Strengthen your Windows baseline with repeatable, low-friction steps. Each action is safe to apply on personal or managed endpoints.
Step 01
Lock accounts
Use strong passphrases, disable unused admin accounts, and enable sign-in throttling to slow brute-force attempts.
Step 02
Control surface
Review inbound firewall rules, enable SmartScreen, and restrict installs to trusted repositories or the Microsoft Store.
Quick playbook
- Update Windows and drivers before applying restrictive policies.
- Enforce BitLocker with recovery keys stored in a safe location.
- Enable tamper protection and controlled folder access for core directories.
# security-hardening.ps1
Start-Process ms-settings:windowsupdate
Set-MpPreference -EnableControlledFolderAccess Enabled
Set-NetFirewallProfile -Profile Domain,Public,Private -DefaultInboundAction Block -DefaultOutboundAction Allow
AuditPol /set /subcategory:"User Account Management" /success:enable /failure:enable