6 Use a Secure Admin Workstation SAW

softwarebuck April 25, 2021 0 Comments



Disable Action Center Using Windows Registry


Disabling the Action Center in Windows 10 using the Windows Registry is easyand applicable to both Pro and Home users. To start, press “Win + R,” type`regedit` and press the Enter button.The above action will open the Windows Registry. Navigate to the followingkey: HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsOnce you are there, we need to create a new key. To do that, right-click onthe “Windows” key, and select the “New” and then “Key” options.Now, rename the key as “Explorer.” Once renamed, this is how it looks like inyour Registry editor.After creating the Explorer key, right-click on the right pane and select the“New” option and then “DWORD 32-bit Value” to create a new DWORD value.Rename the key to “DisableNotificationCenter.” By default, the value data isset to “0” which simply means that the Action Center is enabled.To change the Value Data, double-click on the newly created value and enterthe Value Data as “1.” Click on the “Ok” button to save the changes.You’ve successfully disabled the Action Center in Windows 10. Just restartyour system to see the changes.As you can see, the Notification icon has completely disappeared from thetaskbar, and you can no longer access it or the shortcuts to different optionsprovided by the Action Center.If you want to you can easily revert back either by changing the Value Databack to “0” or by simply deleting the newly created value.

Disable Action Center Using Group Policy Editor


You can also disable the Action Center using the Windows Group Policy Editor,but this approach is only applicable to Pro users. To start, press “Win + R,”type `gpedit.msc` and press the Enter button.The above action will open the Group Policy Editor. Navigate to the followinggroup: User Configuration > Administrative Templates > Start Menu and TaskbarOnce you are there, scroll down in the right pane and find the “RemoveNotifications and Action Center” Policy.Double-click on it to open the Policy settings window. Select the “Enabled”radio button, and click on the “Ok” button to disable the Action Center.It is that simple to disable Action Center in Windows 10. Just restart yoursystem to make the changes take effect.If you ever want to revert back, simply change the option either to “NotConfigured” or “Disabled.”Do comment below sharing your thoughts and experiences about using the abovemethods to disable Action Center in Windows 10.Vamsi KrishnaVamsi is a tech and WordPress geek who enjoys writing how-to guides andmessing with his computer and software in general. When not writing for MTE,he writes for he shares tips, tricks, and lifehacks on his own blog Stugon.Is this article useful? Yes NoHow to Disable the Action Center in Windows 10The Action Center in Windows 10 collects notifications from Windows and otherapps, displaying them in a single pop-up sidebar you can access from theWindows system tray. It also has buttons for performing quick system commandslike toggling WI-FI and Bluetooth, setting quiet hours, or switching to tabletmode.Action Center is handy for seeing all recent notifications you may havemissed, as they’ll just wait there in Action Center until you view them. It’sa favorite new feature for many Windows 10 users, boasting solid configurationand customization features. Some people just find it unappealing, though.Fortunately, it’s easy to toggle on and off in your Settings. If you disablethe Action Center, you will still see pop up notifications above your systemtray. They just won’t be collected for you to view later.RELATED: How to Use and Configure the New Notification Center in Windows 10

How Disable Action Center From Taskbar Settings


You can disable the Action Center with a single toggle in Windows 10, but thattoggle is a bit buried in the interface. Press Windows+I to bring up theSettings app and then click System. You can also open the Start menu and click“Settings” to get to this window.In the System window, click the “Notifications & actions” category on theleft. On the right, click the “Turn system icons on or off” link.Scroll down to the bottom of the list of icons you can turn on or off, andclick the button to disable Action Center. Close the settings Windows andyou’re done.That’s all it takes–Action Center should go away completely for the currentuser.

