deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

tweaks

Browse Source
This commit is contained in:
Brian Lich
2016-05-20 16:05:44 -07:00
parent 7972a612a2
commit 8060c79a00
2 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/keep-secure/windows-10-security-baselines.md
View File

@ -35,3 +35,6 @@ Here's a list of updates that were made to this version:
- Removed Enhanced Mitigation Experience Toolkit settings. - Removed Enhanced Mitigation Experience Toolkit settings.
- Removed the **Recovery console: Allow automatic administrative logon** setting. - Removed the **Recovery console: Allow automatic administrative logon** setting.
## Related topics
- [Use security baselines in your organization](security-baselines.md)

16
windows/keep-secure/windows-server-security-baselines.md
View File

@ -19,17 +19,7 @@ Use the sections in this topic to learn and what has changed in the Windows Serv
The Windows Server 2012 R2 security baseline is available on the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkID=799382). The Windows Server 2012 R2 security baseline is available on the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkID=799382).
> **Note:** For Windows Server 2012 R2, we do not recommend applying this baseline to servers that are running the following server roles: > **Note:** For Windows Server 2012 R2, we do not recommend applying this baseline to servers that are running the following server roles, such as Hyper-V, Active Directory Certificate Services, DHCP, DNS, File Services, Network Policy and Access, Print Server, Remote Access Services, Remote Desktop Services, and Web Server.
- Hyper-V
- Active Directory Certificate Services
- DHCP
- DNS
- File Services
- Network Policy and Access
- Print Server
- Remote Access Services
- Remote Desktop Services
- Web Server
Here's a list of updates that were made to this version: Here's a list of updates that were made to this version:
@ -54,3 +44,7 @@ Additionally, you can change the following settings to help mitigate Pass-the-ha
- Add **Enterprise Admins** and **Domain Admins** to the **Deny log on as a service** security policy setting on all devices except for domain controllers and privileged access workstations. - Add **Enterprise Admins** and **Domain Admins** to the **Deny log on as a service** security policy setting on all devices except for domain controllers and privileged access workstations.
- Add **Enterprise Admins** and **Domain Admins** to the **Deny log on locally** security policy setting on all devices except for domain controllers and privileged access workstations. - Add **Enterprise Admins** and **Domain Admins** to the **Deny log on locally** security policy setting on all devices except for domain controllers and privileged access workstations.
- Disable the **WDigest Authentication** setting. - Disable the **WDigest Authentication** setting.
## Related topics
- [Use security baselines in your organization](security-baselines.md)