{"id":3095,"date":"2019-06-06T13:31:09","date_gmt":"2019-06-06T11:31:09","guid":{"rendered":"http:\/\/lestfrexgn.cluster020.hosting.ovh.net\/?p=3095"},"modified":"2019-06-06T13:31:16","modified_gmt":"2019-06-06T11:31:16","slug":"windows-10-baseline-de-securite-1903","status":"publish","type":"post","link":"https:\/\/les2t.fr\/fr_fr\/windows-10-baseline-de-securite-1903\/","title":{"rendered":"Windows 10 \u2013 Baseline de s\u00e9curit\u00e9 1903"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"250\" src=\"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png\" alt=\"\" class=\"wp-image-2439\" srcset=\"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png 800w, https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10-480x150.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) 800px, 100vw\" \/><\/figure>\n\n\n\n<p>Microsoft a annonc\u00e9 la&nbsp;publication&nbsp;<em>finale<\/em>&nbsp;des param\u00e8tres de Baseline de\ns\u00e9curit\u00e9 pour Windows 10 version 1903 ainsi que pour Windows Server version\n1903 (version Server Core).<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Cette nouvelle mise \u00e0 jour de fonctionnalit\u00e9s Windows10\nn\u2019apporte que tr\u00e8s peu de nouveaux param\u00e8tres de strat\u00e9gie de groupe. Cette nouvelle\nmouture des baseline ne recommande de ne configurer que deux d&rsquo;entre elles.&nbsp;Toutefois,\nplusieurs modifications aux param\u00e8tres existants ont \u00e9t\u00e9 apport\u00e9. <\/p>\n\n\n\n<p>Les modifications apport\u00e9es aux baseline Windows 10 v1809 et\nWindows Server 2019 incluent :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>L&rsquo;activation de la nouvelle strat\u00e9gie \u00ab\n     Activer les options d&rsquo;att\u00e9nuation svchost.exe\u00bb, qui applique une s\u00e9curit\u00e9\n     plus stricte sur les services Windows h\u00e9berg\u00e9s dans svchost.exe, stipule\n     notamment que tous les fichiers binaires charg\u00e9s par svchost.exe doivent\n     \u00eatre sign\u00e9s par Microsoft et que le code g\u00e9n\u00e9r\u00e9 de mani\u00e8re dynamique n&rsquo;est\n     pas autoris\u00e9.&nbsp;<em><strong>Portez une attention\n     particuli\u00e8re \u00e0 celui-ci, <\/strong><\/em>car cela pourrait entra\u00eener des\n     probl\u00e8mes de compatibilit\u00e9 avec du code tiers essayant d&rsquo;utiliser le\n     processus d&rsquo;h\u00e9bergement svchost.exe, y compris les plugins tiers de cartes\n     \u00e0 puce.<\/li><li>En configurant le nouveau param\u00e8tre de\n     confidentialit\u00e9 des applications, \u00ab Laisser les applications Windows\n     activer la voix lorsque le syst\u00e8me est verrouill\u00e9 \u00bb, afin que les\n     utilisateurs ne puissent pas interagir avec les applications utilisant la\n     voix lorsque le syst\u00e8me est verrouill\u00e9.<\/li><li>D\u00e9sactivation de la r\u00e9solution de nom\n     de multidiffusion (LLMNR) pour att\u00e9nuer les menaces d&rsquo;usurpation de\n     serveur.<\/li><li>Limiter le type de n\u0153ud NetBT au n\u0153ud\n     P, interdire l&rsquo;utilisation de la diffusion pour enregistrer ou r\u00e9soudre\n     les noms, ainsi que pour att\u00e9nuer les menaces d&rsquo;usurpation de serveur.&nbsp;Microsoft\n     a ajout\u00e9 un param\u00e8tre \u00e0 l\u2019ADMX \u00abMS Security Guide\u00bb pour permettre la\n     gestion de ce param\u00e8tre de configuration via la strat\u00e9gie de groupe.<\/li><li>Correction d&rsquo;un oubli dans la ligne de\n     base du contr\u00f4leur de domaine en ajoutant les param\u00e8tres d&rsquo;audit\n     recommand\u00e9s pour le service d&rsquo;authentification Kerberos.<\/li><li>Suppression des strat\u00e9gies d&rsquo;expiration\n     de mot de passe n\u00e9cessitant des modifications p\u00e9riodiques du mot de passe.<\/li><li>Suppression de la m\u00e9thode de\n     chiffrement sp\u00e9cifique du lecteur BitLocker et des param\u00e8tres de\n     renforcement du chiffrement.&nbsp;La baseline a requis le cryptage\n     BitLocker le plus puissant qui soit.&nbsp;Cet \u00e9l\u00e9ment est supprim\u00e9 pour\n     plusieurs raisons.&nbsp;Le cryptage par d\u00e9faut est 128 bits et les experts\n     Microsoft en cryptographie disent qu&rsquo;il n&rsquo;y a aucun risque connu de\n     rupture dans un avenir pr\u00e9visible.&nbsp;Sur certains mat\u00e9riels, il peut y\n     avoir une d\u00e9gradation notable des performances en allant de 128 \u00e0 256\n     bits.&nbsp;Enfin, de nombreux p\u00e9riph\u00e9riques, tels que ceux de la ligne\n     Microsoft Surface, activent BitLocker par d\u00e9faut et utilisent les\n     algorithmes par d\u00e9faut.