A tip for securing Windows 10
I got annoyed repeating the same thing over and over again whenever I built/rebuilt a device, disabling Windows features and rebooting everytime, disabling unsecure protocols, adding in a Take Ownership function in the context menu and rebuilding some useful network shortcuts... it's... slow.
To begin...
Internet Explorer is installed on Windows 10... a browser nobody uses. So that needed to go! The writing is on the wall for enterprises that still rely on this, since the introduction of Microsoft Edge, the spritual successor.
SMB v1 is installed, which made big security news last year as Ransomware WannaCry and Petya both used an ancient security flaw in SMB to spread over networks, see this MS Security Bullietin for infomation. It's simply better to disable a protocol that old, considering SMBv3 is used in modern up-to-date operating systems.
Windows Media Player is also not much maintained anymore and could present a vunerbility risk, I've got Microsoft Groove and VLC as replacements.
I regularly use Ubuntu on Windows which requires the Windows Subsystem for Linux, so automating this a little would help speed things up.
To resolve most of this hassle to configure my desktop I put together a small PowerShell script.
What does this script do?
Disables Windows Features:
All SMBv1 components (SMB1Protocol-Client, SMB1Protocol, SMB1Protocol-Deprecation)
Internet Explorer 11
Windows Media Player
Disables Flash in Microsoft Edge via Registry (per GPO)
Enables the Windows Subsystem for Linux Windows Feature
Merges the TenForums Take Ownership Context Menu registry keys (https://www.tenforums.com/tutorials/3841-add-take-ownership-context-menu-windows-10-a.html)
Copies files over to the Start Menu Directory for my own useful shortcuts (modify for yourselves!)
Reboots upon any key prompt so the changes can take effect!
You can find my PowerShell Script Here: Download