Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
Added 3 new policies to the Optional Overrides. These 3 policies alter the settings that are applied by Microsoft Security baselines.
Disabled "Turn off Microsoft Consumer Experiences"
in Computer Configuration -> Administrative Templates -> Windows Components -> Cloud Content
The reason is that in Windows 11 build 22635.3209, which is currently in the Windows insider Beta channel, new features are available in settings
If that policy was left in the enabled state, the settings page would look like this
Which is obviously not desired as the Harden Windows Security module should not create obstacles or cause difficulties for using built-in features.
Thanks @agpt8 for reporting it!
Disabled "Configure password backup directory"
in Computer Configuration -> Administrative Templates -> System -> LAPS
Microsoft Security Baselines set it to this value
But since the Harden Windows Security module does not apply to computers managed by domain controllers or Entra ID, there is no need for this policy to be active. That is why the policy is now set to this state
Enabled "Apply UAC restrictions to local accounts on network logons"
in Computer Configuration -> Administrative Templates -> MS Security Guide
Microsoft Security baselines set it to Disabled state. Not sure why exactly, probably a legacy feature in domain controller environments rely on it.
Either way, it's a security feature that is enabled by default in Windows, so the Optional Overrides set it back to the enabled state.
What's Changed
Added 3 new policies to the Optional Overrides. These 3 policies alter the settings that are applied by Microsoft Security baselines.
Disabled "Turn off Microsoft Consumer Experiences"
in
Computer Configuration -> Administrative Templates -> Windows Components -> Cloud ContentThe reason is that in Windows 11 build 22635.3209, which is currently in the Windows insider Beta channel, new features are available in settings
If that policy was left in the enabled state, the settings page would look like this
Which is obviously not desired as the Harden Windows Security module should not create obstacles or cause difficulties for using built-in features.
Thanks @agpt8 for reporting it!
Disabled "Configure password backup directory"
in
Computer Configuration -> Administrative Templates -> System -> LAPSMicrosoft Security Baselines set it to this value
But since the Harden Windows Security module does not apply to computers managed by domain controllers or Entra ID, there is no need for this policy to be active. That is why the policy is now set to this state
Enabled "Apply UAC restrictions to local accounts on network logons"
in
Computer Configuration -> Administrative Templates -> MS Security GuideMicrosoft Security baselines set it to Disabled state. Not sure why exactly, probably a legacy feature in domain controller environments rely on it.
Either way, it's a security feature that is enabled by default in Windows, so the Optional Overrides set it back to the enabled state.
You can learn more about that feature in here
Other Changes