mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-27 20:57:23 +00:00
551 lines
56 KiB
Markdown
551 lines
56 KiB
Markdown
# [Keep Windows 10 secure](index.md)
|
|
## [Change history for Keep Windows 10 secure](change-history-for-keep-windows-10-secure.md)
|
|
## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
|
|
## [Device Guard certification and compliance](device-guard-certification-and-compliance.md)
|
|
### [Get apps to run on Device Guard-protected devices](getting-apps-to-run-on-device-guard-protected-devices.md)
|
|
### [Create a Device Guard code integrity policy based on a reference device](creating-a-device-guard-policy-for-signed-apps.md)
|
|
## [Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md)
|
|
### [Implement Microsoft Passport in your organization](implement-microsoft-passport-in-your-organization.md)
|
|
### [Why a PIN is better than a password](why-a-pin-is-better-than-a-password.md)
|
|
### [Prepare people to use Microsoft Passport](prepare-people-to-use-microsoft-passport.md)
|
|
### [Microsoft Passport and password changes](microsoft-passport-and-password-changes.md)
|
|
### [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md)
|
|
### [Event ID 300 - Passport successfully created](passport-event-300.md)
|
|
## [Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md)
|
|
## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md)
|
|
## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
|
|
## [Protect derived domain credentials with Credential Guard](credential-guard.md)
|
|
## [Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md)
|
|
### [Create an enterprise data protection (EDP) policy](overview-create-edp-policy.md)
|
|
#### [Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md)
|
|
##### [Add multiple apps to your enterprise data protection (EDP) Protected Apps list](add-apps-to-protected-list-using-custom-uri.md)
|
|
##### [Deploy your enterprise data protection (EDP) policy](deploy-edp-policy-using-intune.md)
|
|
##### [Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune](create-vpn-and-edp-policy-using-intune.md)
|
|
#### [Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md)
|
|
### [General guidance and best practices for enterprise data protection (EDP)](guidance-and-best-practices-edp.md)
|
|
#### [Enlightened apps for use with enterprise data protection (EDP)](enlightened-microsoft-apps-and-edp.md)
|
|
#### [Testing scenarios for enterprise data protection (EDP)](testing-scenarios-for-edp.md)
|
|
## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
|
|
## [VPN profile options](vpn-profile-options.md)
|
|
## [Security technologies](security-technologies.md)
|
|
### [AppLocker](applocker-overview.md)
|
|
#### [Administer AppLocker](administer-applocker.md)
|
|
##### [Maintain AppLocker policies](maintain-applocker-policies.md)
|
|
##### [Edit an AppLocker policy](edit-an-applocker-policy.md)
|
|
##### [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md)
|
|
##### [Deploy AppLocker policies by using the enforce rules setting](deploy-applocker-policies-by-using-the-enforce-rules-setting.md)
|
|
##### [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md)
|
|
##### [Use AppLocker and Software Restriction Policies in the same domain](use-applocker-and-software-restriction-policies-in-the-same-domain.md)
|
|
##### [Optimize AppLocker performance](optimize-applocker-performance.md)
|
|
##### [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md)
|
|
##### [Manage packaged apps with AppLocker](manage-packaged-apps-with-applocker.md)
|
|
##### [Working with AppLocker rules](working-with-applocker-rules.md)
|
|
###### [Create a rule that uses a file hash condition](create-a-rule-that-uses-a-file-hash-condition.md)
|
|
###### [Create a rule that uses a path condition](create-a-rule-that-uses-a-path-condition.md)
|
|
###### [Create a rule that uses a publisher condition](create-a-rule-that-uses-a-publisher-condition.md)
|
|
###### [Create AppLocker default rules](create-applocker-default-rules.md)
|
|
###### [Add exceptions for an AppLocker rule](configure-exceptions-for-an-applocker-rule.md)
|
|
###### [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md)
|
|
###### [Delete an AppLocker rule](delete-an-applocker-rule.md)
|
|
###### [Edit AppLocker rules](edit-applocker-rules.md)
|
|
###### [Enable the DLL rule collection](enable-the-dll-rule-collection.md)
|
|
###### [Enforce AppLocker rules](enforce-applocker-rules.md)
|
|
###### [Run the Automatically Generate Rules wizard](run-the-automatically-generate-rules-wizard.md)
|
|
##### [Working with AppLocker policies](working-with-applocker-policies.md)
|
|
###### [Configure the Application Identity service](configure-the-application-identity-service.md)
|
|
###### [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md)
|
|
###### [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md)
|
|
###### [Display a custom URL message when users try to run a blocked app](display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md)
|
|
###### [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md)
|
|
###### [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md)
|
|
###### [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md)
|
|
###### [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md)
|
|
###### [Add rules for packaged apps to existing AppLocker rule-set](add-rules-for-packaged-apps-to-existing-applocker-rule-set.md)
|
|
###### [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md)
|
|
###### [Merge AppLocker policies manually](merge-applocker-policies-manually.md)
|
|
###### [Refresh an AppLocker policy](refresh-an-applocker-policy.md)
|
|
###### [Test an AppLocker policy by using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md)
|
|
#### [AppLocker design guide](applocker-policies-design-guide.md)
|
