fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The New Group Policies Coming to Windows 10 21H2

The New Group Policies Coming to Windows 10 21H2

As Microsoft continues to develop the Windows 10 21H2 feature update, we can use the preview builds to get a glimpse of the upcoming features, changes, and new group policies coming to the operating system this fall.

Microsoft just released Windows 10 21H1 last week, but it was not met with much fanfare as it is not a very exciting release.

Windows 10 21H2, also known as the Sun Valley update, is poised to be a much more feature-rich version, with a new UI refresh, DNS-over-HTTPS support, a modern disk management tool, new settings, and more.

In addition to new features, Microsoft is also adding new group policies for Windows 10 21H2 that we can see in current preview builds.

Below are the seven currently available Windows 10 21H2 group policies coming this fall.

The new Windows 10 21H2 group policies

Policy: Show or hide “Most used” list from Start menu
Location: Computer Configuration > Administrative Templates > Start Menu and Taskbar

Show or hide Most used list from Start menu

Description: If you enable this policy setting, you can configure Start menu to show or hide the list of user’s most used apps, regardless of user settings.

Selecting “Show” will force the “Most used” list to be shown, and user cannot change to hide it using the Settings app.

Selecting “Hide” will force the “Most used” list to be hidden, and user cannot change to show it using the Settings app.

Selecting “Not Configured”, or if you disable or do not configure this policy setting, all will allow users to turn on or off the display of “Most used” list using the Settings app. This is default behavior.

Note: configuring this policy to “Show” or “Hide” on supported versions of Windows 10 will supercede any policy setting of “Remove frequent programs list from the Start Menu” (which manages same part of Start menu but with fewer options).


Also Read: The Difference Between GDPR and PDPA Under 10 Key Issues

Policy: Not allow sideloaded apps to auto-update in the background
Location: Computer Configuration > Administrative Templates > Windows Components > App Package Deployment

Not allow sideloaded apps to auto-update in the background policy

Manages a sideloaded apps’ ability to auto-update in the background. 

        If you enable this policy, sideloaded apps will not auto-update in the background.

        If you disable this policy, sideloaded apps will auto-update in the background.

        Default is ‘disabled’ (key not present).


Policy: Not allow sideloaded apps to auto-update in the background on a metered network
Location: Computer Configuration > Administrative Templates > Windows Components > App Package Deployment

Not allow sideloaded apps to auto-update in the background on a metered network policy

Manages a sideloaded apps’ ability to auto-update in the background on a metered network. 

        If you enable this policy, sideloaded apps will not auto-update in the background on a metered network.

        If you disable this policy, sideloaded apps will auto-update in the background on a metered network.

        Default is ‘disabled’ (key not present).


Policy: Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria
Location: Computer Configuration > Administrative Templates > System > Device Installation >Device Installation Restrictions

Apply layered order of evaluation policy

This policy setting will change the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. Enable this policy setting to ensure that overlapping device match criteria is applied based on an established hierarchy where more specific match criteria supersedes less specific match criteria. The hierarchical order of evaluation for policy settings that specify device match criteria is as follows:

Device instance IDs > Device IDs > Device setup class > Removable devices

Device instance IDs
1. Prevent installation of devices using drivers that match these device instance IDs
2. Allow installation of devices using drivers that match these device instance IDs

Device IDs
3. Prevent installation of devices using drivers that match these device IDs
4. Allow installation of devices using drivers that match these device IDs

Device setup class
5. Prevent installation of devices using drivers that match these device setup classes
6. Allow installation of devices using drivers that match these device setup classes

Removable devices
7. Prevent installation of removable devices

NOTE: This policy setting provides more granular control than the “Prevent installation of devices not described by other policy settings” policy setting. If these conflicting policy settings are enabled at the same time, the “Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria” policy setting will be enabled and the other policy setting will be ignored.

If you disable or do not configure this policy setting, the default evaluation is used. By default, all “Prevent installation…” policy settings have precedence over any other policy setting that allows Windows to install a device.


Also Read: PDPA Compliance Singapore: 10 Areas to Work on

Policy: Do not allow location redirection
Location: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection

Do not allow location redirection policy

This policy setting lets you control the redirection of location data to the remote computer in a Remote Desktop Services session.

By default, Remote Desktop Services allows redirection of location data.

If you enable this policy setting, users cannot redirect their location data to the remote computer.

If you disable or do not configure this policy setting, users can redirect their location data to the remote computer.


Policy: Allow UI Automation redirection
Location: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection

Allow UI Automation redirection

This policy setting determines whether User Interface (UI) Automation client applications running on the local computer can access UI elements on the server.

UI Automation gives programs access to most UI elements, which lets you use assistive technology products like Magnifier and Narrator that need to interact with the UI in order to work properly. UI information also allows automated test scripts to interact with the UI.

Remote Desktop sessions don’t currently support UI Automation redirection.

If you enable or don’t configure this policy setting, any UI Automation clients on your local computer can interact with remote apps. For example, you can use your local computer’s Narrator and Magnifier clients to interact with UI on a web page you opened in a remote session.

If you disable this policy setting, UI Automation clients running on your local computer can’t interact with remote apps.

Policy: Specify source service for specific classes of Windows Updates
Location: Computer Configuration > Administrative Templates > Windows Components > Windows Update

Specify source service for specific classes of Windows Updates

When this policy is enabled, devices will receive Windows updates for the classes listed from the specified update source: either Windows Update or Windows Server Update Service. 

        Note: To receive any updates from the Windows Server Update Service you must have properly configured an intranet Microsoft update service location via the “Specify intranet Microsoft update service location” policy.

        If this policy is not configured or is disabled, the device will continue to detect updates per your other policy configurations. 

        Note: If you are using “Do not allow deferral policies to cause scans against Windows Update” currently to ensure devices only scan against your specified server, we recommend configuring this policy instead or in addition to such.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us