Some questions #70
Replies: 3 comments 3 replies
-
|
Hi, Lockout policy is applied by Microsoft security baseline and the script but they don't have the necessary effect on the built-in administrator account that's disabled by default.
That makes the built-in administrator less secure than an administrator account connected to a MSA or AAD. The usability is barely sacrificed unless the top security category is also used. Increating minimum Bitlocker startup Pin for everyone isn't logical because that security vuln only applies to subset of AMD CPUs. I can add an Important message to the Bitlocker section linking to your GitHub issue letting those AMD CPU users know about the vuln. Yes, the script checks for new version when you install and run it from PowerShell gallery, but when running it directly from GitHub you always use the latest version. Clipboard sync with MSA is just a user-mode (non-admin) setting for improved productivity, trying to offset the little loss of usability. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks! 🙂 |
Beta Was this translation helpful? Give feedback.
-
|
You can use local account too, you just won't have access to features like Windows Hello for lock screen, logging into websites with phish resistant passkeys instead of username/password etc. 🙂 |
Beta Was this translation helpful? Give feedback.
-
|
|
Beta Was this translation helpful? Give feedback.
-
|
Great! Maybe give something like 16 as minimum length, since 20 characters is the maximum accepted by BitLocker anyway. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, fixed it! |
Beta Was this translation helpful? Give feedback.
-
Hi 🙂
#TopSecuritymeasure, since the people implementing these measures are willing to sacrifice a bit of usability for more security.Beta Was this translation helpful? Give feedback.
All reactions