|
##### [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md)
|
|
##### [Determine your application control objectives](determine-your-application-control-objectives.md)
|
|
##### [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
|
|
###### [Document your app list](document-your-application-list.md)
|
|
##### [Select the types of rules to create](select-types-of-rules-to-create.md)
|
|
###### [Document your AppLocker rules](document-your-applocker-rules.md)
|
|
##### [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
|
|
###### [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md)
|
|
###### [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md)
|
|
###### [Document the Group Policy structure and AppLocker rule enforcement](document-group-policy-structure-and-applocker-rule-enforcement.md)
|
|
##### [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
|
|
###### [Document your application control management processes](document-your-application-control-management-processes.md)
|
|
##### [Create your AppLocker planning document](create-your-applocker-planning-document.md)
|
|
#### [AppLocker deployment guide](applocker-policies-deployment-guide.md)
|
|
##### [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md)
|
|
##### [Requirements for Deploying AppLocker Policies](requirements-for-deploying-applocker-policies.md)
|
|
##### [Use Software Restriction Policies and AppLocker policies](using-software-restriction-policies-and-applocker-policies.md)
|
|
##### [Create Your AppLocker policies](create-your-applocker-policies.md)
|
|
###### [Create Your AppLocker rules](create-your-applocker-rules.md)
|
|
##### [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md)
|
|
###### [Use a reference device to create and maintain AppLocker policies](use-a-reference-computer-to-create-and-maintain-applocker-policies.md)
|
|
####### [Determine which apps are digitally signed on a reference device](determine-which-applications-are-digitally-signed-on-a-reference-computer.md)
|
|
####### [Configure the AppLocker reference device](configure-the-appLocker-reference-device.md)
|
|
#### [AppLocker technical reference](applocker-technical-reference.md)
|
|
##### [What Is AppLocker?](what-is-applocker.md)
|
|
##### [Requirements to use AppLocker](requirements-to-use-applocker.md)
|
|
##### [AppLocker policy use scenarios](applocker-policy-use-scenarios.md)
|
|
##### [How AppLocker works](how-applocker-works-techref.md)
|
|
###### [Understanding AppLocker rule behavior](understanding-applocker-rule-behavior.md)
|
|
###### [Understanding AppLocker rule exceptions](understanding-applocker-rule-exceptions.md)
|
|
###### [Understanding AppLocker rule collections](understanding-applocker-rule-collections.md)
|
|
###### [Understanding AppLocker allow and deny actions on rules](understanding-applocker-allow-and-deny-actions-on-rules.md)
|
|
###### [Understanding AppLocker rule condition types](understanding-applocker-rule-condition-types.md)
|
|
####### [Understanding the publisher rule condition in AppLocker](understanding-the-publisher-rule-condition-in-applocker.md)
|
|
####### [Understanding the path rule condition in AppLocker](understanding-the-path-rule-condition-in-applocker.md)
|
|
####### [Understanding the file hash rule condition in AppLocker](understanding-the-file-hash-rule-condition-in-applocker.md)
|
|
###### [Understanding AppLocker default rules](understanding-applocker-default-rules.md)
|
|
####### [Executable rules in AppLocker](executable-rules-in-applocker.md)
|
|
####### [Windows Installer rules in AppLocker](windows-installer-rules-in-applocker.md)
|
|
####### [Script rules in AppLocker](script-rules-in-applocker.md)
|
|
####### [DLL rules in AppLocker](dll-rules-in-applocker.md)
|
|
####### [Packaged apps and packaged app installer rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md)
|
|
##### [AppLocker architecture and components](applocker-architecture-and-components.md)
|
|
##### [AppLocker processes and interactions](applocker-processes-and-interactions.md)
|
|
##### [AppLocker functions](applocker-functions.md)
|
|
##### [Security considerations for AppLocker](security-considerations-for-applocker.md)
|
|
##### [Tools to Use with AppLocker](tools-to-use-with-applocker.md)
|
|
###### [Using Event Viewer with AppLocker](using-event-viewer-with-applocker.md)
|
|
##### [AppLocker Settings](applocker-settings.md)
|
|
### [BitLocker](bitlocker-overview.md)
|
|
#### [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.md)
|
|
#### [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
|
|
#### [BitLocker basic deployment](bitlocker-basic-deployment.md)
|
|
#### [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md)
|
|
#### [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
|
|
#### [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)
|
|
#### [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md)
|
|
#### [BitLocker Group Policy settings](bitlocker-group-policy-settings.md)
|
|
#### [BCD settings and BitLocker](bcd-settings-and-bitlocker.md)
|
|
#### [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)
|
|
#### [Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md)
|
|
##### [Types of attacks for volume encryption keys](types-of-attacks-for-volume-encryption-keys.md)
|
|
##### [BitLocker Countermeasures](bitlocker-countermeasures.md)
|
|
##### [Choose the Right BitLocker Countermeasure](choose-the-right-bitlocker-countermeasure.md)
|
|
#### [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)
|
|
### [Encrypted Hard Drive](encrypted-hard-drive.md)
|
|
### [Security auditing](security-auditing-overview.md)
|
|
#### [Basic security audit policies](basic-security-audit-policies.md)
|
|
##### [Create a basic audit policy for an event category](create-a-basic-audit-policy-settings-for-an-event-category.md)
|
