mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-23 14:23:38 +00:00
Merge branch 'main' into jgeurten-multi-base-considerations-com
This commit is contained in:
Vinay Pamnani
GitHub
@ -171,4 +171,8 @@ Resource SACLs are also useful for diagnostic scenarios. For example, administra
|
||||
|
||||
This category includes the following subcategories:
|
||||
- [File System (Global Object Access Auditing)](file-system-global-object-access-auditing.md)
|
||||
- [Registry (Global Object Access Auditing)](registry-global-object-access-auditing.md)
|
||||
- [Registry (Global Object Access Auditing)](registry-global-object-access-auditing.md)
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Basic security audit policy settings](basic-security-audit-policy-settings.md)
|
||||
|
||||
@ -1,17 +1,14 @@
|
||||
### YamlMime:FAQ
|
||||
metadata:
|
||||
title: Advanced security auditing FAQ (Windows 10)
|
||||
title: Advanced security auditing FAQ
|
||||
description: This article lists common questions and answers about understanding, deploying, and managing security audit policies.
|
||||
ms.prod: windows-client
|
||||
ms.technology: mde
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
manager: aaroncz
|
||||
ms.reviewer:
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: faq
|
||||
ms.date: 05/24/2022
|
||||
ms.technology: itpro-security
|
||||
|
||||
title: Advanced security auditing FAQ
|
||||
|
||||
|
||||
@ -38,6 +38,6 @@ Basic security audit policy settings are found under Computer Configuration\\Win
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Basic security audit policy settings](basic-security-audit-policy-settings.md)
|
||||
- [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
|
||||
|
||||
|
||||
|
||||
@ -158,15 +158,15 @@ This event generates only if Success auditing is enabled for the [Audit Handle M
|
||||
|
||||
**Access Request Information:**
|
||||
|
||||
- **Transaction ID** \[Type = GUID\]: unique GUID of the transaction. This field can help you correlate this event with other events that might contain the same the **Transaction ID**, such as “[4660](event-4660.md)(S): An object was deleted.”
|
||||
- **Transaction ID** \[Type = GUID\]: unique GUID of the transaction. This field can help you correlate this event with other events that might contain the same **Transaction ID**, such as “[4660](event-4660.md)(S): An object was deleted.”
|
||||
|
||||
This parameter might not be captured in the event, and in that case appears as “{00000000-0000-0000-0000-000000000000}”.
|
||||
|
||||
> **Note** **GUID** is an acronym for 'Globally Unique Identifier'. It is a 128-bit integer number used to identify resources, activities or instances.
|
||||
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
|
||||
|
||||
- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
|
||||
- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
|
||||
|
||||
- **Privileges Used for Access Check** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as “-”. See full list of user privileges in the table below:
|
||||
|
||||
@ -218,4 +218,4 @@ For 4661(S, F): A handle to an object was requested.
|
||||
|
||||
> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
|
||||
|
||||
- You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document.
|
||||
- You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document.
|
||||
|
||||
@ -126,12 +126,12 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ
|
||||
|
||||
**Access Request Information:**
|
||||
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. “Table 13. File access codes.” contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
|
||||
|
||||
- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
|
||||
- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
|
||||
|
||||
## Security Monitoring Recommendations
|
||||
|
||||
For 4691(S): Indirect access to an object was requested.
|
||||
|
||||
- Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports.
|
||||
- Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports.
|
||||
|
||||
@ -220,7 +220,7 @@ The most common values:
|
||||
| 0x14 | KDC\_ERR\_TGT\_REVOKED | TGT has been revoked | Since the remote KDC may change its PKCROSS key while there are PKCROSS tickets still active, it SHOULD cache the old PKCROSS keys until the last issued PKCROSS ticket expires. Otherwise, the remote KDC will respond to a client with a KRB-ERROR message of type KDC\_ERR\_TGT\_REVOKED. See [RFC1510](https://www.ietf.org/proceedings/49/I-D/draft-ietf-cat-kerberos-pk-cross-07.txt) for more details. |
|
||||
| 0x15 | KDC\_ERR\_CLIENT\_NOTYET | Client not yet valid—try again later | No information. |
|
||||
| 0x16 | KDC\_ERR\_SERVICE\_NOTYET | Server not yet valid—try again later | No information. |
|
||||
| 0x17 | KDC\_ERR\_KEY\_EXPIRED | Password has expired—change password to reset | The user’s password has expired.<br>This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
|
||||
| 0x17 | KDC\_ERR\_KEY\_EXPIRED | Password has expired—change password to reset | The user’s password has expired. |
|
||||
| 0x18 | KDC\_ERR\_PREAUTH\_FAILED | Pre-authentication information was invalid | The wrong password was provided.<br>This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
|
||||
| 0x19 | KDC\_ERR\_PREAUTH\_REQUIRED | Additional pre-authentication required | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients do not request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way. |
|
||||
| 0x1A | KDC\_ERR\_SERVER\_NOMATCH | KDC does not know about the requested server | No information. |
|
||||
|
||||
@ -133,7 +133,7 @@ This event generates once per session, when first access attempt was made.
