How to Make Windows 10 Secure
alright let's talk about securing windows I always talk about how Windows is fundamentally flawed and I just kind of want to lay out securing Windows as a lot of the guides online are either way too simple or way too complex depending on where you fall so I'm gonna try and kind of bridge that gap I'm not gonna waste your time saying go here for all these settings I will show you how to modify mass settings all at once at the start of the video and then from there I'll go into the differences between user account control when it's set to notify and not notify and then also the differences between an admin account and an user account most people when they set up their Windows 10 they're set up as admin accounts that means they can run pretty much any executable without type in a username and password so you have that as far as user account control when you get those prompts it's kind of like having an admin account even though you're running as admin but you need toHow to Make Windows 10 Secure
How to Make Windows 10 Secure |
How to Make Windows 10 Secure
some people feel the need to do like recommend it or apply all settings don't do that as it's gonna cause more problems than it'll solve like let's say you you're streaming a game or something like that it'll lock down your camera so you can't even have access to the camera so don't enable everything just do the recommended settings so with this it'll disable telemetry and a bunch of other stuff which is good so we'll close this out we'll close that we're good so this part kind of covers the privacy and security features of Windows 10 so as far as the settings go they're actually pretty decent now with oh no shut up run it's already modified all those I'll reboot here in a second but next I wanted to go into Windows updates updates are another kind of gotcha of Windows 10 that most people really don't like now I am using the pro version of Windows and if you're using the home version you may not have Advanced Options which is kind of a bummer for you but hopefully you are using the pro version so you got some of these features we're about to go over under Advanced Options there's a couple things in here one don't pause updates that's usually you know frowned upon don't disable Windows updates because we're talking about security you still need the security updates but what you don't need is the feature updates the feature updates are extremely bad they don't give you any more security you're just basically their guinea pig so be sure and set this to 365 because you want to be on the back side you want to be more on the tried and trued feature so I'm on 1903 right now which is the most recent but I know I'm not gonna be upgraded for at least several years as far as my windows go so being on the back end of feature updates as good as far as quality updates for security improvements determine how many days since this is curved security video I'll typically do five days almost all updates and security updates are released on a Tuesday I don't know why it's Tuesday but usually it's a patch Tuesday and I always deter these or actually delay them about five days so it usually ends up on like a Sunday later in so I like to at least put about five days on here to kind of push it back into the weekend maybe even four days if you're really paranoid but this is about what you'd want to do for Windows updates as this is the most stable and secure settings I found personally other things in here under delivery optimization obviously make sure this is disabled and you're not sharing through pcs in the actual Internet you don't want to be using your bandwidth to supply Windows updates to others so make sure this is off that's a big thing as well so next up is gonna be Cortana this little button down here you click it and go hey hey there is no mic on this computer but I would normally say something Cortana would listen report back to Microsoft and she also has a lot of kind of snooping capabilities so for security purposes Cortana is not good now we can't completely rip her out but we can mitigate her so if we go gpedit.msc we're gonna launch in a group policy editor and we're gonna change a couple of settings here so if we just go to all settings right here you can see allow Cortana right here and we can just go into that and disable her so pull up a lot Cortana and just put disabled and plus apply now this is for Windows search so with Cortana configured let's get out of GP edit that's pretty much one of the only ones I actually enable in here there's others that you can to like ratchet things down but I kind of want to actually show those on the GUI without just doing a bunch of group policies here so we've pretty much limited Cortana a little bit there's one other thing here and this is gonna be Windows security you'll see this quite a bit there's gonna be a lot of bad recommendations through here no I'm not gonna crap too much on Microsoft or Windows Defender here because it actually does a decent job just some of the romantic recommendations are horrible such as this one set up onedrive for file recovery you know most people I've gone to security conferences and they've said hey the worst virus ever concocted in human history was Dropbox and by extension of that onedrive is very much a Dropbox copy so having one Drive and Dropbox typically a lot of people look Amit as good things I look at them as very high security concerns now some people use them for backups and things like that and I'm gonna go in that a little bit which is fine for your residential users out there but I don't view this as good I don't like onedrive so I just dismiss this same thing with account perfect protection they say make sure to set up a Microsoft account this doesn't make you more secure Windows security you're drunk go home that's so good but this overall is decent for actual virus and threat protection you can actually do quick scans here and honestly when it comes down to it I really do like this for a free antivirus if you're not gonna go buy an antivirus just stick with what you got with Windows the other ones typically introduce ads and they usually cause more problems than they solve and I've actually done a whole video on free antivirus but for this video if you're gonna stick with free stuff just stay with what's baked into