|
##### [Apply a basic audit policy on a file or folder](apply-a-basic-audit-policy-on-a-file-or-folder.md)
|
|
##### [View the security event log](view-the-security-event-log.md)
|
|
##### [Basic security audit policy settings](basic-security-audit-policy-settings.md)
|
|
###### [Audit account logon events](basic-audit-account-logon-events.md)
|
|
###### [Audit account management](basic-audit-account-management.md)
|
|
###### [Audit directory service access](basic-audit-directory-service-access.md)
|
|
###### [Audit logon events](basic-audit-logon-events.md)
|
|
###### [Audit object access](basic-audit-object-access.md)
|
|
###### [Audit policy change](basic-audit-policy-change.md)
|
|
###### [Audit privilege use](basic-audit-privilege-use.md)
|
|
###### [Audit process tracking](basic-audit-process-tracking.md)
|
|
###### [Audit system events](basic-audit-system-events.md)
|
|
#### [Advanced security audit policies](advanced-security-auditing.md)
|
|
##### [Planning and deploying advanced security audit policies](planning-and-deploying-advanced-security-audit-policies.md)
|
|
##### [Advanced security auditing FAQ](advanced-security-auditing-faq.md)
|
|
###### [Which editions of Windows support advanced audit policy configuration](which-editions-of-windows-support-advanced-audit-policy-configuration.md)
|
|
##### [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md)
|
|
###### [Monitor the central access policies that apply on a file server](monitor-the-central-access-policies-that-apply-on-a-file-server.md)
|
|
###### [Monitor the use of removable storage devices](monitor-the-use-of-removable-storage-devices.md)
|
|
###### [Monitor resource attribute definitions](monitor-resource-attribute-definitions.md)
|
|
###### [Monitor central access policy and rule definitions](monitor-central-access-policy-and-rule-definitions.md)
|
|
###### [Monitor user and device claims during sign-in](monitor-user-and-device-claims-during-sign-in.md)
|
|
###### [Monitor the resource attributes on files and folders](monitor-the-resource-attributes-on-files-and-folders.md)
|
|
###### [Monitor the central access policies associated with files and folders](monitor-the-central-access-policies-associated-with-files-and-folders.md)
|
|
###### [Monitor claim types](monitor-claim-types.md)
|
|
##### [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
|
|
###### [Audit Credential Validation](audit-credential-validation.md)
|
|
###### [Audit Kerberos Authentication Service ](audit-kerberos-authentication-service.md)
|
|
###### [Audit Kerberos Service Ticket Operations](audit-kerberos-service-ticket-operations.md)
|
|
###### [Audit Other Account Logon Events ](audit-other-account-logon-events.md)
|
|
###### [Audit Application Group Management](audit-application-group-management.md)
|
|
###### [Audit Computer Account Management](audit-computer-account-management.md)
|
|
###### [Audit Distribution Group Management](audit-distribution-group-management.md)
|
|
###### [Audit Other Account Management Events](audit-other-account-management-events.md)
|
|
###### [Audit Security Group Management](audit-security-group-management.md)
|
|
###### [Audit User Account Management](audit-user-account-management.md)
|
|
###### [Audit DPAPI Activity](audit-dpapi-activity.md)
|
|
###### [Audit PNP Activity](audit-pnp-activity.md)
|
|
###### [Audit Process Creation](audit-process-creation.md)
|
|
###### [Audit Process Termination ](audit-process-termination.md)
|
|
###### [Audit RPC Events](audit-rpc-events.md)
|
|
###### [Audit Detailed Directory Service Replication](audit-detailed-directory-service-replication.md)
|
|
###### [Audit Directory Service Access](audit-directory-service-access.md)
|
|
###### [Audit Directory Service Changes](audit-directory-service-changes.md)
|
|
###### [Audit Directory Service Replication](audit-directory-service-replication.md)
|
|
###### [Audit Account Lockout ](audit-account-lockout.md)
|
|
###### [Audit User/Device Claims](audit-user-device-claims.md)
|
|
###### [Audit Group Membership](audit-group-membership.md)
|
|
###### [Audit IPsec Extended Mode](audit-ipsec-extended-mode.md)
|
|
###### [Audit IPsec Main Mode](audit-ipsec-main-mode.md)
|
|
###### [Audit IPsec Quick Mode](audit-ipsec-quick-mode.md)
|
|
###### [Audit Logoff](audit-logoff.md)
|
|
###### [Audit Logon](audit-logon.md)
|
|
###### [Audit Network Policy Server](audit-network-policy-server.md)
|
|
###### [Audit Other Logon/Logoff Events](audit-other-logonlogoff-events.md)
|
|
###### [Audit Special Logon](audit-special-logon.md)
|
|
###### [Audit Application Generated](audit-application-generated.md)
|
|
###### [Audit Certification Services](audit-certification-services.md)
|
|
###### [Audit Detailed File Share ](audit-detailed-file-share.md)
|
|
###### [Audit File Share](audit-file-share.md)
|
|
###### [Audit File System](audit-file-system.md)
|
|
###### [Audit Filtering Platform Connection](audit-filtering-platform-connection.md)
|
|
###### [Audit Filtering Platform Packet Drop ](audit-filtering-platform-packet-drop.md)
|
|
###### [Audit Handle Manipulation](audit-handle-manipulation.md)
|
|
###### [Audit Kernel Object ](audit-kernel-object.md)
|
|
###### [Audit Other Object Access Events](audit-other-object-access-events.md)
|
|
###### [Audit Registry](audit-registry.md)
|
|
###### [Audit Removable Storage](audit-removable-storage.md)
|
|
###### [Audit SAM ](audit-sam.md)
|
|
###### [Audit Central Access Policy Staging](audit-central-access-policy-staging.md)
|
|
###### [Audit Audit Policy Change](audit-audit-policy-change.md)
|
|
###### [Audit Authentication Policy Change](audit-authentication-policy-change.md)
|
|
###### [Audit Authorization Policy Change](audit-authorization-policy-change.md)
|
|
###### [Audit Filtering Platform Policy Change](audit-filtering-platform-policy-change.md)
|
