Educause Security Discussion mailing list archives

Re: Windows 10 Security Profile

From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Thu, 10 Mar 2016 23:26:50 +0000

Is this across the board for all machines, or just desktops (etc.)?  IMO, for a desktop, turning these off is perfectly 
fine.  When you start to talk about a laptops, phones, or Surfaces, you get into a different group, and I would 
consider different standards.

Some additional questions -
Have you considered exemptions (and how to...) from this standard?
Can you enforce this standard; keep people from enabling various settings?
Have you communicated why this is being done?  Included "them" in on the process?
If left enabled, can you segment the traffic (secure vs. insecure)?

Robert W. Barton
Director of Information Security
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Homer 
Manila
Sent: Thursday, March 10, 2016 5:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Windows 10 Security Profile

All,

We are in the middle of designing a Windows 10 image for the first time and are considering turning the following 
privacy-related settings/features off:

  *   Wifi Sense
  *   Advertising ID
  *   SmartScreen Filter
  *   Location information (or "Let websites provide locally relevant content")
  *   Speech, Inking and Typing
  *   Send MS info about how I write
  *   Feedback and Diagnostics (or at least set Diagnostic and usage data to Basic)

Are other institutions turning off any other privacy settings than these, or think any of these settings are overblown 
as a privacy issue?  We expect Cortana to be a big draw in Windows 10 for our users and are hesitant in turning off any 
feature that would make it less useful (location settings, or any of the Getting To Know me settings).  Additionally, 
SmartScreen Filter seems it could be a nice security feature to have in the Apps store and Edge.

http://lifehacker.com/what-windows-10s-privacy-nightmare-settings-actually-1722267229
http://www.zdnet.com/article/how-to-secure-windows-10-the-paranoids-guide/

Thanks for any feedback!

--Homer Manila, CISSP, GCWN
Information Security Engineer
American University
Office of Information Technology
202-885-2209

AU IT will never ask for your password via e-mail.
Don't share your password with anyone!

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone at (815)-836-5950 and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.

Current thread:

Windows 10 Security Profile Homer Manila (Mar 10)
- Re: Windows 10 Security Profile Barton, Robert W. (Mar 10)
- Re: Windows 10 Security Profile Brad Judy (Mar 10)
  - Re: Windows 10 Security Profile Eric Lukens (Mar 11)
    - Re: Windows 10 Security Profile randy (Mar 11)
- Re: Windows 10 Security Profile Velislav K Pavlov (Mar 11)