Windows 11 in 2024 is major progress - just took a
@Lenovo
ThinkPad Z16 Gen 2 out of the box and installed latest build:
✅Standard USER DEFAULT!!! (Adminless)
✅Signed-only apps (Smart App Control SAC)
✅Win32 App Isolation (AppSilo)
✅Pluton default, DRTM firmware…
@dwizzzleMSFT
@Lenovo
When I go to the Lenovo store the default is Windows 11 Home - $60 extra for Pro? Do all these security features work on the Home edition?
@CyberCakeX
@Lenovo
an admin account is created under the hood a "runas" is done in the context of that session with an NGC auth (e.g. Hello) so basically fingerprint/face/pin runas admin
@dwizzzleMSFT
@brandonleblanc
@Lenovo
Also in Win11 for 2024
SMB signing required by default
SMB server brute force password protection on by default
SMB guest fallback disabled by default in Pro
SMB1 uninstalled in all editions
SMB NTLM blocking available
SMB encryption mandate available
@dwizzzleMSFT
@Lenovo
That's exciting, I didn't expect to see these changes that early. Does the signing enforcement also count for DLLs? Is DRTM used for key sealing by default?
@dwizzzleMSFT
@Lenovo
Smart App Control out of the box on a non-enterprise laptop? That's kinda wild, even if you can turn it off in options, especially with all the certificate signing discourse.
@dwizzzleMSFT
@Lenovo
Is it seriously about the standard user account by default? I hope this helps resolve the compatibility issues when using that kind of account, Windows UAC has always had those issues since it was introduced in Vista.
@dwizzzleMSFT
@Lenovo
so will this Smart App Control thing flag harmless files that are very much not malicious as "malicious" like SmartScreen does today?
@dwizzzleMSFT
@Lenovo
Microsoft’s terminology is somewhat confusing here as per usual: these “app” features AppSilo, SmartApp etc. do they apply to any EXE launched by the user? Or only to literal apps aka UWP apps from the App Store?
@dwizzzleMSFT
@never_unsealed
@Lenovo
People now will not worry much about being hacked by someone.
The dangers is from signed and “legitimate” apps and cloud services that will exfiltrate your data after you agree on their long terms and conditions.
@dwizzzleMSFT
@Lenovo
How do you install anything not in the Store, then? And no, installing per user doesn't count, programs belong in Program Files, not in some random folder in my user profile!