|
###### [Audit MPSSVC Rule-Level Policy Change](audit-mpssvc-rule-level-policy-change.md)
|
|
###### [Audit Other Policy Change Events](audit-other-policy-change-events.md)
|
|
###### [Audit Sensitive Privilege Use ](audit-sensitive-privilege-use.md)
|
|
###### [Audit Non-Sensitive Privilege Use ](audit-non-sensitive-privilege-use.md)
|
|
###### [Audit Other Privilege Use Events ](audit-other-privilege-use-events.md)
|
|
###### [Audit IPsec Driver](audit-ipsec-driver.md)
|
|
###### [Audit Other System Events](audit-other-system-events.md)
|
|
###### [Audit Security State Change](audit-security-state-change.md)
|
|
###### [Audit Security System Extension](audit-security-system-extension.md)
|
|
###### [Audit System Integrity](audit-system-integrity.md)
|
|
###### [Registry (Global Object Access Auditing) ](registry-global-object-access-auditing.md)
|
|
###### [File System (Global Object Access Auditing) ](file-system-global-object-access-auditing.md)
|
|
### [Security policy settings](security-policy-settings.md)
|
|
#### [Administer security policy settings](administer-security-policy-settings.md)
|
|
##### [Network List Manager policies](network-list-manager-policies.md)
|
|
#### [Configure security policy settings](how-to-configure-security-policy-settings.md)
|
|
#### [Security policy settings reference](security-policy-settings-reference.md)
|
|
##### [Account Policies](account-policies.md)
|
|
###### [Password Policy](password-policy.md)
|
|
####### [Enforce password history](enforce-password-history.md)
|
|
####### [Maximum password age](maximum-password-age.md)
|
|
####### [Minimum password age](minimum-password-age.md)
|
|
####### [Minimum password length](minimum-password-length.md)
|
|
####### [Password must meet complexity requirements](password-must-meet-complexity-requirements.md)
|
|
####### [Store passwords using reversible encryption](store-passwords-using-reversible-encryption.md)
|
|
###### [Account Lockout Policy](account-lockout-policy.md)
|
|
####### [Account lockout duration](account-lockout-duration.md)
|
|
####### [Account lockout threshold](account-lockout-threshold.md)
|
|
####### [Reset account lockout counter after](reset-account-lockout-counter-after.md)
|
|
###### [Kerberos Policy](kerberos-policy.md)
|
|
####### [Enforce user logon restrictions](enforce-user-logon-restrictions.md)
|
|
####### [Maximum lifetime for service ticket](maximum-lifetime-for-service-ticket.md)
|
|
####### [Maximum lifetime for user ticket](maximum-lifetime-for-user-ticket.md)
|
|
####### [Maximum lifetime for user ticket renewal](maximum-lifetime-for-user-ticket-renewal.md)
|
|
####### [Maximum tolerance for computer clock synchronization](maximum-tolerance-for-computer-clock-synchronization.md)
|
|
##### [Audit Policy](audit-policy.md)
|
|
##### [Security Options](security-options.md)
|
|
###### [Accounts: Administrator account status](accounts-administrator-account-status.md)
|
|
###### [Accounts: Block Microsoft accounts](accounts-block-microsoft-accounts.md)
|
|
###### [Accounts: Guest account status](accounts-guest-account-status.md)
|
|
###### [Accounts: Limit local account use of blank passwords to console logon only](accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md)
|
|
###### [Accounts: Rename administrator account](accounts-rename-administrator-account.md)
|
|
###### [Accounts: Rename guest account](accounts-rename-guest-account.md)
|
|
###### [Audit: Audit the access of global system objects](audit-audit-the-access-of-global-system-objects.md)
|
|
###### [Audit: Audit the use of Backup and Restore privilege](audit-audit-the-use-of-backup-and-restore-privilege.md)
|
|
###### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](audit-force-audit-policy-subcategory-settings-to-override.md)
|
|
###### [Audit: Shut down system immediately if unable to log security audits](audit-shut-down-system-immediately-if-unable-to-log-security-audits.md)
|
|
###### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
|
|
###### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
|
|
###### [Devices: Allow undock without having to log on](devices-allow-undock-without-having-to-log-on.md)
|
|
###### [Devices: Allowed to format and eject removable media](devices-allowed-to-format-and-eject-removable-media.md)
|
|
###### [Devices: Prevent users from installing printer drivers](devices-prevent-users-from-installing-printer-drivers.md)
|
|
###### [Devices: Restrict CD-ROM access to locally logged-on user only](devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md)
|
|
###### [Devices: Restrict floppy access to locally logged-on user only](devices-restrict-floppy-access-to-locally-logged-on-user-only.md)
|
|
###### [Domain controller: Allow server operators to schedule tasks](domain-controller-allow-server-operators-to-schedule-tasks.md)
|
|
###### [Domain controller: LDAP server signing requirements](domain-controller-ldap-server-signing-requirements.md)
|
|
###### [Domain controller: Refuse machine account password changes](domain-controller-refuse-machine-account-password-changes.md)
|
|
###### [Domain member: Digitally encrypt or sign secure channel data (always)](domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md)
|
|
###### [Domain member: Digitally encrypt secure channel data (when possible)](domain-member-digitally-encrypt-secure-channel-data-when-possible.md)
|
|
###### [Domain member: Digitally sign secure channel data (when possible)](domain-member-digitally-sign-secure-channel-data-when-possible.md)
|
|
###### [Domain member: Disable machine account password changes](domain-member-disable-machine-account-password-changes.md)
|
|
###### [Domain member: Maximum machine account password age](domain-member-maximum-machine-account-password-age.md)
|
|
