Mago.io
Search
⌃K

System Hardening Best Practices

The following best practices are a suggested as a security baseline for production systems:
  1. 1.
    Configure the system with static IP address and dedicated VLAN, separated from Guests and Employees VLAN
  2. 2.
    Activate Microsoft Windows Defender
  3. 3.
    Enable Mago Room Kiosk Mode
  4. 4.
    Disconnect Keyboard and mouse
  5. 5.
    Manage and control the room from the Mago Cloud Management Console
  6. 6.
    Enable automatic Windows Updates during non working hours
  7. 7.
    Enable OTA update for Mago Room software
​

Allow log on locally to the Valarea and Administrator users only

Disable all non-essential Windows Services

Disable Internet Connection Sharing (ICS) Service
Disable the following Remote Services
  • Remote Desktop Configuration
  • Remote Desktop Services
  • Remote Desktop Services UserMode Port Redirector
  • Remote Registry
Configure manual startup
Configure manual start-up for these services:
  • Remote Procedure Call (RPC) Locater
  • Windows Error Reporting Service

Disable all non-essential privileged accounts

Disable all accounts that do not meet system or application objectives.
Deny autorun and access to removable media devices
  • Set the default behavior for AutoRun: Enabled
  • All Removable Storage classes: Deny all access: Enabled
  • CD and DVD: Deny read access: Enabled
  • CD and DVD: Deny write access: Enabled
  • Removable Disks: Deny read access: Enabled
  • Removable Disks: Deny write access: Enabled
  • WPD Devices: Deny read access: Enabled
  • WPD Devices: Deny write access: Enabled
Restrict Users to Store Data in Local Drive, Desktop, Document, Downloads etc.: https://docs.microsoft.com/en-us/answers/questions/129425/restrict-users-to-store-data-in-local-drive-deskto.html​
Mago Advanced Settings
  • Enable Kiosk Mode
  • Create and Apply an automatic Mago Room Update policy from Mago Cloud Management Console (admin.mago.io)