A Security Baseline is an additional set of security enhancements that can be added to the original security protocols already in place in Windows. This is especially useful for the companies and organizations that prefer to take more control of their virtual security. This Baseline adds ransomware protection for your operating system and other new policies discussed below.
New in Windows 10 Version 21H2 Security Baseline
Removed Microsoft Edge Legacy Policies
Since Microsoft Edge Legacy had reached the end of support earlier this year, Windows 10 v21H2 came with only Edge Chromium. Therefore, policies for Edge Legacy have not been included with this Security Baseline.
Restrict Printer Driver Installation
Sysadmins can now prevent users with administrative rights from installing printer drivers. This addition has been included in light of a remote code execution vulnerability (CVE-2021-34527) codenamed “PrintNightmare.” System administrators can find the Group Policy “Limits print driver installation to Administrators” at the following location within the Group Policy Editor after installing this Security Baseline: When enabled, users with administrative privileges will no longer be able to update printer drivers.
Tamper Protection Included
Administrators can now secure their devices by enabling Microsoft Defender for Endpoint’s Tamper Protection. Enabling it will block human-operated ransomware attacks by making the necessary changes in Windows Registry so a program cannot make unauthorized changes to the operating system’s security features. Enabling this option will prevent the attackers from performing the following tasks:
Disable Virus and threat ProtectionDisable Real-Time ProtectionSwitch off Behavior MonitoringDisable antivirusRemove security updatesDisable automatic actions upon threat detection
You can enable Tamper Protection from the following path after installing this Security Baseline:
Download and Install Windows 10 Version 21H2 Security Baseline
Follow the guide below to install the new Security Baseline on your Windows 10 device: Check your current OS version by typing in winver in Run. Once all 3 files are executed via Windows PowerShell, Windows 10 version 21H2 Security Baseline will be installed successfully. You may now begin configuring the new changes introduced with this Baseline.
Closing Words
Security Baselines are an optional update for your operating system’s security. If you are an individual user and not part of an organization, you could also benefit from such Baselines by preventing other users on your PC from performing tasks that could potentially expose the system to outside threats. Also see:
Download Windows 11 Security BaselineDownload and install Security Baseline for Microsoft Edge 88Microsoft Edge 105 Released With Critical Security Fixes, Security Baseline; Still Might CrashDownload Windows 11 22H2 (2022 Update) Security BaselineHow To Block Malicious Drivers With Windows Security (Windows Defender)