Looking for a guide/info on how to lock down Windows 7. It's a virtual machine (ESXi) that will act as my media center. It will have folders shared out that other PC's on my LAN will stream movies/videos from. And it will record OTA TV shows. Other than this, the PC will never be used for accessing the Internet, checking email, using Office or anything else. It'll be an important PC that I'd like to give 99% uptime for the next several years, even after OS updates stop being offered. For reasons not necessary in this post, I will let you know now not to bother suggesting Win8/10/other. Please ignore those suggestions and help me to lock down Win7 as much as possible without interfering with the shared (read-only) folders and ability to record OTA from my LAN connected HDHomeRun DVR device.
use applocker with strict rules , disable cmd powershell etc and after creating the user acc disable the admin acc. that will lock you out of using the admin acc or ever restore it, but pretty much that is what you asked. another possibility is to backport write filters from embedded os but you will need huge amount of memory as it cannot be freed but only with restarts.
@CZ Eddie: Start here. https://forums.mydigitallife.net/th...dows-10-related-updates-from-windows-7.64561/ And here https://forums.mydigitallife.net/threads/disable-remove-telemetry-and-tracking-service.68131/ Then, consider using the Simplix pack for updates, as they filter out the updates that aren't worth installing. You can find it here https://forums.mydigitallife.net/th...egrate-hotfixes-into-win7-distribution.45005/ Good luck.