Harden Windows Host
Last updated
Was this helpful?
Last updated
Was this helpful?
Use my file for a minimal, non-bloated, Windows installation.
Download .
Install and reboot device. Login with previous credentials.
Run Yubico Login Configuration software. Advanced > Use existing (Slot 1 for G1, Slot 2 for G2)
gpedit.msc
> Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives
Require additional authentication at startup: Enabled. Configure TPM startup PIN: Require startup PIN with TPM
Run CMD as admin. manage-bde -protectors -add c: -TPMAndPIN
manage-bde -status
Reboot when 100% encrypted.