Disable These 3 Windows Settings Now! (For Security)

preview_player
Показать описание
You’ll be glad you watched this 🧐

Commands Mentioned:
• Get Language Mode: $ExecutionContext.SessionState.LanguageMode
• Environment Variable Name: __PSLockDownPolicy (Note: You will need to open a new PowerShell window to see if it applied)

Mentioned Links:

▼ Time Stamps: ▼
0:00 - Why Though?
1:00 - What We'll Be Doing
1:46 - Remove PowerShell 2.0
2:22 - Constrained Language Mode
4:22 - About Execution Policy
5:41 - Setting Up Execution Policy
8:28 - PowerShell 7 Execution Policy
9:27 - Setting PowerShell 7 Policy

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
  1. ThioJoe
Рекомендации по теме
Disable These 3 0:12:26

Disable These 3 Windows Settings Now! (For Security)

Disable THESE 3 0:06:02

Disable THESE 3 Windows 11 FEATURES NOW!! - FIX Windows SLOW Performance

Disable These Windows 0:11:31

Disable These Windows Features Nobody Needs

9 Windows settings 0:09:43

9 Windows settings EVERY user should change NOW!

Turn these Windows 0:05:06

Turn these Windows settings OFF!

Things You Need 0:22:16

Things You Need to Disable in Windows 10 Right Now

How to Disable 0:03:22

How to Disable Windows Automatic Updates on Windows 10 Permanently (2021)

Disable Windows 11 0:16:41

Disable Windows 11 Services You Don't Need

How To Optimize 0:07:15

How To Optimize Windows 10 For GAMING - Best Settings for FPS BOOST & NO DELAY! (2024)

Turn Off or 0:03:09

Turn Off or Disable Windows Defender in Windows 11/10 (2023)

Best Way To 0:03:24

Best Way To Turn Off or Disable Windows Defender in Windows 10 (2021)

How To Turn 0:00:41

How To Turn Off Background Apps In Windows 10

What If You 0:11:59

What If You Disable EVERY Windows Group Policy Setting?

Windows 11 Privacy 0:07:06

Windows 11 Privacy Settings You Should Change!

Stop Windows Spying 0:13:04

Stop Windows Spying

How to Clear 0:04:09

How to Clear ALL CACHE & JUNK From Windows 11 & Windows 10 (Easy Way)

Windows Features You 0:06:43

Windows Features You DIDN'T Know You Could Disable

How To Turn 0:10:56

How To Turn Off Windows S Mode Without Microsoft Account

3 Windows 11 0:00:59

3 Windows 11 Settings You Need to Change Right Now!

Disable Unnecessary Services 0:13:26

Disable Unnecessary Services in Windows 10 in 2021

Windows 10: How 0:01:50

Windows 10: How to Start or Stop Sync of Settings and Favorites Between Devices

Do NOT Shut 0:05:05

Do NOT Shut Down Your Computer! (here's why)

Enable ALL These 0:14:29

Enable ALL These Windows Security Features!

How to Enable/Disable 0:01:36

How to Enable/Disable Windows Update in Windows 11/10/8/7

Комментарии
Автор

Also this should work on both Windows 10 and 11

ThioJoe
Автор

It needs to be said that the Constrained Language will have a large impact on your system ability to run legitimate powershell scripts. I really don't advise this option at all. You should only do this on dedicated computer systems where you know Powershell is not being used as a means to install or manage software or the system itself. This option will otherwise break tools like Chocolatey, the SQL Server installation process, and a lot more. Don't do this on your daily usage computer. There is a lot of Windows software out there that relies on Powershell features for its own maintenance or installation processes.

Marfig
Автор

One of the best things you can do is enable logging for PowerShell, which is disabled by default for some unholy reason. That way when someone does get past any blocks you set up you or someone else can go back and see what was done.

Cohors
Автор

Very nice. I've been a programmer for 40 years now and this is something I didn't know. I am retired now so I am not as up to date as I used to be when working in the IT environment.

paland
Автор

Very useful information. I wish Microsoft took Windows security more seriously. Like why have Powershell 2.0 even enabled by default? Anyone who needs it can just enable it on their own. Massive security risk.

Dark_Detective
Автор

Thio never disapponts at making me tired by waking me up at 3 am

ThebedwarsEditmaker
Автор

Thio Joe may not be a driver, but he never fails to deliver 💯💯💥💯

TheAndroidGingerbreadGuy
Автор

Method 2, Microsoft's comment: "As part of the implementation of Constrained Language, PowerShell included an environment variable for debugging and unit testing called __PSLockdownPolicy. While we have never documented this, some have discovered it and described this as an enforcement mechanism. This is unwise because an attacker can easily change the environment variable to remove this enforcement. In addition, there are also file naming conventions that enable FullLanguage mode on a script, effectively bypassing Constrained Language."

lev
Автор

For many years now I've woken up to youtube autoplaying ThioJoe videos. This time no different, I started watching Warhammer videos, fell asleep and now woke up to the voice of Thio. It's almost nostalgic and homely at the same time. Great video as always, will need to check these tips out.

Lurkzz
Автор

If only Microsoft had somebody like ThioJoe on the team...

JohnSmith-xqpz
Автор

"You don't have permission..."
I created a "New Folder" in my D drive and named it "Policy Definitions", put it into "Windows:\" and it now magically has a grip of files in it. I can do nothing with it including saving anything to it. I also thought I told my pc, when I first built it, to NEVER claim I am not the administrator and to never ask for one.
It really sucks that we don't get a save direction. I NEVER put anything I can avoid onto my C drive bc it's only 120 gigs. I now see that there's a ton of stuff that I use that can only be on the C drive. I just want to undo the folder but it tells my I am NOT the admin and it somehow got a grip of files put into it when I moved it from the D drive, where I created it, into the C drive. I'm hyper concerned I just screwed something up and cannot complete the Policy Plus/Definitions step. F me!

donnikubbitz
Автор

Your videos are always informative and helpful. I especially appreciate that you take the time to put complicated commands in the description so they may be copied and pasted.

the_dark_defender
Автор

What you forgot to mention @ThioJoe is that this will severely disable the ability to use PowerShell and bug out command history, especially when you set the constrained language option. If you're a PowerShell frequent user I advise against this since it will break both it and its usage.

TheFrLaNc
Автор

Thx Thio, this was very helpful. A small adjustment with potential big headache savings. You move so fast on your How To Step by Step. I had to pause your instruction several times.

MJ-gejz
Автор

Nice security tips! I wasn't aware of these settings. Thanks!

russellgale
Автор

Lots to think about. I use PS (v7.x) scripts to manage two Windows systems, Home (v 10) and Pro (v 11). I configured an execution policy for PS that gave me some peace of mind. But now I realize that peace of mind was unwarranted. It looks like I will have to sign all my scripts after making the necessary security tweaks.

paulgraunke
Автор

Must share this to everyone who has a windows pc

teresjoshy
Автор

Great info! You should do a video on the Microsoft Security Baselines sometime; they have an extensive inventory of useful settings like this and they're from Microsoft themselves. Lots of companies use these as a starting point for securing corporate devices.

adampriebe
Автор

Very useful information! I appreciated how crystal clear the video is—it’s extremely easy to follow. Thanks!

jeff__w
Автор

Congratulations for 3M subscriber!!!!🎉🎉🎉

Moshiur_Rahman