Mago.io
  • Welcome to Mago Knowledge Base!
  • Prerequisites setup
    • Hardware, OS and Software Requirements
      • Multiple Display supported Scenarios
      • How to enable Bluetooth BLE (proximity) for BYOD Features
    • Network Requirements
    • Wireless Display
      • I am unable to see Miracast (AirServer) as a destination to mirror to
      • Fixing Miracast Issue with some Wifi Chipsets
    • MS Teams best practices
      • (optional) Disabling Chat in Teams accounts
    • Zoom best practices
    • System Hardening Best Practices
    • How to Create a Room Resource for Calendar Events
      • Google Workspace
      • Microsoft 365
        • Setup a room resource
        • Configure a Room resource
    • OS Updates, Drivers & firmware
      • OS Windows update policy
      • Update policy for Drivers and Firmware (Intune)
      • Mago Room Update
  • Installing Mago Room
    • Installation steps overview
      • ✍️Pre-requisites checklist
      • 1️⃣Install and configure Windows 10/11 OS
      • 2️⃣Install and configure Mago Room
        • Getting Mago Room
        • Installing Mago Room
          • Deploy Mago Room with Software Distribution (Silent Install)
        • First Configuration (Wizard)
        • Advanced Settings
      • 3️⃣Post-installation checklist
  • Cloud Management & Analytics Console
    • How to Create an IT Admin User Account and Manage Mago Room and Licenses
    • Adding a Room in the Valarea Management Console
    • Using the Mago Room ADMIN Console
      • Rooms List
      • How to Create Groups and Tags
      • How to create Policies
      • How to Assign Policies
      • Create and Schedule a Task
    • Analytics Console
  • FAQ
    • Frequently Asked Question
      • Mago OAuth scopes and permissions explained
        • Mago Room OAuth scopes
        • Mago Workspace App OAuth scopes
      • Important Configuration Files
      • Antivirus & Firewall exceptions
      • Installing Mago Room on existing Room systems (MTR or Zoom room hardware)
  • Videos for training
    • Videos for training
  • Mago Room Essential
    • Setup Guide
      • Requirements
      • Hardware installation
      • First configuration
  • TECH DOCS
    • 🛡️Security White Paper
      • Introduction
      • Reliability
      • Application Security
      • Mago Room Security
      • On-Cloud / On-Premise Deployment Security
      • Encryption
      • Vulnerability Management
      • Mago Information Security
      • Physical Security
      • Conclusion
    • ℹ️Dec 14, 2021 | Vulnerability Statement | Log4j
    • 📄Privacy Policy
    • 📱Mago Workspace for Android - Data safety
  • Support
    • Mago Helpdesk and Support
Powered by GitBook
On this page
  1. Prerequisites setup

System Hardening Best Practices

PreviousZoom best practicesNextHow to Create a Room Resource for Calendar Events

Last updated 1 year ago

The following best practices are a suggested as a security baseline for production systems:

  1. Configure the system with static IP address and dedicated VLAN, separated from Guests and Employees VLAN

  2. Activate Microsoft Windows Defender

  3. Enable Mago Room Kiosk Mode

  4. Disconnect Keyboard and mouse

  5. Manage and control the room from the Mago Cloud Management Console

  6. Enable automatic during non working hours

  7. Enable for Mago Room software

Additional security hardening requirements related to Windows 10 OS

Allow log on locally to the Mago and Administrator users only

Follow this guide for setting the appropriate security policy:

Disable all non-essential Windows Services

Disable Internet Connection Sharing (ICS) Service

Disable the following Remote Services

  • Remote Desktop ConfiguMaration

  • Remote Desktop Services

  • Remote Desktop Services UserMode Port Redirector

  • Remote Registry

Configure manual startup

Configure manual start-up for these services:

  • Remote Procedure Call (RPC) Locater

  • Windows Error Reporting Service

Disable all non-essential privileged accounts

Disable all accounts that do not meet system or application objectives.

Deny autorun and access to removable media devices

  • Set the default behavior for AutoRun: Enabled

  • All Removable Storage classes: Deny all access: Enabled

  • CD and DVD: Deny read access: Enabled

  • CD and DVD: Deny write access: Enabled

  • Removable Disks: Deny read access: Enabled

  • Removable Disks: Deny write access: Enabled

  • WPD Devices: Deny read access: Enabled

  • WPD Devices: Deny write access: Enabled

Mago Advanced Settings

  • Enable Kiosk Mode

  • Create and Apply an automatic Mago Room Update policy from Mago Cloud Management Console (admin.mago.io)

Restrict Users to Store Data in Local Drive, Desktop, Document, Downloads etc.:

Windows Updates
OTA update
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/allow-log-on-locally
https://docs.microsoft.com/en-us/answers/questions/129425/restrict-users-to-store-data-in-local-drive-deskto.html