How to Disable Action Center with Local Group Policy Editor


If you’re using Windows 10 Pro or Enterprise, you can also disable ActionCenter by using the Local Group Policy Editor. When you disable Action Centerin this way, the toggle for turning it on and off gets dimmed in the Settingswindow. You can only enable it by changing the policy again.RELATED: Using Group Policy Editor to Tweak Your PCSo, why bother? Honestly, most people won’t. But group policy does give you away to lock down a computer for other users. So, for example, you coulddisable Action Center for all users of a computer, just specific users orgroups, or all users except administrators. Why you might want to do that isup to you. We should also mention that group policy is a pretty potent tool,so it’s worth taking some time to learn what it can do. Also, if you’re on acompany network, do everyone a favor and check with your admin first. If yourwork computer is part of a domain, it’s also likely that it’s part of a domaingroup policy that will supersede the local group policy, anyway.In Windows 10 Pro or Enterprise, hit Start, type gpedit.msc, and hit Enter. Inthe Local Group Policy Editor, in the left-hand pane, drill down to UserConfiguration > Administrative Templates > Start Menu and Taskbar. On theright, find the “Remove Notifications and Action Center” item and double-clickit.To disable Action Center, set the option to Enabled. Click OK and then restartyour computer (just logging off and back on won’t do the job). If you want toenable it again, come back to this screen and set it to Disabled or NotConfigured.When you’re done, if you look at the regular Settings window, you’ll see thatthe option is dimmed and you can no longer access it.

3. Secure The Domain Administrator account


Every domain includes an Administrator account, this account by default is amember of the Domain Admins group.The built in Administrator account should only be used for the domain setupand disaster recovery (restoring Active Directory).Anyone requiring administrative level access to servers or Active Directoryshould use their own individual account.No one should know the Domain Administrator account password. Set a reallylong 20+ characters password and lock it in a vault. Again the only time thisis needed is for recovery purposes.In addition, Microsoft has several recommendations for securing the built inAdministrator Account. These settings can be applied to group policy andapplied to all computers. * Enable the Account is sensitive and cannot be delegated. * Enable the smart card is required for interactive logon * Deny access to this computer from the network * Deny logon as batch job * Deny log on as a service * Deny log on through RDPFor more details on securing the Domain Administrator account see thisMicrosoft article, Securing Built in Administrator Accounts in ActiveDirectory

6. Use a Secure Admin Workstation (SAW)


A secure admin workstation is a dedicated system that should only be used toperform administrative tasks with your privileged account.It should not be used for checking email or browsing the internet. In fact… itshould not even have internet access.What tasks would you do on a SAW? * Active Directory administration * Group Policy * Managing DNS & DHCP Servers * Any task that requires admin rights on servers * Admin rights to Management Systems such as VMware, Hyper-v, Citrix * Office 365 AdministrationYou get the idea.Basically, when you need to use your privileged account to perform admin tasksyou should be doing it from a SAW.Daily use workstations are more vulnerable to compromise from pass the hash,phishing attacks, fake websites, keyloggers and more.Using a secure workstation for your elevated account provides much greaterprotection from those attack vectors.Since attacks can come from internal and external it’s best to adopt an assumebreach security posture.Due to the continuous threats and changes to technology the methodology on howto deploy a SAW keeps changing. There is also PAW and jump servers to make iteven more confusing.Here are some tips to help get you started: * Use a clean OS install (use latest Windows OS) * Apply hardening security baseline (See tip25) * Enable full disk encryption * Restrict USB ports * Use personal firewall * Block internet * Use a VM – Terminal Server works well * Minimal software installed * Use two factor or smart card for access * Restrict systems to only accept connections from the SAWHere is my typical workflow using a SAW: 1. Log into my computer with my regular account to check email and view new support requests. I have a request to give a user permissions to a shared folder. 2. I will log into my SAW with my privileged account that has rights to modify AD group membership and add the user to the necessary AD security group.Pretty straightforward right?It may seem like a hassle but I actually find it more convenient this way. Ican remote in when off network and have a server that has all the tools Ineed. I also don’t have to worry about re-install all of my support softwareif I need to re-image my computer.Resources:https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations

