Windows 10 & 11 New Install Manual Settings
Using run dialog and via basic settings you can start improving security inside settings after a fresh Windows installation:
Windows button + R for Advanced System Settings:
sysdm.cpl
Click Performance > Data Execution Prevention and select All Apps.
Click Remote > Turn off remote access.
- Uninstall Remote Desktop Manager & OneDrive in Apps
- Enable encryption if available in Windows settings
- Enable virtualization if available & other protection settings
- Disable access to microphone, camera and other sensors if not by default
- Disable anything but IPv4 & IPv6 in network adapter settings
- Set a secure DNS (dnscrypt, dnslow.me or WARP or 9.9.9.9,...)
- Install Exploit Protection for most common software
- Install your favorite internet browser (or later for user account only)
- Install possible VPN software (or later for user account only)
- Install OnionFruit for Tor (or later for user account only)
- Harden Defender via ConfigureDefender
- Harden windows extremely with this git
- Debloat Windows further
Windows + R to open Services:
services.msc
Turn off services in relation to remote desktop connection + others you don't use.
Windows + R for Device Manager:
devmgmt.msc
Look for useless devices and disable them.
-
Install Ultimate Windows Tweaker and
- if not via ConfigDefender before, set a restore point
- disable ADMINISTRATIVE SHARES $
- disable unnecessary accesses to Windows (regedit,..)
- turn off user tracking
- turn off telemetry
- harden network adapter
-
Install Spybot 2 and immunize the system
-
Get a non administrator user account to continue your Windows journey