|
||||
|
||||
**Access Request Information:**
|
||||
|
||||
- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights. Has always “**0x1**” value for this event.
|
||||
- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights. It always has “**0x1**” value for this event.
|
||||
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. Has always “**ReadData (or ListDirectory)**” value for this event.
|
||||
|
||||
|
||||
@ -135,7 +135,7 @@ This event generates every time network share object (file or folder) was access
|
||||
|
||||
**Access Request Information:**
|
||||
|
||||
- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights.
|
||||
- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights.
|
||||
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**.
|
||||
|
||||
@ -319,4 +319,4 @@ For 5145(S, F): A network share object was checked to see whether client can be
|
||||
|
||||
- WRITE\_DAC
|
||||
|
||||
- WRITE\_OWNER
|
||||
- WRITE\_OWNER
|
||||
|
||||
@ -8,7 +8,7 @@ ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
ms.date: 09/09/2021
|
||||
ms.date: 11/30/2022
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.custom: asr
|
||||
@ -28,10 +28,12 @@ ms.topic: how-to
|
||||
## Review system requirements
|
||||
|
||||
See [System requirements for Microsoft Defender Application Guard](./reqs-md-app-guard.md) to review the hardware and software installation requirements for Microsoft Defender Application Guard.
|
||||
>[!NOTE]
|
||||
>Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
|
||||
|
||||
> [!NOTE]
|
||||
> Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
|
||||
|
||||
## Prepare for Microsoft Defender Application Guard
|
||||
|
||||
Before you can install and use Microsoft Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode.
|
||||
|
||||
### Standalone mode
|
||||
@ -52,6 +54,7 @@ Applies to:
|
||||
You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests to add non-enterprise domain(s) in the container.
|
||||
|
||||
The following diagram shows the flow between the host PC and the isolated container.
|
||||
|
||||
|
||||
|
||||
## Install Application Guard
|
||||
@ -60,29 +63,29 @@ Application Guard functionality is turned off by default. However, you can quick
|
||||
|
||||
### To install by using the Control Panel
|
||||
|
||||
1. Open the **Control Panel**, click **Programs,** and then click **Turn Windows features on or off**.
|
||||
1. Open the **Control Panel**, click **Programs,** and then select **Turn Windows features on or off**.
|
||||
|
||||
|
||||
|
||||
2. Select the check box next to **Microsoft Defender Application Guard** and then click **OK**.
|
||||
2. Select the check box next to **Microsoft Defender Application Guard** and then select **OK**.
|
||||
|
||||
Application Guard and its underlying dependencies are all installed.
|
||||
|
||||
### To install by using PowerShell
|
||||
|
||||
>[!NOTE]
|
||||
>Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only.
|
||||
> [!NOTE]
|
||||
> Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only.
|
||||
|
||||
1. Click the **Search** or **Cortana** icon in the Windows 10 or Windows 11 taskbar and type **PowerShell**.
|
||||
1. Select the **Search** or **Cortana** icon in the Windows 10 or Windows 11 taskbar and type **PowerShell**.
|
||||
|
||||
2. Right-click **Windows PowerShell**, and then click **Run as administrator**.
|
||||
2. Right-click **Windows PowerShell**, and then select **Run as administrator**.
|
||||
|
||||
Windows PowerShell opens with administrator credentials.