Windows because it's actually gotten really good obviously five years ago or more I would have definitely never recommended Windows antivirus or Windows Defender the other big thing why we're in here is manage ransomware protection this is probably the biggest thing that keeps me up at night this is the thing you have to worry about if you're on a Windows machine ransomware scares the hell out of me there's never gonna be a time where I put my head on the pillow and I'm not thinking about ransomware it's one of those things so this is actually a really good feature that I've added controlled folder access this basically says hey block unfriendly applications from modifying your files especially if you're using network folders and those types of things you want this on because you don't want people modifying your files your home directory your fine and chills those types of things should obviously be in here go to protective folders we'll say yes and then make sure you add all your protected folders if you got everything in your documents you don't really have to do anything because it's pretty much already there by default but if there is another folder you want such as Dropbox Dropbox is another one that's used I kind of touched on that but if you're a resident you're using you're putting all your information in Dropbox make sure you put Dropbox as a protected folder as ransomware could get in there and then encrypt all of your Dropbox files and then you get on another computer and then it spreads to there it's just a horrible horrible way a really great delivery method for a virus but just make sure you you add your cloud drives Network drives everything into protective folders under ransomware protection can't emphasize that enough and then finally we've been clicking through this all day about UAC what is UAC does it help does it not personally I just find it kind of annoying so here is our downloads folder I put oh and oh shut up in here so we'll click this you get a prompt hey do you want to run this file if you say no it won't run a lot of people kind of gives this false sense of security in this respect by default pretty much everybody on here is set up as an administrator now I've actually created a script a while back I was needing to run a certain tool and I needed it to run with elevation and well needless to say I went ahead and just kind of created a little VBS script to run something on startup at an elevated prompt so let's go ahead go into it launching a startup program to run as administrator so this is a kind of a wacky thing to do but just a simple VBS script to run a file so let's go ahead and copy this and we're gonna create a basic script here we're gonna paste this in here we're gonna go file save as and we're gonna save this as all files and we'll put it in downloads why not OSU elevated dot V vs so we have oh no shut up elevated a VBS script now if I click this you'll see something so OS you exe running from here we'll go ahead and save this close it and run it again so we got the prompt here for for actually going and prompting so we'll go ahead and it yes it'll launch it just a test our script there it is it launched it as administrator as you see there's the elevation but we're gonna close this so one way to get around a lot of the UAC prompts like let's say onedrive here is getting around me not wanting it go ahead and delete that task so let's demonstrate real fast bypassing the actual UAC and some of the admin prompts you can actually create the VBS script like we talked about and then just put that right here so let's go oh s uo no shut up this doesn't matter I'm just gonna actually create a basic task start program programmer script we're gonna select that script we've created it next finish and it creates that task now it whether we run it on every bit or not who cares but if we just click run it'll run that script in the background as administrator launched into here and there you are so we're able to bypass a lot of the windows just using the basic VBS script and task scheduler there's other ways to get around this honestly but you know there's a good article from Google on how they get around a lot of the UAC and run as administrator' problems they run into in their update cycle they utilize task scheduler as well so very important as security vulnerability task scheduler for Microsoft Microsoft even uses it to like you know push onedrive down your throat so with that done I just wanted to show self-elevation how that works with user account control now you can delve in this more I talked a little bit about an admin account this is an admin account and I just want to showcase that in a business setting typically you don't want your users installing programs or running executable files so what you would do is you
don't have to worry too much about UAC as this would be at its default setting but you would not be logging in or the user would not be logging in under his administrator they'd have another account on here that would just simply be a user user accounts get the UAC prompt but then it prompts for administrative credentials so I just wanted to kind of specify just the basics here obviously since I'm gonna admin I can just get that UAC prompt hit yes and then it'll continue on doing what I want it to do that was it that was securing Windows 10 or at least making in mitigating some of your risk as an end user obviously if your system admin or thumbing things your this videos not gonna be that beneficial to you but for most end users I think too many people go ahead and just leave their system wide open put UAC to never notify and then they don't ever think about it again and then pretty soon they have a ransomware attack or they have a virus running uncontrollably in the background
How to Make Windows 10 Secure
How to Make Windows 10 Secure