How to use the Windows system registry to improve PC information security?

tj_zero 65 Reputation points
2024-02-23T04:24:07.9666667+00:00

Recommend common registry key Settings in Windows to improve information security. I've implemented disabling external USB storage, things like that; I'd like to know something like:

  1. Prohibit all printing services (local printers and network printers, etc.)
  2. It is forbidden to upload data files through the network (other forms of understanding can achieve the purpose)
  3. Disable screenshot
  4. Set browser history to be automatically cleared; In the same way, the goal of my project is to limit the risk channels and behaviors of information leakage; In this sincerely consult experienced Windows registry experts, there should be more other information disclosure risk point strengthening measures, as well as good practices, please guide me or remind me how you use registry key values to improve information security; I know that there are already many similar third-party software on the market for centralized management and setup; However, we are discussing the topic of improving the level of information security by setting the key values of Windows registry keys, so third-party software is outside the scope of this technical discussion; Look forward to every creative answer, as well as experience guidance, thank you;
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,575 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,054 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,834 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,604 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daniel Alejandro Rivera Dominguez 415 Reputation points Microsoft Vendor
    2024-02-23T15:19:14.1166667+00:00

    Hello Tj_zero, Thank you for using the Microsoft Q&A forums. I don't know the specific set of keys for those, but many of the things you want can be found in the existing security policies. You can enable the with local policy or with Domain policies, either way they should do the same. You can confirm the changes by looking at the related registry keys.

    You can look the existing security policies and related scenarios here: Security policy settings - Windows Security | Microsoft Learn

    0 comments
  2. Wesley Li 8,780 Reputation points
    2024-02-27T04:54:30.4+00:00

    Hello Is the machine professional version or enterprise version? Is the machine domain joined? If the machine is professional or enterprise version, the group policy is a good choice for your purpose. If the machine is domain joined, group policies deployed from the domain would be more suitable.

    1. For printing, we could deploy group policy to disable "printer spooler" service.
    2. For network sharing, we could disable SMB protocol. How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows | Microsoft Learn
    3. For screenshot, I am not sure the exact need. If you mean disable the screenkey to enable snipping. We could try the following registry key configuration. reg add "HKCU\Control Panel\Keyboard" /v PrintScreenKeyForSnippingEnabled /t REG_DWORD /d 0 /f
    4. For browser history, check the following policies or registry keys. Microsoft Edge Browser Policy Documentation | Microsoft Learn
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.