Solved

Thin secure Windows 10

Posted on 2016-10-19
5
76 Views
Last Modified: 2016-10-24
I am starting to think about deploying Windows 10.  Are there any good docs out there that show the minimum install (Required services, apps and such) for a thin windows 10 workstation?  I welcome your opinion as well on what can be shut off and what the effect may be.
0
Comment
Question by:loftyworm
  • 3
5 Comments
 
LVL 53

Accepted Solution

by:
McKnife earned 250 total points
ID: 41850299
About services: http://www.blackviper.com/service-configurations/black-vipers-windows-10-service-configurations/ has always been a good source. He explains, what the column titles mean to him. Be aware, that as soon as you leave the default config, you are not 100% sure anything will works as expected. You can gain a little performance but I wouldn't say it's worth the (small) risk. Better make sure to deploy SSD drives for speed.

About apps: the built-in apps can be uninstalled completely without any side effects. They can be re-enabled if you feel a need later. There are scripts like this:
Get-AppxProvisionedPackage | Remove-AppxProvisionedPackage

Open in new window

that can do the job for you. Dism.exe can be used to even service the install medium already so that those apps will not even be installed in the first place.
Again, the performance gain is not great and disk space saved is marginable.

If you think about a lean windows, ask yourself if the built-in protective measures (bitlocker and win defender) offer reasonable protection and features for you. If so, you might be able to skip installing 3rd party AV and encryption - that would be good for your performance as the MS ones integrate better.
0
 
LVL 11

Author Comment

by:loftyworm
ID: 41850326
TY, I will look it over.  I am less concerned about performance then I am security.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41850436
The default config is not insecure. The ports are closed, the default ACLs are good. What gets people into trouble is usually their own fault and own misconfig.
0
 
LVL 42

Assisted Solution

by:Jackie Man
Jackie Man earned 250 total points
ID: 41851757
Windows 10 hardening and enterprise security
http://www.computerworld.com/article/2968394/microsoft-windows/windows-10-hardening-and-enterprise-security.html

The article in the link above might give you some insights. Focus on the features on Multifactor authentication, Data loss prevention (DLP) and Application control might be on your agenda of the security concerns.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41851805
These measures are something to consider, yes, but not at the stage where he is at (pre-deployment, image creation).
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now