|
||||
|
||||
3. Type the following command:
|
||||
|
||||
```
|
||||
Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard
|
||||
Enable-WindowsOptionalFeature -Online -FeatureName Windows-Defender-ApplicationGuard
|
||||
```
|
||||
4. Restart the device.
|
||||
|
||||
@ -95,17 +98,15 @@ Application Guard functionality is turned off by default. However, you can quick
|
||||
|
||||
:::image type="content" source="images/MDAG-EndpointMgr-newprofile.jpg" alt-text="Enroll devices in Intune.":::
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
1. Choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
|
||||
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
|
||||
|
||||
1. In the **Platform** list, select **Windows 10 and later**.
|
||||
|
||||
1. In the **Profile** list, select **Endpoint protection**.
|
||||
2. In the **Profile** type, choose **Templates** and select **Endpoint protection**.
|
||||
|
||||
1. Choose **Create**.
|
||||
3. Choose **Create**.
|
||||
|
||||
1. Specify the following settings for the profile:
|
||||
2. Specify the following settings for the profile:
|
||||
|
||||
- **Name** and **Description**
|
||||
|
||||
@ -115,16 +116,16 @@ Application Guard functionality is turned off by default. However, you can quick
|
||||
|
||||
- Choose your preferences for **Clipboard behavior**, **External content**, and the remaining settings.
|
||||
|
||||
1. Choose **OK**, and then choose **OK** again.
|
||||
3. Choose **OK**, and then choose **OK** again.
|
||||
|
||||
1. Review your settings, and then choose **Create**.
|
||||
4. Review your settings, and then choose **Create**.
|
||||
|
||||
1. Choose **Assignments**, and then do the following:
|
||||
5. Choose **Assignments**, and then do the following:
|
||||
|
||||
1. On the **Include** tab, in the **Assign to** list, choose an option.
|
||||
|
||||
1. If you have any devices or users you want to exclude from this endpoint protection profile, specify those on the **Exclude** tab.
|
||||
2. If you have any devices or users you want to exclude from this endpoint protection profile, specify those on the **Exclude** tab.
|
||||
|
||||
1. Click **Save**.
|
||||
3. Select **Save**.
|
||||
|
||||
After the profile is created, any devices to which the policy should apply will have Microsoft Defender Application Guard enabled. Users might have to restart their devices in order for protection to be in place.
|
||||
|
||||
@ -22,6 +22,7 @@ ms.technology: itpro-security
|
||||
# Account lockout duration
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Account lockout duration** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Account Lockout Policy
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the Account Lockout Policy settings and links to information about each policy setting.
|
||||
|
||||
@ -22,6 +22,7 @@ ms.technology: itpro-security
|
||||
# Account lockout threshold
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Account lockout threshold** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Account Policies
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
An overview of account policies in Windows and provides links to policy descriptions.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Accounts: Administrator account status
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Accounts: Administrator account status** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Accounts: Block Microsoft accounts
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, management, and security considerations for the **Accounts: Block Microsoft accounts** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Accounts: Guest account status - security policy setting
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Accounts: Guest account status** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Accounts: Limit local account use of blank passwords to console logon only
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Accounts: Limit local account use of blank passwords to console logon only** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Accounts: Rename administrator account
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
This security policy reference topic for the IT professional describes the best practices, location, values, and security considerations for this policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Accounts: Rename guest account - security policy setting
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Accounts: Rename guest account** security policy setting.
|
||||
|
||||
@ -94,7 +94,7 @@ The Security Compliance Manager is a downloadable tool that helps you plan, depl
|
||||
|
||||
**To administer security policies by using the Security Compliance Manager**
|
||||
|
||||
1. Download the most recent version. You can find out more info on the [Microsoft Security Guidance](/archive/blogs/secguide/) blog.
|
||||
1. Download the most recent version. You can find more info on the [Microsoft Security Baselines](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) blog.
