Difference between revisions of "Operating Systems/Windows/Windows Desktop/Windows 10 (Desktop)"

Checklist[edit | edit source]

User Management

• Remove Unauthorized Users
• Add Authorized Users
• Assign Administrator Privileges
• Remove Administrator Privileges
• Change Insecure Passwords/Creating Passwords
• Enable Firewall Protection
• Disable/Remove Unauthorized Services
• Check Groups for Unauthorized Users

Browsers

• Update Firefox (multiple updates are usually required)
  • Allow to automatically update
• Set Firefox browser privacy to strict
• Always send a Do Not Track Signal
• Check show alerts about passwords for breached sites
• Block pop-up windows
• Warn when websites try to install add-ons
• Block dangerous and deceptive content
• Query OCSP Responder
• Enable HTTPS-Only mode in ALL windows

Miscellaneous

• Disable FTP
• Enable Windows Update service
• Windows SmartScreen to warn or block
• Update Windows 10
  • Also update Notepad++, Powershell and WinRAR, if possible
• Forensics Questions
• Enable Daily Checks for Updates
• Program Settings
• Remove Prohibited Files
  • Check .MP3, .MP4, .MP5, .JPEG, .GIF, etc..
• Remove Prohibited Software
  • CCleaner, Angry IP Scanner, TeamViewer, GooseDesktop, etc.
• Disable Autorun for USB drives
• Enable Do not allow anonymous enumeration of SAM accounts
• Make sure passwords are set to expire
• Enable Limit local use of blank passwords to console only

Computer Configuration (LGPO):

• Security Settings
  • Password Policy
    • • How to set password policy : windows settings - security settings - account policies - password policy
    • Password must meet complexity requirements should be enabled
    • Store passwords using reversible encryption should be disabled
    • Minimum password age should be configured to 5 days
    • Maximum password age should be configured to 30 days
      • How to set password policy : (windows PowerShell) Win + S - type PowerShell - run as administrator - run command: Set-LocalUser -Name "YourUserName" -PasswordExpires $true (replace "YourUserName" with assigned user name, then use Group Policy Editor or net accounts command to enforce the expiration(this is for setting expiration date for passwords))
    • Enforce passwords history to 20 passwords remembered
    • Minimum passwords length should be 10 characters
      • How to set minimum password length: Win + 9 - type cmd - run as administrator - run command: net account /minpwlen:10 - (verify change)run command: net acounts
      • How to set minimum password length: Win + S - type PowerShell - run as administrator - run command: SecEdit /Configure /D8 secedit.sdb /CFG "C:\Windows\Security\Templates\template.inf" /Areas SECURITYPOLICY (before this create a security template file with desired settings) - (verity change)run command: Get-LocalUser | Select-Object Name, PasswordRequired
  • Account Lockout Policy
    • • How to set Account lockout policy : Win + s - type cmd - run as administrator - run command: net account /Lockoutduration:60 - set the reset counter time: run command: net accounts /Lockoutwindow:15
    • Account lockout duration should be configured to 60 minutes
    • Reset account lockout counter can also be configured to 60 minutes
    • Account lockout threshold should be configured to 5 attempts
  • Audit Policy
    • turn audit policies on
      • How to turn on audit policies: Win + S - type cmd - run as administrator - run command: auditpol /get /category:* - run command: auditpol /set /subcatagory:"Logan/Logoff" /success:enable / failure... (yet to be continued-edit later)
    • Set all to audit success and failures, typically only successful attempts are needed for points
  • User Rights Assignment
    • Look through every single policy and determine if the right users have the permission, be especially careful when changing users it can cause issues if an essential
  • Security Options
    • Policies [attach a link for a page that details all the policies]

• Administrative Templates (LGPO):
  • AutoPlay policies
    • Set all AutoPlay policies to enabled
  • It's good practice to look through every single policy setting to configure properly, but it is extremely tedious and time-consuming so save it for the end of the competition when the team is struggling to find the last points. Windows Components, and System are where most of your time should be spent go through Windows Components first

Categories[edit | edit source]

• User Account Management
• Prohibited Files and Software
• Windows Defender (Firewall and antivirus)
• Windows Updates
• Updating and Selecting Secure Passwords
• Services
• Firefox configuring (windows)

Windows Checklist:

Things to look out for in/during Comps: Points - Solving Forensics Questions to the best of your ability (Google is your Best Friend!) - Checking Windows for Updates - Removing Unauthorized Users - Changing Insecure Passwords for Users - A Secure Password Length is being required - Sufficient Password History is being kept - Firewall Protection is Enabled - Checking Updates for Firefox - Removing any/all Hacking Tools (i.e. NMAP, Cleaners, etc.) - FTP Disabling - Media File Deleting (i.e. Music, Games, etc.)

Things that you should check but not prioritize first in Comps: Likely No Points - Turning off Network/FileShares - Setting Windows to "Automatic Updates" - Adjusting Firefox's Security Settings (Very Likely to not be counted in later Comps) - Password/Network Policies - Media File Deleting (Will Either be nonexistent or net you few points in later Comps)