[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

Thin secure Windows 10

I am starting to think about deploying Windows 10.  Are there any good docs out there that show the minimum install (Required services, apps and such) for a thin windows 10 workstation?  I welcome your opinion as well on what can be shut off and what the effect may be.
0
loftyworm
Asked:
loftyworm
  • 3
2 Solutions
 
McKnifeCommented:
About services: http://www.blackviper.com/service-configurations/black-vipers-windows-10-service-configurations/ has always been a good source. He explains, what the column titles mean to him. Be aware, that as soon as you leave the default config, you are not 100% sure anything will works as expected. You can gain a little performance but I wouldn't say it's worth the (small) risk. Better make sure to deploy SSD drives for speed.

About apps: the built-in apps can be uninstalled completely without any side effects. They can be re-enabled if you feel a need later. There are scripts like this:
Get-AppxProvisionedPackage | Remove-AppxProvisionedPackage

Open in new window

that can do the job for you. Dism.exe can be used to even service the install medium already so that those apps will not even be installed in the first place.
Again, the performance gain is not great and disk space saved is marginable.

If you think about a lean windows, ask yourself if the built-in protective measures (bitlocker and win defender) offer reasonable protection and features for you. If so, you might be able to skip installing 3rd party AV and encryption - that would be good for your performance as the MS ones integrate better.
0
 
loftywormAuthor Commented:
TY, I will look it over.  I am less concerned about performance then I am security.
0
 
McKnifeCommented:
The default config is not insecure. The ports are closed, the default ACLs are good. What gets people into trouble is usually their own fault and own misconfig.
0
 
Jackie ManCommented:
Windows 10 hardening and enterprise security
http://www.computerworld.com/article/2968394/microsoft-windows/windows-10-hardening-and-enterprise-security.html

The article in the link above might give you some insights. Focus on the features on Multifactor authentication, Data loss prevention (DLP) and Application control might be on your agenda of the security concerns.
0
 
McKnifeCommented:
These measures are something to consider, yes, but not at the stage where he is at (pre-deployment, image creation).
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now