Windows 10: Win10 hardening GPO support for secure desktops

Hello all, long time lurker first time poster on the forums, hopefully this is the correct place to post this. Working on some hardening settings for Win10 desktop machines in a SCIF environment for a client, there's 2 settings I've been wrestling with and haven't found a workaround. They are:

1. Disabling microphone jack/port

2. Allow privileged users only write access to CD/DVD and prevent everyone else.

In group policy preferences not seeing anything for microphone under control panel\devices, there's a policy to disable sound completely and registry hack to disable headphones but nothing for mic. The only option i see is disabling microphone in the BIOS, but that would require altering the image as i don't think BIOS settings can be managed by GPO. As for allowing only privilege users to write to CD/DVD, the only foreseeable option i know of is first setting up a GPO to block CD/DVD access completely, then creating a second "exceptions" GPO to allow this setting and do a security filter to only select privileged users or a security group of users. But this will require two policies for just one setting which i would like to avoid. Thank you in advance for the help *Smile

:)

 

gpo collusion

sir,

do I can link more than one GPO to an OU

each GPO may be for specific purpose (one for hardening, another for WSUS synch , another for NTP)

 

Windows Security Screen shutdown/restart with GPO

Running Win 10 Pro as admin and using GPO for standard users to limit shutdown/restart/hibernate option. GPO restriction works everywhere it should but on Windows Security screen where Power Button is still functional. Could this be a bug? Am an experienced
GPO user. Have already done SFC and dism as well as Disabled/Not Configured and re Enabled GPO option. Any suggestions? Appreciate any help. Thank you.

 

Windows 10 Pro Update Error after hardening

Hi,

I have a new installation of Windows 10 Pro and after a few days of use, I am getting this error on Windows Update:

"There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070426)"

The background is as follows:

I have a new Dell XPS 13 laptop. It came with Windows 10 Home, and I upgraded it to Windows 10 Pro because I need to use it for business and need the extra encryption and other features that Home does not provide. I have implemented security hardening on
the Windows 10 Pro installation following the process documented here: http://hardenwindows10forsecurity.com/

After completion of the hardening steps (first time round), the above error appeared. I assumed that it was due to my hardening steps, so I tried all sorts of fixes and tweaks to repair it, until I finally restored back to a previous restore point from 2
days earlier. After the restore, the windows updates were functioning. I then repeated the hardening steps, while testing Windows Update after each major step in the process. Windows Update continued to work fine through the hardening and even worked fine
after I completed the hardening (the second time). This was yesterday evening when I ended work for the day. Now, this morning (the next day), when I started up my Windows 10 Pro, it is giving the above error once again under Windows Update.

I am not sure whether this is an issue caused by the hardening, or just a temporary issue that will resolve itself. Can somebody please assist and shed some light on the situation.