&nbsp;La conversion de ceux-ci en 256 bits\n     n\u00e9cessite tout d&rsquo;abord de d\u00e9chiffrer les volumes, puis de les rechiffrer,\n     ce qui cr\u00e9e une exposition temporaire \u00e0 la s\u00e9curit\u00e9 ainsi qu&rsquo;un impact sur\n     l&rsquo;utilisateur.<\/li><li>Suppression de l&rsquo;explorateur de\n     fichiers \u00abD\u00e9sactiver les param\u00e8tres de pr\u00e9vention de l&rsquo;ex\u00e9cution des\n     donn\u00e9es pour l&rsquo;explorateur\u00bb et \u00abD\u00e9sactiver l&rsquo;arr\u00eat du tas en cas de\n     corruption\u00bb, car ils ne font qu&rsquo;appliquer le comportement par d\u00e9faut,\n     comme le d\u00e9crit Raymond Chen&nbsp;<a href=\"https:\/\/devblogs.microsoft.com\/oldnewthing\/20170620-00\/?p=96435\" target=\"_blank\" rel=\"noreferrer noopener\">ici<\/a>&nbsp;.<\/li><\/ul>\n\n\n\n<p>Les modifications suppl\u00e9mentaires qui ont \u00e9t\u00e9 adopt\u00e9es depuis la\npublication de la version pr\u00e9liminaire incluent :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Abandonner l&rsquo;application du\n     comportement par d\u00e9faut de d\u00e9sactivation des comptes administrateur et\n     invit\u00e9 int\u00e9gr\u00e9s.&nbsp;<\/li><li>Suppression d\u2019un param\u00e8tre Windows\n     Defender Antivirus qui s\u2019applique uniquement aux formats de fichier de\n     courrier \u00e9lectronique h\u00e9rit\u00e9s.<\/li><li>Modification de la configuration XML de\n     Windows Defender Exploit Protection pour permettre \u00e0 Groove.exe (OneDrive\n     for Business) de lancer des processus enfants, en particulier MsoSync.exe,\n     n\u00e9cessaires \u00e0 la synchronisation de fichiers.<\/li><\/ul>\n\n\n\n<p>Pour les t\u00e9l\u00e9charger \u00e0 partir de&nbsp;<a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?id=55319\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Security Compliance Toolkit<\/a>&nbsp;<\/p>\n\n\n\n<p>Pour en savoir plus&nbsp;: <a href=\"https:\/\/blogs.technet.microsoft.com\/secguide\/2019\/05\/23\/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903\/\">Article\nofficiel<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft a annonc\u00e9 la&nbsp;publication&nbsp;finale&nbsp;des param\u00e8tres de Baseline de s\u00e9curit\u00e9 pour Windows 10 version 1903 ainsi que pour Windows Server version 1903 (version Server Core).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[63,47],"tags":[299,36,220,294,48,168],"class_list":["post-3095","post","type-post","status-publish","format-standard","hentry","category-securite","category-windows-10","tag-baseline","tag-microsoft","tag-securite","tag-security","tag-windows","tag-windows-10"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.3.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Windows 10 \u2013 Baseline de s\u00e9curit\u00e9 1903 - Les2T<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/les2t.fr\/fr_fr\/windows-10-baseline-de-securite-1903\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows 10 \u2013 Baseline de s\u00e9curit\u00e9 1903 - Les2T\" \/>\n<meta property=\"og:description\" content=\"Microsoft a annonc\u00e9 la&nbsp;publication&nbsp;finale&nbsp;des param\u00e8tres de Baseline de s\u00e9curit\u00e9 pour Windows 10 version 1903 ainsi que pour Windows Server version 1903 (version Server Core).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/les2t.fr\/fr_fr\/windows-10-baseline-de-securite-1903\/\" \/>\n<meta property=\"og:site_name\" content=\"Les2T\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-06T11:31:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-06-06T11:31:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png\" \/>\n<meta name=\"author\" content=\"TRARBACH Jean-Yves\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"TRARBACH Jean-Yves\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/\",\"url\":\"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/\",\"name\":\"Windows 10 \u2013 Baseline de s\u00e9curit\u00e9 1903 - Les2T\",\"isPartOf\":{\"@id\":\"https:\/\/les2t.fr\/fr_fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png\",\"datePublished\":\"2019-06-06T11:31:09+00:00\",\"dateModified\":\"2019-06-06T11:31:16+00:00\",\"author\":{\"@id\":\"https:\/\/les2t.fr\/fr_fr\/#\/schema\/person\/d96bb4f512f9aeb12dc923def245768e\"},\"breadcrumb\":{\"@id\":\"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#primaryimage\",\"url\":\"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png\",\"contentUrl\":\"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/les2t.fr\/fr_fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows 10 \u2013 Baseline de s\u00e9curit\u00e9 1903\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/les2t.fr\/fr_fr\/#website\",\"url\":\"https:\/\/les2t.fr\/fr_fr\/\",\"name\":\"Les2T\",\"description\":\"| BLOG  