Windows services include default features that, while convenient, can harm privacy. Here are some recommendations for disabling certain services:

• CIS-guide-disable-services: Disable Windows services by following the CIS (Center for Internet Security) security recommendations.
• Disable telemetry : Windows 10 and 11 regularly send diagnostic data to Microsoft. This feature can be disabled to limit the collection of private data.
• Disable cortana : Disabling Cortana thus limits potential leaks of personal data.
• Remove windows appx : By default, Windows includes several applications via its Store. This tool allows you to remove these applications to optimize the security and performance of your computing devices.
• Deactivating obsolete protocols:
  • Disable SMBv1 : It disables the old SMBv1 protocol.
  • Disable NetBIOS : it is also vulnerable and can be disabled to enhance security.
• Disable administrative share : Disable shares to the drive (C:) to limit unauthorized access points.

As part of the security enhancement, several measures have been deployed to protect workstations. These include disabling obsolete protocols, enabling disk encryption, and stricter password and access management. Here’s an overview of the tools and functionalities implemented thanks to WAPT.

• Without AD: Use of LAPS by WAPT, a tool for defining random passwords for local accounts, with encrypted feedback to the WAPT console.
• With AD: Implementation of LAPS to install the module and retrieve passwords in the Active Directory, as well as LAPS Management for easier management by administrators.
• Enable bitlocker: Enabling BitLocker is essential for encrypting disks on Windows 10 and 11 workstations, protecting data in the event of theft or unauthorized access.
• Disable usb storage to prevent the use of USB storage.
• Disable adobe js in PDF files opened with Adobe Reader, to prevent attacks from the outside.
• Disable RDP to prevent unauthorized remote access.

A regular audit of workstation configuration helps to ensure that security measures are in place and to detect any anomalies. Here are a few audit tools:

• Audit local admin: Generates a list of accounts with local administrator rights on each workstation.
• Audit scheduled tasks : Records scheduled tasks to check their relevance.
• Audit user install software: Pulls up the list of software installed in users’ AppData folders, enabling unauthorized installations to be identified.
• Info Shutdown: Displays a pop-up window to the user after a certain start-up time, giving them the option of restarting their machine if necessary to apply updates.

These solutions, offered by WAPT, optimize workstation security in the professional environment. By combining these reinforcement measures with regular audits, administrators have a complete view of the security status of machines and can react quickly to any anomalies.