|
||||
1. Read the relevant security baseline documentation that is included in this tool.
|
||||
1. Download and import the relevant security baselines. The installation process steps you through baseline selection.
|
||||
1. Open the Help and follow instructions how to customize, compare, or merge your security baselines before deploying those baselines.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Audit: Audit the use of Backup and Restore privilege
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Audit: Audit the use of Backup and Restore privilege** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Audit Policy
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Provides information about basic audit policies that are available in Windows and links to information about each setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Audit: Shut down system immediately if unable to log security audits
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, management practices, and security considerations for the **Audit: Shut down system immediately if unable to log security audits** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Devices: Allow undock without having to log on
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Devices: Allow undock without having to log on** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Devices: Allowed to format and eject removable media
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Devices: Allowed to format and eject removable media** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Devices: Prevent users from installing printer drivers
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Devices: Prevent users from installing printer drivers** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Devices: Restrict CD-ROM access to locally logged-on user only
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Devices: Restrict CD-ROM access to locally logged-on user only** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Enforce password history
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, policy management, and security considerations for the **Enforce password history** security policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Maximum password age
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, policy management, and security considerations for the **Maximum password age** security policy setting.
|
||||
|
||||
@ -19,6 +19,7 @@ ms.topic: conceptual
|
||||
# Minimum password age
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, policy management, and security considerations for the **Minimum password age** security policy setting.
|
||||
@ -90,4 +91,4 @@ If you set a password for a user but want that user to change the password when
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Password Policy](password-policy.md)
|
||||
- [Password Policy](password-policy.md)
|
||||
|
||||
@ -22,6 +22,7 @@ ms.technology: itpro-security
|
||||
# Minimum password length
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
This article describes the recommended practices, location, values, policy management, and security considerations for the **Minimum password length** security policy setting.
|
||||
|
||||
@ -22,6 +22,7 @@ ms.date: 12/31/2017
|
||||
# Password must meet complexity requirements
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Password must meet complexity requirements** security policy setting.
|
||||
|
||||
@ -22,6 +22,7 @@ ms.technology: itpro-security
|
||||
# Password Policy
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
An overview of password policies for Windows and links to information for each policy setting.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Reset account lockout counter after
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Reset account lockout counter after** security policy setting.
|
||||
@ -76,4 +77,4 @@ If you don't configure this policy setting or if the value is configured to an i
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Account Lockout Policy](account-lockout-policy.md)
|
||||
- [Account Lockout Policy](account-lockout-policy.md)
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Advanced security audit policy settings for Windows 10
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Provides information about the advanced security audit policy settings that are available in Windows and the audit events that they generate.
|
||||
|
||||
@ -19,6 +19,7 @@ ms.topic: conceptual
|
||||
# Security Options
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Provides an introduction to the **Security Options** settings for local security policies and links to more information.
|
||||
|
||||
@ -20,6 +20,7 @@ ms.technology: itpro-security
|
||||
# Store passwords using reversible encryption
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, and security considerations for the **Store passwords using reversible encryption** security policy setting.
|
||||
|
||||
@ -398,6 +398,17 @@ The following GPO snippet performs the following tasks:
|
||||
|
||||
|
||||
|
||||
The following table also contains the six actions to configure in the GPO:
|
||||
|
||||
| Program/Script | Arguments |
|
||||
|------------------------------------|----------------------------------------------------------------------------------------------------------|
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /e:true |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ms:102432768 |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-AppLocker/EXE and DLL" /ms:102432768 |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ca:"O:BAG:SYD:(A;;0x7;;;BA)(A;;0x2;;;AU)(A;;0x1;;;S-1-5-32-573)" |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /e:true |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /ms:52432896 |
|
||||
|
||||
## <a href="" id="bkmk-appendixd"></a>Appendix D - Minimum GPO for WEF Client configuration
|
||||
|
||||
Here are the minimum steps for WEF to operate:
|
||||
@ -656,4 +667,4 @@ You can get more info with the following links:
|
||||
- [Event Queries and Event XML](/previous-versions/bb399427(v=vs.90))
|
||||
- [Event Query Schema](/windows/win32/wes/queryschema-schema)
|
||||
- [Windows Event Collector](/windows/win32/wec/windows-event-collector)
|
||||
- [4625(F): An account failed to log on](./auditing/event-4625.md)
|
||||
- [4625(F): An account failed to log on](./auditing/event-4625.md)
|
||||
|
||||
@ -1,18 +1,10 @@
|
||||
---
|
||||
title: Account protection in the Windows Security app
|
||||
description: Use the Account protection section to manage security for your account and sign in to Microsoft.
