Microsoft Releases Security Baseline & Admin Templates for Windows 10 Fall Creators Update

Now that the Windows 10 Fall Creators Update has begun rolling out, Microsoft has released key documents to help IT Pros and System Admins manage systems as they beginning planning for this update.

Richard Hay, Senior Content Producer

October 18, 2017

2 Min Read
Computer Keyboard

This week Microsoft started the rollout of their fourth major feature update to Windows 10.

That update is widely known by its marketing name - Fall Creators Update. However, most IT Pros and System Admins will come to know it simply as Windows 10 Version 1709.

Although many enterprise and business customers will not be jumping on this update right away preferring to test it on a smaller scale in their organizations for compatibility, resources are already starting to appear to help out in that process.

The first key tool is the final version of the Security Baseline for Windows 10 Version 1709.

This document provides the recommended security configuration for this latest update for Windows 10 and is part of the Microsoft Security Compliance Toolkit. That toolkit contains tools that enterprise security admins can use to download, analyze, test, edit, and store these Microsoft recommended security configurations and compare them against other recommendations/settings.

According to Microsoft, these are they key differences between the new Windows 10 Version 1709 security baseline and the one which was released earlier this year alongside of Windows 10 Version 1703 (aka the Creators Update).

  • Implementing Attack Surface Reduction rules within Windows Defender Exploit Guard. Exploit Guard is a new feature of v1709 that helps prevent a variety of actions often used by malware. You can read more about Exploit Guard here: Reduce attack surfaces with Windows Defender Exploit Guard. Note that for this draft, we are enabling “block” mode for all of these settings. We are taking a particularly careful look at the “Block office applications from injecting into other process;” if it creates compatibility problems then we might change the baseline recommendation to “audit” mode for that setting. Please let us know what you observe with this draft baseline.

  • Enabling Exploit Guard’s Network Protection feature to prevent any application from accessing web sites identified as dangerous, including those hosting phishing scams and malware. This extends the type of protection offered by SmartScreen to all programs, including third-party browsers.

  • Enabling a new setting that prevents users from making changes to the Exploit protection settings area in the Windows Defender Security Center.

For more information about these baselines and using them in your own organization be sure to visit the Windows Security Baselines site.

Also provided through the Microsoft Download Center is a full package of Administrative Templates (.admx files) that can be used with Group Policy as is or modified to fit your organizations needs as you test and roll out Windows 10 Version 1709.

----------

But, wait...there's probably more so be sure to follow me on Twitter and Google+

Read more about:

Microsoft

About the Author

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like