###### [Domain member: Require strong (Windows 2000 or later) session key](domain-member-require-strong-windows-2000-or-later-session-key.md)
|
|
###### [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md)
|
|
###### [Interactive logon: Do not display last user name](interactive-logon-do-not-display-last-user-name.md)
|
|
###### [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md)
|
|
###### [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md)
|
|
###### [Interactive logon: Machine inactivity limit](interactive-logon-machine-inactivity-limit.md)
|
|
###### [Interactive logon: Message text for users attempting to log on](interactive-logon-message-text-for-users-attempting-to-log-on.md)
|
|
###### [Interactive logon: Message title for users attempting to log on](interactive-logon-message-title-for-users-attempting-to-log-on.md)
|
|
###### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md)
|
|
###### [Interactive logon: Prompt user to change password before expiration](interactive-logon-prompt-user-to-change-password-before-expiration.md)
|
|
###### [Interactive logon: Require Domain Controller authentication to unlock workstation](interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md)
|
|
###### [Interactive logon: Require smart card](interactive-logon-require-smart-card.md)
|
|
###### [Interactive logon: Smart card removal behavior](interactive-logon-smart-card-removal-behavior.md)
|
|
###### [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md)
|
|
###### [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
|
|
###### [Microsoft network client: Send unencrypted password to third-party SMB servers](microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md)
|
|
###### [Microsoft network server: Amount of idle time required before suspending session](microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md)
|
|
###### [Microsoft network server: Attempt S4U2Self to obtain claim information](microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md)
|
|
###### [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md)
|
|
###### [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
|
|
###### [Microsoft network server: Disconnect clients when logon hours expire](microsoft-network-server-disconnect-clients-when-logon-hours-expire.md)
|
|
###### [Microsoft network server: Server SPN target name validation level](microsoft-network-server-server-spn-target-name-validation-level.md)
|
|
###### [Network access: Allow anonymous SID/Name translation](network-access-allow-anonymous-sidname-translation.md)
|
|
###### [Network access: Do not allow anonymous enumeration of SAM accounts](network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md)
|
|
###### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md)
|
|
###### [Network access: Do not allow storage of passwords and credentials for network authentication](network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md)
|
|
###### [Network access: Let Everyone permissions apply to anonymous users](network-access-let-everyone-permissions-apply-to-anonymous-users.md)
|
|
###### [Network access: Named Pipes that can be accessed anonymously](network-access-named-pipes-that-can-be-accessed-anonymously.md)
|
|
###### [Network access: Remotely accessible registry paths](network-access-remotely-accessible-registry-paths.md)
|
|
###### [Network access: Remotely accessible registry paths and subpaths](network-access-remotely-accessible-registry-paths-and-subpaths.md)
|
|
###### [Network access: Restrict anonymous access to Named Pipes and Shares](network-access-restrict-anonymous-access-to-named-pipes-and-shares.md)
|
|
###### [Network access: Shares that can be accessed anonymously](network-access-shares-that-can-be-accessed-anonymously.md)
|
|
###### [Network access: Sharing and security model for local accounts](network-access-sharing-and-security-model-for-local-accounts.md)
|
|
###### [Network security: Allow Local System to use computer identity for NTLM](network-security-allow-local-system-to-use-computer-identity-for-ntlm.md)
|
|
###### [Network security: Allow LocalSystem NULL session fallback](network-security-allow-localsystem-null-session-fallback.md)
|
|
###### [Network security: Allow PKU2U authentication requests to this computer to use online identities](network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md)
|
|
###### [Network security: Configure encryption types allowed for Kerberos Win7 only](network-security-configure-encryption-types-allowed-for-kerberos.md)
|
|
###### [Network security: Do not store LAN Manager hash value on next password change](network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md)
|
|
###### [Network security: Force logoff when logon hours expire](network-security-force-logoff-when-logon-hours-expire.md)
|
|
###### [Network security: LAN Manager authentication level](network-security-lan-manager-authentication-level.md)
|
|
###### [Network security: LDAP client signing requirements](network-security-ldap-client-signing-requirements.md)
|
|
###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md)
|
|
###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md)
|
|
###### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md)
|
|
###### [Network security: Restrict NTLM: Add server exceptions in this domain](network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md)
|
|
###### [Network security: Restrict NTLM: Audit incoming NTLM traffic](network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md)
|
|
###### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md)
|
|
###### [Network security: Restrict NTLM: Incoming NTLM traffic](network-security-restrict-ntlm-incoming-ntlm-traffic.md)
|
|
###### [Network security: Restrict NTLM: NTLM authentication in this domain](network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md)
|
|
###### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md)
|
|
###### [Recovery console: Allow automatic administrative logon](recovery-console-allow-automatic-administrative-logon.md)
|
|
###### [Recovery console: Allow floppy copy and access to all drives and folders](recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md)
|
|
###### [Shutdown: Allow system to be shut down without having to log on](shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)
|
|
###### [Shutdown: Clear virtual memory pagefile](shutdown-clear-virtual-memory-pagefile.md)
|
|
###### [System cryptography: Force strong key protection for user keys stored on the computer](system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)
|
|
###### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)
|
|
###### [System objects: Require case insensitivity for non-Windows subsystems](system-objects-require-case-insensitivity-for-non-windows-subsystems.md)
|
|
###### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](system-objects-strengthen-default-permissions-of-internal-system-objects.md)
|
|
###### [System settings: Optional subsystems](system-settings-optional-subsystems.md)
|
|
###### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md)
|
|
###### [User Account Control: Admin Approval Mode for the Built-in Administrator account](user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md)
|
|
###### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md)
|
|
###### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md)
|
|
###### [User Account Control: Behavior of the elevation prompt for standard users](user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md)
|
|
###### [User Account Control: Detect application installations and prompt for elevation](user-account-control-detect-application-installations-and-prompt-for-elevation.md)
|
|
###### [User Account Control: Only elevate executables that are signed and validated](user-account-control-only-elevate-executables-that-are-signed-and-validated.md)
|
|
###### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md)
|
|
###### [User Account Control: Run all administrators in Admin Approval Mode](user-account-control-run-all-administrators-in-admin-approval-mode.md)
|
|
###### [User Account Control: Switch to the secure desktop when prompting for elevation](user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md)
|
|
###### [User Account Control: Virtualize file and registry write failures to per-user locations](user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md)
|
|
##### [Advanced security audit policy settings](secpol-advanced-security-audit-policy-settings.md)
|
|
##### [User Rights Assignment](user-rights-assignment.md)
|
|
###### [Access Credential Manager as a trusted caller](access-credential-manager-as-a-trusted-caller.md)
|
|
###### [Access this computer from the network](access-this-computer-from-the-network.md)
|
|
###### [Act as part of the operating system](act-as-part-of-the-operating-system.md)
|
|
###### [Add workstations to domain](add-workstations-to-domain.md)
|
|
###### [Adjust memory quotas for a process](adjust-memory-quotas-for-a-process.md)
|
|
###### [Allow log on locally](allow-log-on-locally.md)
|
|
###### [Allow log on through Remote Desktop Services](allow-log-on-through-remote-desktop-services.md)
|
|
###### [Back up files and directories](back-up-files-and-directories.md)
|
|
###### [Bypass traverse checking](bypass-traverse-checking.md)
|
|
###### [Change the system time](change-the-system-time.md)
|
|
###### [Change the time zone](change-the-time-zone.md)
|
|
###### [Create a pagefile](create-a-pagefile.md)
|
|
###### [Create a token object](create-a-token-object.md)
|
|
###### [Create global objects](create-global-objects.md)
|
|
###### [Create permanent shared objects](create-permanent-shared-objects.md)
|
|
###### [Create symbolic links](create-symbolic-links.md)
|
|
###### [Debug programs](debug-programs.md)
|
|
###### [Deny access to this computer from the network](deny-access-to-this-computer-from-the-network.md)
|
|
###### [Deny log on as a batch job](deny-log-on-as-a-batch-job.md)
|
|
###### [Deny log on as a service](deny-log-on-as-a-service.md)
|
|
###### [Deny log on locally](deny-log-on-locally.md)
|
|
###### [Deny log on through Remote Desktop Services](deny-log-on-through-remote-desktop-services.md)
|
|
###### [Enable computer and user accounts to be trusted for delegation](enable-computer-and-user-accounts-to-be-trusted-for-delegation.md)
|
|
###### [Force shutdown from a remote system](force-shutdown-from-a-remote-system.md)
|
|
###### [Generate security audits](generate-security-audits.md)
|
|
###### [Impersonate a client after authentication](impersonate-a-client-after-authentication.md)
|
|
###### [Increase a process working set](increase-a-process-working-set.md)
|
|
###### [Increase scheduling priority](increase-scheduling-priority.md)
|
|
###### [Load and unload device drivers](load-and-unload-device-drivers.md)
|
|
###### [Lock pages in memory](lock-pages-in-memory.md)
|
|
###### [Log on as a batch job](log-on-as-a-batch-job.md)
|
|
###### [Log on as a service](log-on-as-a-service.md)
|
|
###### [Manage auditing and security log](manage-auditing-and-security-log.md)
|
|
###### [Modify an object label](modify-an-object-label.md)
|
|
###### [Modify firmware environment values](modify-firmware-environment-values.md)
|
|
###### [Perform volume maintenance tasks](perform-volume-maintenance-tasks.md)
|
|
###### [Profile single process](profile-single-process.md)
|
|
###### [Profile system performance](profile-system-performance.md)
|
|
###### [Remove computer from docking station](remove-computer-from-docking-station.md)
|
|
###### [Replace a process level token](replace-a-process-level-token.md)
|
|
###### [Restore files and directories](restore-files-and-directories.md)
|