IT |\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/les2t.fr\/fr_fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/les2t.fr\/fr_fr\/#\/schema\/person\/d96bb4f512f9aeb12dc923def245768e\",\"name\":\"TRARBACH Jean-Yves\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/les2t.fr\/fr_fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/les2t.fr\/wp-content\/uploads\/2023\/02\/JeanYvestrarbach-96x96.jpg\",\"contentUrl\":\"https:\/\/les2t.fr\/wp-content\/uploads\/2023\/02\/JeanYvestrarbach-96x96.jpg\",\"caption\":\"TRARBACH Jean-Yves\"},\"description\":\"Head Of Modern Workplace Metsys MVP Windows &amp; devices For IT\",\"sameAs\":[\"https:\/\/les2t.fr\/jean-yves-trarbach\/\"],\"url\":\"https:\/\/les2t.fr\/fr_fr\/author\/kounac\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Windows 10 \u2013 Baseline de s\u00e9curit\u00e9 1903 - Les2T","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/les2t.fr\/fr_fr\/windows-10-baseline-de-securite-1903\/","og_locale":"fr_FR","og_type":"article","og_title":"Windows 10 \u2013 Baseline de s\u00e9curit\u00e9 1903 - Les2T","og_description":"Microsoft a annonc\u00e9 la&nbsp;publication&nbsp;finale&nbsp;des param\u00e8tres de Baseline de s\u00e9curit\u00e9 pour Windows 10 version 1903 ainsi que pour Windows Server version 1903 (version Server Core).","og_url":"https:\/\/les2t.fr\/fr_fr\/windows-10-baseline-de-securite-1903\/","og_site_name":"Les2T","article_published_time":"2019-06-06T11:31:09+00:00","article_modified_time":"2019-06-06T11:31:16+00:00","og_image":[{"url":"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png","type":"","width":"","height":""}],"author":"TRARBACH Jean-Yves","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"TRARBACH Jean-Yves","Dur\u00e9e de lecture estim\u00e9e":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/","url":"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/","name":"Windows 10 \u2013 Baseline de s\u00e9curit\u00e9 1903 - Les2T","isPartOf":{"@id":"https:\/\/les2t.fr\/fr_fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#primaryimage"},"image":{"@id":"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#primaryimage"},"thumbnailUrl":"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png","datePublished":"2019-06-06T11:31:09+00:00","dateModified":"2019-06-06T11:31:16+00:00","author":{"@id":"https:\/\/les2t.fr\/fr_fr\/#\/schema\/person\/d96bb4f512f9aeb12dc923def245768e"},"breadcrumb":{"@id":"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#primaryimage","url":"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png","contentUrl":"https:\/\/les2t.fr\/wp-content\/uploads\/2017\/02\/BANW10.png"},{"@type":"BreadcrumbList","@id":"https:\/\/les2t.fr\/windows-10-baseline-de-securite-1903\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/les2t.fr\/fr_fr\/"},{"@type":"ListItem","position":2,"name":"Windows 10 \u2013 Baseline de s\u00e9curit\u00e9 1903"}]},{"@type":"WebSite","@id":"https:\/\/les2t.fr\/fr_fr\/#website","url":"https:\/\/les2t.fr\/fr_fr\/","name":"Les2T","description":"| BLOG  IT |","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/les2t.fr\/fr_fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/les2t.fr\/fr_fr\/#\/schema\/person\/d96bb4f512f9aeb12dc923def245768e","name":"TRARBACH Jean-Yves","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/les2t.fr\/fr_fr\/#\/schema\/person\/image\/","url":"https:\/\/les2t.fr\/wp-content\/uploads\/2023\/02\/JeanYvestrarbach-96x96.jpg","contentUrl":"https:\/\/les2t.fr\/wp-content\/uploads\/2023\/02\/JeanYvestrarbach-96x96.jpg","caption":"TRARBACH Jean-Yves"},"description":"Head Of Modern Workplace Metsys MVP Windows &amp; devices For IT","sameAs":["https:\/\/les2t.fr\/jean-yves-trarbach\/"],"url":"https:\/\/les2t.fr\/fr_fr\/author\/kounac\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/les2t.fr\/fr_fr\/wp-json\/wp\/v2\/posts\/3095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/les2t.fr\/fr_fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/les2t.fr\/fr_fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/les2t.fr\/fr_fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/les2t.fr\/fr_fr\/wp-json\/wp\/v2\/comments?post=3095"}],"version-history":[{"count":0,"href":"https:\/\/les2t.fr\/fr_fr\/wp-json\/wp\/v2\/posts\/3095\/revisions"}],"wp:attachment":[{"href":"https:\/\/les2t.fr\/fr_fr\/wp-json\/wp\/v2\/media?parent=3095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/les2t.fr\/fr_fr\/wp-json\/wp\/v2\/categories?post=3095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/les2t.fr\/fr_fr\/wp-json\/wp\/v2\/tags?post=3095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}