|
||||
keywords: account protection, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide, Windows Defender SmartScreen, SmartScreen Filter, Windows SmartScreen
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2018
|
||||
ms.technology: itpro-security
|
||||
ms.topic: article
|
||||
---
|
||||
@ -22,8 +14,7 @@ ms.topic: article
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows 10 and later
|
||||
|
||||
The **Account protection** section contains information and settings for account protection and sign-in. You can get more information about these capabilities from the following list:
|
||||
|
||||
@ -33,7 +24,6 @@ The **Account protection** section contains information and settings for account
|
||||
|
||||
You can also choose to hide the section from users of the device. This is useful if you don't want your employees to access or view user-configured options for these features.
|
||||
|
||||
|
||||
## Hide the Account protection section
|
||||
|
||||
You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
|
||||
|
||||
@ -1,18 +1,10 @@
|
||||
---
|
||||
title: App & browser control in the Windows Security app
|
||||
description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
|
||||
keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
audience: ITPro
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
ms.date: 12/31/2018
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-security
|
||||
ms.topic: article
|
||||
@ -22,8 +14,7 @@ ms.topic: article
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows 10 and later
|
||||
|
||||
The **App and browser control** section contains information and settings for Windows Defender SmartScreen. IT administrators and IT pros can get configuration guidance from the [Windows Defender SmartScreen documentation library](/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview).
|
||||
|
||||
|
||||
@ -1,18 +1,10 @@
|
||||
---
|
||||
title: Customize Windows Security contact information
|
||||
description: Provide information to your employees on how to contact your IT department when a security issue occurs
|
||||
keywords: wdsc, security center, defender, notification, customize, contact, it department, help desk, call, help site
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2018
|
||||
ms.technology: itpro-security
|
||||
ms.topic: article
|
||||
---
|
||||
@ -21,8 +13,7 @@ ms.topic: article
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows 10 and later
|
||||
|
||||
You can add information about your organization in a contact card to the Windows Security app. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
|
||||
|
||||
@ -44,8 +35,6 @@ You must have Windows 10, version 1709 or later. The ADMX/ADML template files fo
|
||||
|
||||
There are two stages to using the contact card and customized notifications. First, you have to enable the contact card or custom notifications (or both), and then you must specify at least a name for your organization and one piece of contact information.
|
||||
|
||||
This can only be done in Group Policy.
|
||||
|
||||
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
|
||||
|
||||
2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
|
||||
@ -56,6 +45,9 @@ This can only be done in Group Policy.
|
||||
|
||||
1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**.
|
||||
|
||||
> [!NOTE]
|
||||
> This can only be done in Group Policy.
|
||||
|
||||
2. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Click **OK**.
|
||||
|
||||
5. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**.
|
||||
@ -67,5 +59,7 @@ This can only be done in Group Policy.
|
||||
|
||||
7. Select **OK** after you configure each setting to save your changes.
|
||||
|
||||
>[!IMPORTANT]
|
||||
>You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
|
||||
To enable the customized notifications and add the contact information in Intune, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy) and [Settings for the Windows Security experience profile in Microsoft Intune](/mem/intune/protect/antivirus-security-experience-windows-settings).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
|
||||
|
||||
@ -1,18 +1,10 @@
|
||||
---
|
||||
title: Device & performance health in the Windows Security app
|
||||
description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
|
||||
keywords: wdsc, windows update, storage, driver, device, installation, battery, health, status
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.date: 12/31/2018
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-security
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
@ -1,17 +1,10 @@
|
||||
---
|
||||
title: Device security in the Windows Security app
|
||||
description: Use the Device security section to manage security built into your device, including virtualization-based security.
|
||||
keywords: device security, device guard, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
ms.date: 12/31/2018
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-security
|
||||
ms.topic: article
|
||||
@ -21,8 +14,7 @@ ms.topic: article
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows 10 and later
|
||||
|
||||
The **Device security** section contains information and settings for built-in device security.
|
||||
|
||||
|
||||
@ -1,18 +1,10 @@
|
||||
---
|
||||
title: Family options in the Windows Security app
|
||||
description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
|
||||
keywords: wdsc, family options, hide, suppress, remove, disable, uninstall, kids, parents, safety, parental, child, screen time
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2018
|
||||
ms.technology: itpro-security
|
||||
ms.topic: article
|
||||
---
|
||||
@ -22,8 +14,7 @@ ms.topic: article
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows 10 and later
|
||||
|
||||
The **Family options** section contains links to settings and further information for parents of a Windows 10 PC. It isn't intended for enterprise or business environments.
