System Hardening Best Practices
The following best practices are a suggested as a security baseline for production systems:
Configure the system with static IP address and dedicated VLAN, separated from Guests and Employees VLAN
Activate Microsoft Windows Defender
Enable Mago Room Kiosk Mode
Disconnect Keyboard and mouse
Manage and control the room from the Mago Cloud Management Console
Enable automatic Windows Updates during non working hours
Enable OTA update for Mago Room software
Additional security hardening requirements related to Windows 10 OS
Allow log on locally to the Mago and Administrator users only
Follow this guide for setting the appropriate security policy: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/allow-log-on-locally
Disable all non-essential Windows Services
Disable Internet Connection Sharing (ICS) Service
Disable the following Remote Services
Remote Desktop ConfiguMaration
Remote Desktop Services
Remote Desktop Services UserMode Port Redirector
Remote Registry
Configure manual startup
Configure manual start-up for these services:
Remote Procedure Call (RPC) Locater
Windows Error Reporting Service
Disable all non-essential privileged accounts
Disable all accounts that do not meet system or application objectives.
Deny autorun and access to removable media devices
Set the default behavior for AutoRun: Enabled
All Removable Storage classes: Deny all access: Enabled
CD and DVD: Deny read access: Enabled
CD and DVD: Deny write access: Enabled
Removable Disks: Deny read access: Enabled
Removable Disks: Deny write access: Enabled
WPD Devices: Deny read access: Enabled
WPD Devices: Deny write access: Enabled
Restrict Users to Store Data in Local Drive, Desktop, Document, Downloads etc.: https://docs.microsoft.com/en-us/answers/questions/129425/restrict-users-to-store-data-in-local-drive-deskto.html
Mago Advanced Settings
Enable Kiosk Mode
Create and Apply an automatic Mago Room Update policy from Mago Cloud Management Console (admin.mago.io)
Last updated