HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
https://hotcakex.github.io
MIT License
1.84k stars 143 forks source link

[Suggestion]: Add more documentation to the optional overrides for Microsoft Security Baseline #242

Closed hgj44d closed 7 months ago

hgj44d commented 7 months ago

I applied the Optional overrides for Microsoft Security Baseline with your PowerShell script, but now I want to disable all Xbox related features in the optional overrides. This would be setting number 5 and setting number 7, but I was not able to find any information where I can find the group policy or setting.

Can you please add more information to Number 5 and 7, so that I'm able to disable it?

Another suggestion would be to have the option in your PowerShell script to select which overrides should apply, because I could imagine that many people don't want to use their hardened, high-security computers for gaming.

HotCakeX commented 7 months ago

Hi, You can disable them by simply running the Microsoft Security baselines category (without optional overrides). After that, you can use the group policies I described in that page to hand pick which overrides you want to apply, if any.

I added the PowerShell command to the number 7, that's what the script uses to re-enable it. For number 5, you need to use the zip file, you will find the relevant files in the following folder

Security-Baselines-X\Overrides for Microsoft Security Baseline\

The service status are set using group policy. You can use this article to open up .pol files.


People that don't want to use the hardened system for gaming can simply run the Microsoft Security baselines without optional overrides. It's not forced, there are options, but putting every single override in its own subcategory sounds unnecessary and messy, it would be as if I'm reinventing the group policy editor again.

hgj44d commented 7 months ago

Thanks for replying!

I now don't run the overrides subcategorie and only apply some overrides manually. I noticed that on policy number 3 the text is different than the screenshot. On the screenshot you change 3 values to Yes and on the text you suggest to change only one value to No. I guess the screenshot is the correct one?

HotCakeX commented 7 months ago

@hgj44d of course ^^ You're right, the explanation needed improvement so i changed that now, please take a look again

https://github.com/HotCakeX/Harden-Windows-Security/wiki/Overrides-for-Microsoft-Security-Baseline#3-firewall-local-rule-merging