enterprise-custom-portal).