|
###### [Shut down the system](shut-down-the-system.md)
|
|
###### [Synchronize directory service data](synchronize-directory-service-data.md)
|
|
###### [Take ownership of files or other objects](take-ownership-of-files-or-other-objects.md)
|
|
### [Trusted Platform Module](trusted-platform-module-overview.md)
|
|
#### [TPM fundamentals](tpm-fundamentals.md)
|
|
#### [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md)
|
|
#### [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md)
|
|
#### [Backup the TPM recovery Information to AD DS](backup-tpm-recovery-information-to-ad-ds.md)
|
|
#### [Manage TPM commands](manage-tpm-commands.md)
|
|
#### [Manage TPM lockout](manage-tpm-lockout.md)
|
|
#### [Change the TPM owner password](change-the-tpm-owner-password.md)
|
|
#### [Initialize and configure ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md)
|
|
#### [Switch PCR banks on TPM 2.0 devices](switch-pcr-banks-on-tpm-2-0-devices.md)
|
|
#### [TPM recommendations](tpm-recommendations.md)
|
|
### [User Account Control](user-account-control-overview.md)
|
|
#### [How User Account Control works](how-user-account-control-works.md)
|
|
#### [User Account Control security policy settings](user-account-control-security-policy-settings.md)
|
|
#### [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md)
|
|
### [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
|
|
#### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
|
|
#### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
|
|
#### [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md)
|
|
<!--##### [Service onboarding](service-onboarding-windows-defender-advanced-threat-protection.md)-->
|
|
##### [Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
|
|
##### [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
|
##### [Additional configuration settings](additional-configuration-windows-defender-advanced-threat-protection.md)
|
|
##### [Monitor onboarding](monitor-onboarding-windows-defender-advanced-threat-protection.md)
|
|
##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
|
#### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
|
|
#### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
|
|
##### [View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
|
|
##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
|
|
##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
|
|
##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
|
|
##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
|
|
##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
|
|
##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
|
|
##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
|
#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
|
|
#### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
|
|
#### [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
|
|
### [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
|
|
#### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
|
|
#### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)
|
|
#### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)
|
|
### [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
|
|
#### [Isolating Windows Store Apps on Your Network](isolating-apps-on-your-network.md)
|
|
#### [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
|
|
#### [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
|
|
#### [Windows Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md)
|
|
##### [Understanding the Windows Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
|
|
##### [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
|
|
###### [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)
|
|
###### [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)
|
|
###### [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)
|
|
###### [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)
|
|
##### [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
|
|
###### [Basic Firewall Policy Design](basic-firewall-policy-design.md)
|
|
###### [Domain Isolation Policy Design](domain-isolation-policy-design.md)
|
|
###### [Server Isolation Policy Design](server-isolation-policy-design.md)
|
|
###### [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)
|
|
##### [Evaluating Windows Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
|
|
###### [Firewall Policy Design Example](firewall-policy-design-example.md)
|
|
###### [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)
|
|
###### [Server Isolation Policy Design Example](server-isolation-policy-design-example.md)
|
|
###### [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)
|
|
##### [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
|
|
###### [Gathering the Information You Need](gathering-the-information-you-need.md)
|
|
####### [Gathering Information about Your Current Network Infrastructure](gathering-information-about-your-current-network-infrastructure.md)
|
|
####### [Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md)
|
|
####### [Gathering Information about Your Computers](gathering-information-about-your-computers.md)
|
|
####### [Gathering Other Relevant Information](gathering-other-relevant-information.md)
|
|
###### [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-computers.md)
|
|
##### [Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md)
|
|
###### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
|
|
###### [Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
|
|
####### [Exemption List](exemption-list.md)
|
|
####### [Isolated Domain](isolated-domain.md)
|
|
####### [Boundary Zone](boundary-zone.md)
|
|
####### [Encryption Zone](encryption-zone.md)
|
|
###### [Planning Server Isolation Zones](planning-server-isolation-zones.md)
|
|
