Replies: 1 comment
-
|
Microsoft provides Windows Restricted Traffic Limited Functionality Baseline, I can offer that in the module with the app uninstallations. Obviously, these are not to improve security, Microsoft offers them to enterprises that might need it and sometimes they can decrease security because of lack of communication with the Defender online services as mentioned in the doc. So it won't be a recommended thing to run. I won't add manual registry modifications myself as they are inaccurate for this purpose and their locations change between OS releases. Group Policies released by MSFT are the safest way to do this. This is just something that's out there and officially supported, so i'm going to add it to the module too. unattend or answer files are not a bad idea either. |
Beta Was this translation helpful? Give feedback.
-
I have had this idea about the module for a while and the recent issue #479 also pushes it towards this.
When making a fresh installation, the best way to get a clean, minimal and preconfigured build is to make use of unattended installation using official methods (aka unattend.xml file). Creating the unattend.xml is also much easier thanks to tools like schneegans.de.
Do you think this module can be incorporated into an unattended installation making things much easier even in enterprise settings? Configured apps, reduced/no telemetry, hardened ACLs, no8dot3names and this module can really give a much cleaner, private and secure system as a fresh installation.
Beta Was this translation helpful? Give feedback.
All reactions