Jump to content
Jon

CESG Releases Windows 10 Guidance for Official Clearance Level

Recommended Posts

I've had an alert setup for the release of this document because I had to follow a lot of CESG guidance on a previous contract and the guidance on Microsoft Accounts / Windows Store on Windows 8.1 and it was quite interesting. Today they have released their Windows 10 guidance and it's worth a read. Quite dry as it's a list of Group Policy settings mainly, but interesting:

https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-10

Of note:

  • Cortana: Disabled
  • OneDrive (consumer): Disabled
  • Settings sync: Disabled
  • Windows Store: Disabled (but with a note that in Windows 10 you can create a company store and whitelist applications)
  • Microsoft Passport: Disabled
  • Microsoft Account (consumer): Disabled

What is also interesting is that the millions of privacy options and reg hacks that have been going around are not in there, so might have been a storm in a tea cup after all.

There is also some guidance on using cloud services for those secure organisations that need to:

https://www.gov.uk/government/collections/cloud-security-guidance

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By somebadhat
      Restore blank Windows 10 start menu icons.
      ; RESTORE BLANK WINDOWS 10 START MENU ICONS. ; TOGGLE SETTINGS-START-"USE START FULL SCREEN" TWICE ; THIS WILL RESTORE SOME OF THE BLANK ICONS ; FOR THOSE THAT IT DOES NOT REDO "CHANGE ICON" FROM THE PROPERTIES DIALOG BOX FOR EACH MISSING ICON. ; "C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe" "F:\MYAPPS\WINDOWS\StartMenu1.au3" ; windows 10 and autoit3 AutoItSetOption ("SendKeyDelay" , "1000") Run(@ComSpec & " /c start ms-settings:personalization-start", "", @SW_SHOWMINIMIZED) Sleep(1000) ; send("{tab 8}{space}{tab 6}") ; Move to "use start full screen", toggle it and (improves reliability) return cursor to "find a setting" search box. MouseClick("left", 379, 490, 1, 0) ; Change as needed. Autoitv3 Window Info MouseClick Coords are 23px north. If y=467 use y=490 Sleep(250) ; Msgbox(0,"Operation halted","Continue?") ; PAUSE FOR DEBUG WinClose("[CLASS:ApplicationFrameWindow]", "") Send("{LWIN 2}") ; OPEN AND CLOSE THE START MENU Run(@ComSpec & " /c start ms-settings:personalization-start", "", @SW_SHOWMINIMIZED) Sleep(1000) ; send("{tab 8}{space}{tab 6}") ; Move to "use start full screen", toggle it and (improves reliability) return cursor to "find a setting" search box. MouseClick("left", 379, 490, 1, 0) ; Change as needed. Autoitv3 Window Info MouseClick Coords are 23px north. If y=467 use y=490 Sleep(250) ; Msgbox(0,"Operation halted","Continue?") ; PAUSE FOR DEBUG WinClose("[CLASS:ApplicationFrameWindow]", "") Send("{LWIN}") ; OPEN START MENU sleep(2000) Send("{LWIN}") ; CLOSE START MENU Exit
    • By Simpel
      Hi,
      at work we changed now from windows 7 to windows 10. Suddenly this command _GUICtrlListView_GetHotItem() isn't working anymore for me. When I drag&drop a listviewitem it always returns -1.
      Here is the script that worked with WIN7:
      #include <GUIConstantsEx.au3> #include <GuiListView.au3> #include <Misc.au3> Local $aArray_Base[5][2] = [["0 - 0", "0 - 1"], ["1 - 0", "1 - 1"], ["2 - 0", "2 - 1"], ["3 - 0", "3 - 1"], ["4 - 0", "4 - 1"]] GUICreate("listview", 220, 200) Global $g_idListView = GUICtrlCreateListView("", 10, 10, 200, 180) _GUICtrlListView_AddColumn($g_idListView, "Col 1", 100) _GUICtrlListView_AddColumn($g_idListView, "Col 2", 100) _GUICtrlListView_AddArray($g_idListView, $aArray_Base) GUISetState(@SW_SHOW) While 1 Switch GUIGetMsg() Case $GUI_EVENT_CLOSE ExitLoop Case $GUI_EVENT_PRIMARYDOWN _Arrange_List() EndSwitch WEnd Func _Arrange_List() Local $iSelected = _GUICtrlListView_GetSelectionMark($g_idListView) If $iSelected = -1 Then Return While _IsPressed(1) WEnd Local $iDropped = _GUICtrlListView_GetHotItem($g_idListView) ConsoleWrite("GetHotItem: " & $iDropped & @CRLF) If $iDropped > -1 Then _GUICtrlListView_BeginUpdate($g_idListView) If $iSelected < $iDropped Then _GUICtrlListView_InsertItem($g_idListView, "", $iDropped + 1) _GUICtrlListView_SetItemText($g_idListView, $iDropped +1, _GUICtrlListView_GetItemTextString($g_idListView, $iSelected), -1) _GUICtrlListView_DeleteItem($g_idListView, $iSelected) ElseIf $iSelected > $iDropped Then _GUICtrlListView_InsertItem($g_idListView, "", $iDropped) _GUICtrlListView_SetItemText($g_idListView, $iDropped, _GUICtrlListView_GetItemTextString($g_idListView, $iSelected + 1), -1) _GUICtrlListView_DeleteItem($g_idListView, $iSelected + 1) EndIf _GUICtrlListView_SetItemSelected($g_idListView, $iDropped) _GUICtrlListView_SetSelectionMark($g_idListView, $iDropped) _GUICtrlListView_EndUpdate($g_idListView) EndIf EndFunc Any ideas?
      Regards, Simpel
       
      P.S. If I click an item then $iDropped is returning the correct number.
    • By gahhon
      I have a application that have a function is to create a shortcut to desktop, lets say is ChromePortable.lnk.
      $iCreate = FileCreateShortcut($DIR_WA_FOLDER & '\GoogleChromePortable.exe', $DIR_SHORTCUT, $DIR_WA_FOLDER, '--kiosk "https://example.com/"') So the shortcut will be launch as kiosk mode and force to enter the specific website. However, the user is still able to right-click on the shortcut and modify the target value to remove the kiosk mode. What can I do to disable the user to editing the target value?
      So far, I had asked and tried from SuperUser for advises Disable Shortcut Target Field
      icacls "ChromePortable.lnk" /GRANT EVERYONE:RX So this will set the permission of this shortcut file to only Read & Execute only! But after I set it, the user is still can modify.
      Please kindly advise.
      Please note and assume that user don't have Administration account or etc, that should be only have 1 account to logon to the computer.
       
      EDIT:
      I must disable inheritance to remove all others permissions like SYSTEM, ADMINISTRATORS, etc. Then only GRANT everyone for READ & EXECUTE only.
      But still the user can go to edit the permissions tho. Any advise?
    • By ur
      When I compiled my script or any script to exe using 32 bit compiler and ran on 32 bit machine, I am getting below error.
       

       
      But it is 32 bit only.
       
      And, for testing, I disabled smart screen also, but same issue.
      Please suggest.
       
    • By sadakathullah
      Hi All, I am new to AutoIT and exploring options to use it in my organization. I tried couple of examples and it is fantastic. I am trying to run restrictions test in a pc to see if certain options are disabled like print screen, mstsc etc. I could not get a hang of it. Any help is much appreciated.
×
×
  • Create New...