What are the presets of the operating system (Windows) to enhance its security?

Hello. There was a problem in writing an essay on the topic in question. Began to search, but nothing found. I assume that the problem is the lack of knowledge that allowed us to ask more precise question.
For writing the essay was taken imaginary computer that has never been used and discs clean, which will remove many problems of the old system. The computer should be protected delusional state, but no third-party programs and so on. The computer has access to the network.
Here is what I have now:
  1. Disabling services that theoretically can work for other purposes or simply not needed. (Remote registry). Level disable windows services.
  2. Enabling BitLocker. As an example of the protection of physical media. The level of software protection or function. (Don't know how to call it)
  3. Exception null session. The level of protection with the use of the registry. ()

What levels you could offer more. And what of your important windows features I miss. I think the list is large. Just distribute without explanation. I'll have to figure it out for myself. Just the problem is not understanding where to dig and how to arrange windows. I also understand that perhaps this is too broad question, but still.
Thanks to everyone in advance who responds.
March 19th 20 at 08:44
6 answers
March 19th 20 at 08:46
Offhand:
1. Customize security policies, there are a lot of settings on this theme;
2. To create a user with limited rights (to cut in the "Users");
3. How to use NTFS permissions to files, quotas, etc.;
4. Firewall and Defender.

What first came to mind.
I think the right answer to the question.
To create a user with access rights for the Owner (on to make the rest of the group administration) > to turn the settings in regedit and gpedit and make direct changes to the security of individual folders/configuration/and other krutilki. You can, in principle, to make sure that system itself won't even be able to make changes, but it is fraught with unnecessary hemorrhoids. And so, Smoking forums and poke the switches until everything goes out... or starts to Shine as it should. y__y - jennyfer88 commented on March 19th 20 at 08:49
2 point is most important to him can be add - disable or set a complex password standard Administrator. And here it is necessary to tell that the user needs to always run with limited rights. Admin access - only admin.
On p.4.

The default setting in Windows is not bad enough. If you execute items 2 and 4, the rest can be done as needed. For example, it is useful to configure password complexity and periodic change in policies. - caitlyn.Beah commented on March 19th 20 at 08:52
March 19th 20 at 08:48
Just the problem is not understanding where to dig and how to arrange windows.
The problem in the problem statement.
To begin to answer the question - what is protected on your computer? This is a pretty vague concept.
Protected from what? From what threats? How probable are these threats? What exactly need to be protected?
For example a specific task - to protect your data from damage or loss.
Or to protect the computer from outages.
Or from attacks on the network.
Or from fire.

And so simple - make a list of threats which must be protected, and then think.
To protect your computer just doesn't make sense.
Here you BitLocker propose to include - what is it to you? What will solve the problem, what kind of threat they will protect you? And most importantly what will create problems. And what he did may be relevant to the defence?

Unless you have a clear understanding of what you are protecting and from what, you have nothing to protect, you will only hurt.
It's like to be treated do not know what. The diagnosis is unknown, but something hurts. You need to drink useful medicines.
Melaxen excellent remedy, perfectly protects from insomnia - so it is necessary to drink.
Forlax is also a great medicine is a great cure for constipation - drink him.
Well, the result will not keep itself waiting.
March 19th 20 at 08:50
The above kiosk mode only turn off the computer.
Ahaha. Thanks, I will consider. )) - german commented on March 19th 20 at 08:53
March 19th 20 at 08:52
Security Windows services only a small fraction among the vectors of attacks, but if not sprayed, and consider only that, you can Google the topic "windows hardening", for example here:
https://www.acsc.gov.au/publications/protect/Harde...
March 19th 20 at 08:54
If it was meant to protect the perimeter(in this case, all outside the single computer located outside the perimeter), to close all unused ports,both incoming and outgoing. To solve the issue with USB, or fully close access to the storage devices, or certain rights: read-only. BIOS password to prevent the run from all except the desired disk. For full paranoia seal system. block.
March 19th 20 at 08:56
You can consider downloading the policies using gpedit or in firewall. On some discussion forums share ready-made policy files. But it's not safe accordingly, the decision in haste.

Find more questions by tags Windows