Security Baseline for Windows 10 and 11 Clients

Objective

To enhance security measures on Win 10 and 11 client machines
To comply with University OnePass password policy
To mitigate the risk to an acceptable level in balancing the convenience and security
To serve as a guideline for departmental IT staff aligning security to a certain extent

Scope

Windows 10 and 11 (version 21H2 or above)

Methodology

By applying group policy on Win 10 and 11 AD-domain joined computers
- Apply on Computer OU, not individual user OU
For those non AD-domain joined computers, the setting can be applied by script

Recommended Settings

Proposed CUHK Setting based on evaluation of the following sets:

CUHK Current Setting
University OnePass password policy
Default Value from Windows
Default Setting from Security Compliance Manager (SCM)
Recommendation from Microsoft consultants
User impacts

Settings involves:

Win 10/11 : 657 settings

00 Password policy
01 Advanced Audit Policy
02 Security Options
03 User Rights Assignment
04 MSS
05 Firewall
06 Event Log
07 AT – Computer
08 BitLocker

Deliverables

Download policy set at LAN Administrators’ Resources Website
One policy set for both Windows 10 and 11 client machines

Last Updated On: Feb 2022

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Others