7. Enable Audit policy Settings with Group Policy


Ensure the following Audit Policy settings are configured in group policy andapplied to all computers and servers.Computer Configuration -> Policies -Windows Settings -> Security Settings ->Advanced Audit Policy Configuration

10. Use Descriptive Security Group Names


First of all, make sure you apply permissions to resources with securitygroups not individual accounts, this makes managing resources much easier.Next, don’t name your security groups with a generic name like helpdesk or HRTraining.When you have generic names like this they will get used on all kinds ofresources and you will have lost all control of security.And there is no easy way to see what all a security group has permissions to.Yes, there are tools that you can run but if you have a medium or large sizeenvironment this will be a huge task.Here is a recent example of how this can get out of control (real story).I was working with a client on cleaning up permissions to Active Directory.There where multiple security groups that had delegated permissions to ActiveDirectory.There was a group called helpdesk, another group IS Support and one morecalled AD Modify.I was under the impression only Helpdesk staff had rights to Active Directoryto reset passwords and unlock accounts.Come to find out these groups were used for other resources such as thehelpdesk software, network share and printers. So it included various ITstaff.Once I removed these groups I got phone calls from programmers and businessanalyst asking why they couldn’t reset users passwords anymore. Why on earthare programmers resetting user passwords?I clear precise Security group name would have prevented this from happening.If you don’t name the security group specific then it can be a catch all forpermissions to many other things.Here are some good examples of how to name groups.

Steps to enable DNS debug logs on Windows Server


Step 1: Open the DNS Management ConsoleStep 2: Right click and select propertiesStep 3: Click Debug Logging TabStep 4: Check the box “Log packets for debuggingOnce you have the debug logs setup you can import those logs into an analyzerto quickly spot malicious activity.You can also convert the log file to a csv to make it easier to read andfilter.

19. Use Latest ADFS and Azure Security Features


ADFS and Azure have some great security features. These features will helpwith password spraying, account compromise, phishing and so on.No matter what level of office 365 you are on there are some features youshould look into.Of course, the premium subscriptions have the best security features.ButMicrosoft does improve and add new features at every level (At least this iswhat I’ve noticed since being on Office 365).Here are some features that are worth looking into: * Smart Lockout – Uses algorithms to spot unusual sign on activity. * IP Lockout – Uses Microsoft’s database of known malicious IP addresses to block sign on ins. * Attack Simulations – You should be doing regular phishing tests to help train end users. Microsoft will be releasing phish simulator software very soon. * MFA Authentication – Microsoft’s 2 factor solution * Banned passwords – Checks passwords against a known list * Azure AD Connect Health – Provides several good reports * Custom bad passwords – Ability to add custom banned passwords to check against.I’m currently running a hybrid office 365 setup. In azure I can see severalrisky sign on reports.Azure alerted me to a sign on that came from China from one of our accounts.Some of these features are available with the latest ADFS version and some areincluded with office 365 subscription.Definitely check out all the available security features in ADFS, Office 365and Azure.Resources:https://cloudblogs.microsoft.com/enterprisemobility/2018/03/05/azure-ad-and-adfs-best-practices-defending-against-password-spray-attacks/

20. Use Office 365 Secure Score


Secure score analyzes your office 365 organization security based on activityand security settings.Secure Score checks your Office 365 services then checks your settings andactivities and provides you a security score.Once it analyzes your score it will provide a detailed list of what was scoredand recommended actions to fix the issues.You will need a Premium or Enterprise subscription to access this feature, inaddition, you will need to be assigned the global admin or custom role.Microsoft continues to expand and add additional features to Secure Score.If you have access to this feature then take advantage of it.

Method 1: Disable Through Windows Features


Step1: Go to Programs and Features > Turn Windows features on or offStep2: Scroll through the list and uncheck “SMB 1.0/CIFS File Sharing Support”You will be prompted to restart.

Leave a Reply

Your email address will not be published. Required fields are marked *