Harden Windows Host

OS Installation

Use my autounattended file for a minimal, non-bloated, Windows installation.

Yubikey

  1. Download Yubikey Windows Software.

  2. Install and reboot device. Login with previous credentials.

  3. Run Yubico Login Configuration software. Advanced > Use existing (Slot 1 for G1, Slot 2 for G2)

BitLocker

  1. gpedit.msc > Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives

  2. Require additional authentication at startup: Enabled. Configure TPM startup PIN: Require startup PIN with TPM

  3. Run CMD as admin. manage-bde -protectors -add c: -TPMAndPIN

  4. manage-bde -status

  5. Reboot when 100% encrypted.

Last updated