How to provide additional protection for laptops running Windows 10

Problem:

Think of a situation you use PIN for log-in  and  someone steals your laptop.

Resolution:

You can provide additional protection for laptops that don’t have TPM by enablng BitLocker and setting a policy to limit failed sign-ins.

Mt621546.wedge(en-us,VS.85).gifConfigure BitLocker without TPM

  1. In the Start Search type in gpedit.msc  to launch Group policy:
  2.  

    Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication at startup

  3. In the policy option, select Allow BitLocker without a compatible TPM, and then click OK.
  4. Go to Control Panel > System and Security > BitLocker Drive Encryption and select the operating system drive to protect.

TPM

Mt621546.wedge(en-us,VS.85).gifSet account lockout threshold

  1. In the Start Search type in gpedit.msc  to launch Group policy:

    Computer Configuration >Windows Settings >Security Settings >Account Policies > Account Lockout Policy > Account lockout threshold

  2. Set the number of invalid logon attempts to allow, and then click OK.

ac lock

[Note: You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out.The default value is 0]

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s