Government grade security

I'm pretty sure there's no such thing.

Governments along with corporations simply follow what's considered best practices when it comes to securing software, although who's best practice you follow really depends on assessing your needs and designing a configuration that best suites your own requirements.

Microsoft has a baseline that you can follow..

Then there's thing like the NCSC best practice...

Or if you wanted to go totally overboard you could lock down everything via group policies and only allow pre-approved programs to run.
 
There are various ISO standards you can be compliant with - but ultimately that is more a checkbox ticking exercise for best practises rather than something which will be optimal for protecting you.

Depends what you are trying to do as well - whether protect business systems or personal, etc. and whether that is to protect data from tampering/deletion, protect against theft or any access, etc. etc.
 
Last edited:
There are various ISO standards you can be compliant with - but ultimately that is more a checkbox ticking exercise for best practises rather than something which will be optimal for protecting you.

Depends what you are trying to do as well - whether protect business systems or personal, etc. and whether that is to protect data from tampering/deletion, protect against theft or any access, etc. etc.
Nothing really I just want my system super clean I am always compliant.
I am curious about the group policy thing you suggested?
 
Kind of related to that one of the most stupid things I've seen in business is machines i.e. for controlling stuff like print/copy machines, which everyone needs access to but only have the one account that can be logged into - probably to reduce licensing costs of required software, which have an enforced regular password expiry and so the result is people have to write down the password when they change it then leave it around so everyone knows... and then there is complaining about the password not being secure... and no one is one the same page with regard to coming up with a solution and no one in a position to takes any responsibility for there being a solution...
 
Nothing really I just want my system super clean I am always compliant.
I am curious about the group policy thing you suggested?

Some orgs will apply Microsoft and NCSC baslines + CIS benchmarks using group policy. All make the baselines\benchmarks available to download and import.

CIS have the most settings configured with L1 for general and L2 for secure workstations. CIS have good documentation detailing the purpose of each setting and where in the Registry it is applied. You could apply the Registry settings manually if you wanted to skip editing group\local policy. Registration is free.
 
Just download the MS security baselines for your Windows version and apply.

The NCSC baselines are ok, but they've not been updated since 1903, and there are a few errors in them. I would ensure you know what you're doing here though as NCSC and CIS polices are very similar (you don't need to apply both) but doing so will block all outbound traffic.
 
Nothing really I just want my system super clean I am always compliant.
I am curious about the group policy thing you suggested?

You sure about that?

 
I disabled a lot of things in group policy editor
cmd registry and powershell for example restart pc after couple times later and everything is still functioning even after this.
Also offline my pc keeps changing settings.
Bit stuck here
 
Everything was practically disabled in group policy it still is shown cmd powershell and reg edit is but when i open them they work for some reason.your
The only thing i can think of is the usb for windows and mobo drivers could have been infected, but i dont really know.
If your offline and something is changing in your system, something must be messed.
I once again am i need of help this time hopefully with a solution,

I am also willing to pay anyone who solves this issue, whether it be a clever virus or whatever it is.
Transcation will be done by paypal.
This has been a long term issue so i hope there is some solution in the near future.
 
Last edited:
Is this another situation where you'll get great advice from very knowledge people...

...then ignore it and do your own thing, only to come back 3 weeks later with another series of unfortunate events?
 
Last edited:
Back
Top Bottom