I'm an IT Manager and have recently ordered a laptop for myself that will be running Windows 10. I have Windows 10 on my home PC, and have for a while, but don't get on it as often as I should. Security, on Windows 10, is especially grey for me.
When the new unit arrives, I'd like to make sure it's locked down so the rest of my team can't access my box and/or my data.
Currently, for example, we backdoor into an end user's PC on our domain by simply typing \\ComputerName\C$. That opens a window that gives us access to that PCs "C" drive. Actually, and as you probably already know, we can use any of their drive letters, but "C" is most common. I want to make sure my team can't access the drives on my box this way.
Also, and maybe moving away from Windows 10, we all have individual folders for data storage on the file server. Mine is locked down, of course, but I know some on my team have administrative access to the servers. For them, they can probably still access my folder if they take ownership of it and/or elevate their permission in AD temporarily. I'd like to move this data from there, but I don't want to keep it on my laptop either. I'd go nuts if, for some reason, the unit was lost, stolen, etc. Any of you working corporate IT have ideas about where I can safely store data? The cloud maybe?
And on that note, if I build a new OU for my PC in AD and use policies to lock down my box so that only I can access it, they can still move my box from that group and, by putting it into another group, regain control once my policies update. Hmm, maybe I can lock down that OU so they can't edit items within it?
Some of this crossed the corporate line - I apologize if I'm breaking any rules here. At the heart of all of this, I really just want to know how to secure my Windows 10 laptop.