|
||||
|
||||
|
||||
@ -1,17 +1,9 @@
|
||||
---
|
||||
title: Firewall and network protection in the Windows Security app
|
||||
description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
|
||||
keywords: wdsc, firewall, windows defender firewall, network, connections, domain, private network, publish network, allow firewall, firewall rule, block firewall
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: medium
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2018
|
||||
ms.technology: itpro-security
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
@ -1,18 +1,10 @@
|
||||
---
|
||||
title: Hide notifications from the Windows Security app
|
||||
description: Prevent Windows Security app notifications from appearing on user endpoints
|
||||
keywords: defender, security center, app, notifications, av, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2018
|
||||
ms.technology: itpro-security
|
||||
ms.topic: article
|
||||
---
|
||||
@ -21,8 +13,7 @@ ms.topic: article
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows 10 and later
|
||||
|
||||
The Windows Security app is used by many Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
|
||||
|
||||
|
||||
@ -5,17 +5,14 @@ ms.prod: windows-client
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
manager: aaroncz
|
||||
ms.collection:
|
||||
ms.topic: article
|
||||
ms.localizationpriority:
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
ms.date: 6/30/2022
|
||||
ms.technology: itpro-security
|
||||
---
|
||||
|
||||
# Windows Sandbox architecture
|
||||
|
||||
Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that isn't available in traditional VMs.
|
||||
Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that isn't available in traditional VMs.
|
||||
|
||||
## Dynamically generated image
|
||||
|
||||
|
||||
@ -8,9 +8,7 @@ manager: aaroncz
|
||||
ms.collection:
|
||||
- highpri
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
ms.date: 6/30/2022
|
||||
ms.technology: itpro-security
|
||||
---
|
||||
|
||||
|
||||
@ -8,13 +8,11 @@ manager: aaroncz
|
||||
ms.collection:
|
||||
- highpri
|
||||
ms.topic: article
|
||||
ms.localizationpriority:
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
ms.date: 6/30/2022
|
||||
ms.technology: itpro-security
|
||||
---
|
||||
|
||||
# Windows Sandbox
|
||||
# Windows Sandbox
|
||||
|
||||
Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine.
|
||||
|
||||
@ -51,7 +49,7 @@ Windows Sandbox has the following properties:
|
||||
- If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:
|
||||
|
||||
```powershell
|
||||
Set-VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true
|
||||
Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
|
||||
```
|
||||
|
||||
3. Use the search bar on the task bar and type **Turn Windows Features on or off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
|
||||
@ -59,7 +57,11 @@ Windows Sandbox has the following properties:
|
||||
If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this analysis is incorrect, review the prerequisite list and steps 1 and 2.
|
||||
|
||||
> [!NOTE]
|
||||
> To enable Sandbox using PowerShell, open PowerShell as Administrator and run **Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online**.
|
||||
> To enable Sandbox using PowerShell, open PowerShell as Administrator and run the following command:
|
||||
>
|
||||
> ```powershell
|
||||
> Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online
|
||||
> ```
|
||||
|
||||
4. Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
|
||||
|
||||
|
||||
@ -54,7 +54,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
|
||||
| Name | Build | Baseline Release Date | Security Tools |
|
||||
| ---- | ----- | --------------------- | -------------- |
|
||||
| Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520) <br> | September 2022<br>|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
|
||||
| Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724) <br> [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [21H1](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| October 2022<br>December 2021<br>May 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
|
||||
| Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724) <br> [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| October 2022<br>December 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
|
||||
Windows 8.1 |[9600 (April Update)](/archive/blogs/secguide/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final)| October 2013| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) |
|
||||
|
||||
<br />
|
||||
|
||||
@ -31,7 +31,6 @@ The Security Compliance Toolkit consists of:
|
||||
- Windows 10 security baselines
|
||||
- Windows 10, version 22H2
|
||||
- Windows 10, version 21H2
|
||||
- Windows 10, version 21H1
|
||||
- Windows 10, version 20H2
|
||||
- Windows 10, version 1809
|
||||
- Windows 10, version 1607
|
||||
|
||||
Reference in New Issue
Block a user