###### [Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
|
|
###### [Documenting the Zones](documenting-the-zones.md)
|
|
###### [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
|
|
####### [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
|
|
####### [Planning Network Access Groups](planning-network-access-groups.md)
|
|
####### [Planning the GPOs](planning-the-gpos.md)
|
|
######## [Firewall GPOs](firewall-gpos.md)
|
|
######### [GPO_DOMISO_Firewall](gpo-domiso-firewall.md)
|
|
######## [Isolated Domain GPOs](isolated-domain-gpos.md)
|
|
######### [GPO_DOMISO_IsolatedDomain_Clients](gpo-domiso-isolateddomain-clients.md)
|
|
######### [GPO_DOMISO_IsolatedDomain_Servers](gpo-domiso-isolateddomain-servers.md)
|
|
######## [Boundary Zone GPOs](boundary-zone-gpos.md)
|
|
######### [GPO_DOMISO_Boundary_WS2008](gpo-domiso-boundary-ws2008.md)
|
|
######## [Encryption Zone GPOs](encryption-zone-gpos.md)
|
|
######### [GPO_DOMISO_Encryption_WS2008](gpo-domiso-encryption-ws2008.md)
|
|
######## [Server Isolation GPOs](server-isolation-gpos.md)
|
|
####### [Planning GPO Deployment](planning-gpo-deployment.md)
|
|
##### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
|
|
##### [Additional Resources](additional-resources-wfasdesign.md)
|
|
#### [Windows Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
|
|
##### [Planning to Deploy Windows Firewall with Advanced Security](planning-to-deploy-windows-firewall-with-advanced-security.md)
|
|
##### [Implementing Your Windows Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
|
|
##### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
|
|
##### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
|
|
###### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
|
|
###### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
|
|
###### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
|
|
##### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
|
|
###### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
|
|
###### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
|
|
###### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
|
|
###### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
|
|
##### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
|
|
###### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
|
|
###### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
|
|
##### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
|
|
##### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
|
|
###### [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)
|
|
###### [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)
|
|
###### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
|
|
###### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
|
|
###### [Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
|
|
###### [Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
|
|
###### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
|
|
###### [Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
|
|
###### [Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
|
|
###### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
|
|
###### [Configure the Workstation Authentication Certificate Template[wfas_dep]](configure-the-workstation-authentication-certificate-templatewfas-dep.md)
|
|
###### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
|
|
###### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
|
|
###### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
|
|
###### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
|
|
###### [Create a Group Policy Object](create-a-group-policy-object.md)
|
|
###### [Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
|
|
###### [Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
|
|
###### [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
|
|
###### [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
|
|
###### [Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
|
|
###### [Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
|
|
###### [Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
|
|
###### [Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
|
|
###### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
|
|
###### [Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
|
|
###### [Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
|
|
###### [Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
|
|
###### [Install Active Directory Certificate Services](install-active-directory-certificate-services.md)
|
|
###### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
|
|
###### [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
|
|
###### [Open the Group Policy Management Console to IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
|
|
###### [Open the Group Policy Management Console to Windows Firewall](open-the-group-policy-management-console-to-windows-firewall.md)
|
|
###### [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
|
|
###### [Open Windows Firewall with Advanced Security](open-windows-firewall-with-advanced-security.md)
|
|
###### [Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)
|
|
###### [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md)
|
|
###### [Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)
|
|
###### [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
|
|
##### [Additional Resources[wfas_deploy]](additional-resourceswfas-deploy.md)
|
|
## [Enterprise security guides](windows-10-enterprise-security-guides.md)
|
|
### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
|
|
### [Device Guard deployment guide](device-guard-deployment-guide.md)
|
|
### [Microsoft Passport guide](microsoft-passport-guide.md)
|
|
### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
|
|
### [Windows 10 security overview](windows-10-security-guide.md)
|