Operational and Administrative Guidance Microsoft Windows 10 ...

Microsoft Windows 10 GP OS Administrative Guidance

Operational and Administrative Guidance

Microsoft Windows 10 and Windows Server 2019

Common Criteria Evaluation for Microsoft Windows 10 and Windows Server 2019 Version 1809 (October 2018 Update)

General Purpose Operating System Protection Profile

? 2019 Microsoft. All rights reserved.

1

Microsoft Windows 10 GP OS Administrative Guidance

Copyright and disclaimer

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs-NonCommercial VLicense (which allows redistribution of the work). To view a copy of this license, visit or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.

? 2019 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Visual Basic, Visual Studio, Windows, the Windows logo, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

? 2019 Microsoft. All rights reserved.

2

Microsoft Windows 10 GP OS Administrative Guidance

1 Contents

2 Change history ............................................................................................................................................................. 8 3 Introduction...................................................................................................................................................................8

3.1 What's new.........................................................................................................................................................8 3.2 How this guide is organized........................................................................................................................8 3.3 Links to other resources................................................................................................................................9 3.4 Security Target document............................................................................................................................9 3.5 Guidance specific to user roles .................................................................................................................. 9 3.6 Modern device management................................................................................................................... 10 3.7 Approaches for configuring Windows policies ................................................................................. 11

3.7.1 Setting policies with modern device management (MDM):................................................. 11 3.7.2 Setting policies with Group Policy Objects (GPO):................................................................... 11 3.7.3 Setting policies with PowerShell scripts:...................................................................................... 12 4 Evaluated editions and platforms ...................................................................................................................... 12 5 Evaluated configuration......................................................................................................................................... 13 5.1 Installing the operating system............................................................................................................... 13 5.2 Operational prerequisites.......................................................................................................................... 14 5.2.1 Trusted platforms ................................................................................................................................. 14 5.2.2 Device administration ......................................................................................................................... 14 5.2.3 Security updates.................................................................................................................................... 14 5.2.4 Mode of operation ............................................................................................................................... 15 5.2.5 FIPS 140 Approved mode.................................................................................................................. 15 5.2.6 Additional cryptography configuration........................................................................................ 16 5.2.7 Device access.......................................................................................................................................... 16 6 Managing evaluated features.............................................................................................................................. 17 6.1 Managing cryptography ............................................................................................................................ 17 6.2 Managing X.509 certificates ..................................................................................................................... 18

? 2019 Microsoft. All rights reserved.

3

Microsoft Windows 10 GP OS Administrative Guidance

6.2.1 Client certificates and Certificate Authorities............................................................................. 18 6.2.2 Trusted root certificates ..................................................................................................................... 19 6.2.3 Certificate name comparison ........................................................................................................... 20 6.2.4 Certificate validation............................................................................................................................ 20 6.3 Managing Transport Layer Security (TLS)............................................................................................ 22 6.3.1 Available TLS ciphersuites ................................................................................................................. 22 6.3.2 Available EAP-TLS ciphersuites........................................................................................................ 23 6.3.3 Configuring with MDM....................................................................................................................... 23 6.3.4 Configuring with PowerShell ............................................................................................................ 24 6.3.5 Configuring with group policy......................................................................................................... 24 6.3.6 Generating X.509 certificates with templates ............................................................................ 25 6.3.7 Managing signature algorithms with the Windows registry ................................................ 26 6.3.8 Choosing TLS in a web browser ...................................................................................................... 26 6.4 Managing network connections ............................................................................................................. 26 6.4.1 Enabling or disabling network connections with the Windows UI .................................... 27 6.4.2 Enabling or disabling network connections with PowerShell .............................................. 27 6.4.3 Configuring Wi-Fi access with MDM............................................................................................. 27 6.4.4 Configuring Wi-Fi access with the Windows user interface ................................................. 27 6.4.5 Configuring allowed Wi-Fi networks with MDM ...................................................................... 28 6.4.6 Configuring allowed Wi-Fi networks with Group Policy ........................................................ 28 6.4.7 Selecting a secure Wi-Fi connection with the Windows UI .................................................. 28 6.4.8 Configuring a Wi-Fi connection profile with the Windows UI............................................. 29 6.5 Managing personal hotspots ................................................................................................................... 30 6.5.1 Configuring with MDM....................................................................................................................... 30 6.5.2 Configuring with group policy......................................................................................................... 30 6.5.3 Configuring with the Windows user interface ........................................................................... 31 6.6 Managing Bluetooth ................................................................................................................................... 31

? 2019 Microsoft. All rights reserved.

4

Microsoft Windows 10 GP OS Administrative Guidance

6.6.1 Configuring Bluetooth adapters with MDM............................................................................... 31 6.6.2 Enabling or disabling Bluetooth adapters with the Windows UI........................................ 32 6.6.3 Enabling or disabling Bluetooth adapters with PowerShell ................................................. 32 6.7 Managing passwords and password policy........................................................................................ 32 6.7.1 Configuring with MDM....................................................................................................................... 32 6.7.2 Configuring with group policy......................................................................................................... 33 6.7.3 Configuring with net.exe accounts utility .................................................................................... 34 6.8 Managing smart card logon..................................................................................................................... 35 6.9 Managing Windows Hello......................................................................................................................... 35 6.9.1 Configuring biometric authentication with the Windows UI ............................................... 35 6.9.2 Configuring Windows Hello for Business with group policy or MDM ............................. 36 6.9.3 Configuring PIN authentication with the Windows UI ........................................................... 36 6.10 Managing screen lock and session timeout ................................................................................... 37 6.10.1 Configuring with MDM ................................................................................................................. 37 6.10.2 Configuring with group policy ................................................................................................... 37 6.10.3 Configuring with the Windows registry .................................................................................. 38 6.10.4 Configuring with the Windows user interface...................................................................... 38 6.11 Managing the logon banner ................................................................................................................ 39 6.11.1 Configuring with MDM ................................................................................................................. 39 6.11.2 Configuring with group policy ................................................................................................... 39 6.11.3 Configuring with the Windows registry .................................................................................. 39 6.12 Managing USB ........................................................................................................................................... 40 6.12.1 Configuring with the Windows UI............................................................................................. 40 6.12.2 Configuring with PowerShell....................................................................................................... 40 6.12.3 Configuring with the Windows registry .................................................................................. 41 6.13 Managing updates ................................................................................................................................... 41 6.13.1 Configuring using MDM............................................................................................................... 41

? 2019 Microsoft. All rights reserved.

5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.