0x6d69636b
commented
1 year ago Thank you for your question, the answer is not that simple. My hardening list is not user friendly in every case, e.g. disabling biometrics can cause problems if someone is already using a fingerprint scanner.
If you want to invest a few hours of time, I suggest you start with the CIS benchmark, which describes the impact and justification for all the settings. You can download the PDF by entering an email address: https://www.cisecurity.org/cis-benchmarks
FredHappyface
Hi thanks for creating this and all of the hard work that has gone into the project
I'm taking a look at this and there's a lot of choice in regards to auditing and applying different baselines. Is there a 'security for dummies' type appraoch where it is unlikely to cause (m)any issues?
E.g. I always disable SMBv1 on new installs as I'm not aware of any usecase for a typical user.
Though removing ie11 on windows 10 can cause more havok for scripts using Invoke-WebRequest so I personally leave that be
Thanks for your time