New
#1
Win10 hardening GPO support for secure desktops
Hello all, long time lurker first time poster on the forums, hopefully this is the correct place to post this. Working on some hardening settings for Win10 desktop machines in a SCIF environment for a client, there's 2 settings I've been wrestling with and haven't found a workaround. They are:
1. Disabling microphone jack/port
2. Allow privileged users only write access to CD/DVD and prevent everyone else.
In group policy preferences not seeing anything for microphone under control panel\devices, there's a policy to disable sound completely and registry hack to disable headphones but nothing for mic. The only option i see is disabling microphone in the BIOS, but that would require altering the image as i don't think BIOS settings can be managed by GPO. As for allowing only privilege users to write to CD/DVD, the only foreseeable option i know of is first setting up a GPO to block CD/DVD access completely, then creating a second "exceptions" GPO to allow this setting and do a security filter to only select privileged users or a security group of users. But this will require two policies for just one setting which i would like to avoid. Thank you in advance for the help