Share via

How to use the Windows system registry to improve PC information security?

tj_zero 65 Reputation points
2024-02-23T04:24:07.9666667+00:00

Recommend common registry key Settings in Windows to improve information security. I've implemented disabling external USB storage, things like that; I'd like to know something like:

  1. Prohibit all printing services (local printers and network printers, etc.)
  2. It is forbidden to upload data files through the network (other forms of understanding can achieve the purpose)
  3. Disable screenshot
  4. Set browser history to be automatically cleared; In the same way, the goal of my project is to limit the risk channels and behaviors of information leakage; In this sincerely consult experienced Windows registry experts, there should be more other information disclosure risk point strengthening measures, as well as good practices, please guide me or remind me how you use registry key values to improve information security; I know that there are already many similar third-party software on the market for centralized management and setup; However, we are discussing the topic of improving the level of information security by setting the key values of Windows registry keys, so third-party software is outside the scope of this technical discussion; Look forward to every creative answer, as well as experience guidance, thank you;
Windows for business Windows Server User experience Other
Windows for business Windows Server Devices and deployment Configure application groups
Windows for business Windows Client for IT Pros User experience Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daniel Alejandro Rivera Dominguez 415 Reputation points Microsoft External Staff
    2024-02-23T15:19:14.1166667+00:00

    Hello Tj_zero, Thank you for using the Microsoft Q&A forums. I don't know the specific set of keys for those, but many of the things you want can be found in the existing security policies. You can enable the with local policy or with Domain policies, either way they should do the same. You can confirm the changes by looking at the related registry keys.

    You can look the existing security policies and related scenarios here: Security policy settings - Windows Security | Microsoft Learn

    0 comments
  2. Wesley Li 11,245 Reputation points
    2024-02-27T04:54:30.4+00:00

    Hello Is the machine professional version or enterprise version? Is the machine domain joined? If the machine is professional or enterprise version, the group policy is a good choice for your purpose. If the machine is domain joined, group policies deployed from the domain would be more suitable.

    1. For printing, we could deploy group policy to disable "printer spooler" service.
    2. For network sharing, we could disable SMB protocol. How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows | Microsoft Learn
    3. For screenshot, I am not sure the exact need. If you mean disable the screenkey to enable snipping. We could try the following registry key configuration. reg add "HKCU\Control Panel\Keyboard" /v PrintScreenKeyForSnippingEnabled /t REG_DWORD /d 0 /f
    4. For browser history, check the following policies or registry keys. Microsoft Edge Browser Policy Documentation | Microsoft Learn
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.