Sunday, October 11, 2015

Hardening Windows Virtual Machine OS Clients

This is just a running list of how I harden my Microsoft virtual OS's.

1. Stand up a Windows 2012 R2 domain controller that is on a internal network only vnic. 
2. Stand up a Windows 8.1 OS client on a internal network only vnic. Inside the OS set up Microsoft security compliance manager. Once you download all security baselines. Upload the following baselines to the domain controller or use RSAT and import the baselines in group policy management.

Some important policies to import. 

Windows 8.1 computer security compliance
Windows 8.1 user security compliance
Windows 8.1 bitlocker policies
IE 11 Security policies. 

Change the bitlocker policy around where it supports clients without TPM chips. Since your virtual machine doesn't have a TPM chip it's not necessary to have. All virtual OS's should be encrypted. Even the domain controller you set up. 

3. Encrypt all your virtual OS's with pre-boot authentication. 
4. Setup another Windows 8.1 client and move it to an area in active directory that has your computer and IE 11 policies. 
5. Create a standard user in your domain and give them the user security compliance to Win 8.1. 
6. Your standard user should not have admin rights to your Windows 8.1 client. 
7. Make sure EMET is set up as well. Enable the defaults and test all your applications to ensure they work properly after words. 
8. Disconnect your Windows 8.1 client from the internal network and set it to NAT or Bridge so its gets an IP to the internet. 
9. Fully patch your Windows 8.1 device. 
10. Install an AV client on it. I recommend panda av cloud. It has some excellent ratings in av-test.org website. 

This is pretty much my process when I make a Microsoft based virtual os in my lab environments.

Some may ask why Windows 8.1 and not Windows 10. Until an official security compliance guide is out for that OS I'd avoid hardening one on your own without some guidance. 

5 comments:

  1. If you guys wanna get a reliable product key, any editions, used perfectly! recommend you this site: www.gankings.com.

    ReplyDelete
    Replies

    1. the window 7 ultimate product key , windows 7 oem home premium 32 bit product key generator , windows 8.1 product key buy , windows 7 professional termékkulcs , genuine keys store locations , buy windows 10 pro key , genuine windows 8 pro product key , ключ продукта виндовс 7 профессиональная , sj1orp

      Delete

    2. windows 10 product key sticker , windows 10 product key cheap , windows 10 activation code , windows 10 pro product key sale , windows 10 serial key finder , windows 10 activation hardware changes , office 2016 product key , windows 10 serial keys for installation , l10VVn

      windows server 2012 r2 buy

      office 2013 key sale

      cheap rosetta stone french

      Delete

  2. there is also the site Microsoftkeystores.com that simply sell licenses only, Windows 7 Ultimate SP1 Product Key is 35.
    I bought my Windows 7 Ultimate SP1 Product Key license on earlier this year and I have not had an activating problem.
    should just find the iso operating system (I have downloaded from the Microsoft site, I do not know if is also easy for Windows 7 Ultimate SP1 Product Key), the site provides links but I think probably not in French.

    ReplyDelete
  3. What a fantabulous post this has been. Never seen this kind of useful post. I am grateful to you and expect more number of posts like these. Thank you very much. Windows 10 Pro Keys Office 2019 Professional Plus CD Keys

    ReplyDelete