For those concerned with security, Microsoft has had the Security Compliance Manager (SCM) for some time. This tool lets you take trusted secure baseline configurations from https://www.nist.gov/cyberframework, Microsoft, and others and make them into group policies that you can import into your environment. Generally speaking, using this tool to securely configure your environment is preferred rather than going off into the woods on your own. The reasons for this are:
- The guidelines are created by expert security entities and professionals.
- When you have trouble and have to get support, is it better to say we followed the SCM template for secure desktops or we did a bunch of tweaks to the registry and security settings and now it doesn't work. The list of baselines is pretty comprehensive (Windows 10 is in the works at the time of writing and is available at https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1511-threshold-2-final/.)
For more information about SCM and its implications on security profiles, consult Chapter 8, Windows 10 Security.