You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/Shiny.gif"width="27"alt="Features Item"> Applying this script makes your PC compliant with Microsoft Security Baselines and Secured-core PC specifications (provided that you use modern hardware that supports the latest Windows security features) - [See what makes a Secured-core PC](https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-highly-secure#what-makes-a-secured-core-pc) - <ahref="#device-guard">Check Device Guard category for more details.</a>
186
186
> [Secured-core](https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-highly-secure) – recommended for the most sensitive systems and industries like financial, healthcare, and government agencies. Builds on the previous layers and leverages advanced processor capabilities to provide protection from firmware attacks.
187
187
188
-
<imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/Shiny.gif"width="27"alt="Features Item"> There are 4 items tagged with **#TopSecurity** <imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/200iq.gif"width="28"alt="TopSecurity"> that can cause some inconvenience but increase security even further. When you run this script, you will have an option to enable them if you want to. Press `Control + F` and search for `#TopSecurity` on this page to find those security measures.
188
+
<imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/Shiny.gif"width="27"alt="Features Item"> There are 5 items tagged with **#TopSecurity** <imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/200iq.gif"width="28"alt="TopSecurity"> that can cause some inconvenience but increase security even further. When you run this script, you will have an option to enable them if you want to. Press `Control + F` and search for `#TopSecurity` on this page to find those security measures.
189
189
190
190
<imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/Shiny.gif"width="27"alt="Features Item"> Since I originally created this repository for myself and people I care about, I always maintain it to the highest possible standard.
* By default, in [Windows 11 22H2](https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-elliptic-curves-in-windows-10-1607-and-later), the order is this:
@@ -565,7 +566,7 @@ NistP384
565
566
- <imgsrc="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/Gifs/bluemark.gif"width="25"alt="Blue Check mark denoting Group Policy"> Changes the [behavior of the elevation prompt for standard users](https://learn.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings#user-account-control-behavior-of-the-elevation-prompt-for-standard-users) from "prompt for credentials" to "prompt for credentials on the secure desktop".
566
567
-**#TopSecurity** <imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/200iq.gif"width="28"alt="TopSecurity"> behavior: Automatically deny all UAC prompts on Standard accounts. **Highly recommended to be used on sensitive critical machines.** Only use Standard account for regular everyday tasks, and if you want to perform administrative tasks such as intalling a program system-wide or changing system settings, completely log out of the Standard account and log into an Administrator account, perform the tasks, then completely log out and log back into the Standard account to continue your work. No [fast user switching](https://learn.microsoft.com/en-us/windows/win32/shell/fast-user-switching) and **absolutely no UAC on Standard accounts.**
567
568
568
-
- <imgsrc="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/Gifs/bluemark.gif"width="25"alt="Blue Check mark denoting Group Policy"> *#TopSecurity* <imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/200iq.gif"width="28"alt="TopSecurity"> Hides the entry points for [Fast User Switching](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowslogon).
569
+
- <imgsrc="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/Gifs/bluemark.gif"width="25"alt="Blue Check mark denoting Group Policy"> **#TopSecurity** <imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/200iq.gif"width="28"alt="TopSecurity"> Hides the entry points for [Fast User Switching](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowslogon).
569
570
570
571
- <imgsrc="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/Gifs/roratinggem.gif"width="28"alt="Rotating pink gem denoting registry or cmdlet"> **(Requires additional confirmation to run):**[Asks for a strong password for the built-in Administrator account and then enables it.](https://github.com/HotCakeX/Harden-Windows-Security/discussions/30#discussioncomment-5627737)
571
572
@@ -773,6 +774,8 @@ These are configurations that are typically *recommended in High-Risk Environmen
773
774
774
775
- <imgsrc="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/Gifs/roratinggem.gif"width="28"alt="Rotating pink gem denoting registry or cmdlet"> Enables **WinVerifyTrust Signature Validation**, [a security feature related to WinVerifyTrust function that handles Windows Authenticode signature verification for portable executable (PE) files.](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900)
775
776
777
+
- <imgsrc="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/Gifs/bluemark.gif"width="25"alt="Blue Check mark denoting Group Policy"> [Blocking Untrusted Fonts](https://learn.microsoft.com/en-us/windows/security/threat-protection/block-untrusted-fonts-in-enterprise) <imgsrc="https://github.com/HotCakeX/Harden-Windows-Security/raw/main/images/Gifs/200iq.gif"width="28"alt="TopSecurity"> **#TopSecurity**
778
+
776
779
<palign="right"><ahref="#menu-back-to-top">💡 (back to categories)</a></p>
0 commit comments