Security

5 years ago · e614bf2cec
parent 15ed7bd4c6
commit e614bf2cec
27 changed files with 323 additions and 0 deletions
--- a/Security/CabinetState.reg
+++ b/Security/CabinetState.reg
@ -0,0 +1,5 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState]
+"FullPath"=dword:00000001
+"FullPathAddress"=dword:00000001
--- a/Security/Clear
+++ b/Security/Clear
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
+"ClearPageFileAtShutdown"=dword:1
--- a/Security/Configure
+++ b/Security/Configure
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
+"TrustPolicy"=dword:1
--- a/Security/Deactivate
+++ b/Security/Deactivate
@ -0,0 +1,6 @@
+Windows Registry Editor Version 5.00
+
+; This decrease the security since it disabled the Protocol Behavior, but in some cases
+; it can help.
+[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
+"PreXPSP2ShellProtocolBehavior"=dword:1
--- a/Security/Disable
+++ b/Security/Disable
@ -0,0 +1,7 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
+"CompatibleRUPSecurity"=dword:0
+
+[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System]
+"CompatibleRUPSecurity"=dword:0
--- a/Security/Disable
+++ b/Security/Disable
--- a/devices.reg
+++ b/devices.reg
@ -0,0 +1,7 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices]
+"Deny_All"=dword:1
+
+[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\RemovableStorageDevices]
+"Deny_All"=dword:1
--- a/attachments.reg
+++ b/attachments.reg
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
+"SaveZoneInformation"=dword:1
--- a/Security/EFS/Disable
+++ b/Security/EFS/Disable
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Efs]
+"EfsConfiguration"=dword:1
--- a/Security/Enable
+++ b/Security/Enable
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI]
+"EnableSecureCredentialPrompting"=dword:1
--- a/Security/Force
+++ b/Security/Force
@ -0,0 +1,5 @@
+Windows Registry Editor Version 5.00
+
+; Force keep positive entries in DNS Cache for only 4 hours instead of the default 24 hours
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
+"MaxCacheTtl "=dword:00003840
--- a/Succeed.reg
+++ b/Succeed.reg
@ -0,0 +1,5 @@
+Windows Registry Editor Version 5.00
+
+;If an Administrator attempts a protected action - Silently Succeed
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
+"ConsentPromptBehaviorAdmin"=dword:00000000
--- a/Security/Internet
+++ b/Security/Internet
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
+"Friendly http errors"="yes"
--- a/Security/Internet
+++ b/Security/Internet
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]
+"NoJITSetup"=dword:1
--- a/Security/Internet
+++ b/Security/Internet
@ -0,0 +1,7 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer]
+"DisableImportExportFavorites"=dword:1
+
+[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]
+"DisableImportExportFavorites"=dword:1
--- a/Explorer/Internet
+++ b/Explorer/Internet
--- a/Security/Internet
+++ b/Security/Internet
@ -0,0 +1,7 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
+"HelpQualifiedRootDir"=hex(2):00,00
+
+[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System]
+"HelpQualifiedRootDir"=hex(2):00,00
--- a/Security/LAN/no
+++ b/Security/LAN/no
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
+"nolmhash"=dword:1
--- a/Security/MSI/Do
+++ b/Security/MSI/Do
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Installer]
+"DisableMedia"=dword:1
--- a/extensions.reg
+++ b/extensions.reg
@ -0,0 +1,7 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
+"[RSW:VALUELIST]"=""
+
+[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
+"[RSW:VALUELIST]"=""
--- a/Security/Restrict
+++ b/Security/Restrict
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
+"RestrictAnonymous"=dword:1
--- a/Security/Security
+++ b/Security/Security
@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Security Center]
+"SecurityCenterInDomain"=dword:1
--- a/Security/Security
+++ b/Security/Security
@ -0,0 +1,6 @@
+Windows Registry Editor Version 5.00
+
+; Warn on missing AV and if Firewall gets deactivated
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
+"FirewallOverride"=dword:1
+"AntiVirusOverride"=dword:1
--- a/Security/Telemetry/all-in-one.bat
+++ b/Security/Telemetry/all-in-one.bat
@ -0,0 +1,83 @@
+REM keeping win7 clean !!!! (change this file CleanWin7.txt extension to cmd and run)
+
+:: reg hacks -------------------------------------------
+REM disable downloaded w10 files
+reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\Gwx /f /v DisableGwx /t REG_DWORD /d 1
+REM disable upgrade requests
+reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v DisableOSUpgrade /t REG_DWORD /d 1
+
+:: services ---------------------------------------------
+sc config DiagTrack start= disabled
+net stop DiagTrack
+
+:: scheduled tasks reporting to Redmond -----------
+schtasks /Change /TN "\Microsoft\Windows\Application Experience\AitAgent" /DISABLE
+schtasks /Change /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /DISABLE
+schtasks /Change /TN "\Microsoft\Windows\Application Experience\ProgramDataUpdater" /DISABLE
+schtasks /Change /TN "\Microsoft\Windows\Autochk\Proxy" /DISABLE
+schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /DISABLE
+schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /DISABLE
+schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /DISABLE
+schtasks /Change /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /DISABLE
+schtasks /Change /TN "\Microsoft\Windows\Maintenance\WinSAT" /DISABLE
+REM schtasks /Change /TN "\Microsoft\Windows\Autochk\Media Center\*all*" /DISABLE
+REM schtasks /Change /TN "\Microsoft\Windows\Setup\gwx\launchtrayprocess" /DISABLE
+REM schtasks /Change /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig" /DISABLE
+REM schtasks /Change /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" /DISABLE
+REM schtasks /Change /TN "\Microsoft\Windows\Setup\gwx\refreshgwxcontent" /DISABLE
+schtasks /Change /TN "\Microsoft\Windows\Windows Error Reporting\QueueReporting" /DISABLE
+
+:: evil updates -----------------------------------------
+
+REM kb971033  License validation check
+start "title" /b /wait wusa.exe /kb:971033 /uninstall /quiet /norestart
+
+REM kb2876229 Skype 
+start "title" /b /wait wusa.exe /kb:2876229 /uninstall /quiet /norestart
+
+REM kb2952664 Compatibility update for upgrading Windows 7
+start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
+
+REM kb2976978 Compatibility update for Windows 8.1 and Windows 8
+start "title" /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart
+
+REM kb2977759 - W10 Diagnostics Compatibility telemetry
+start "title" /b /wait wusa.exe /kb:2977759 /uninstall /quiet /norestart
+
+REM kb2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
+start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart
+
+REM kb3012973 Upgrade to Windows 10 Pro
+start "title" /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart
+
+REM kb3021917 Update to Windows 7 SP1 for performance improvements
+start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
+
+REM kb3022345 Update for customer experience and diagnostic telemetry (replace with KB3068708)
+start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
+
+REM kb3035583 Update installs get windows 10 app in Windows 8.1 and Windows 7 SP1
+start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart
+
+REM kb3044374 - W8,8.1 Nagware for W10
+start "title" /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart
+
+REM kb3050265 - Windows Update service updated to accept upgrade to W10
+start "title" /b /wait wusa.exe /kb:3050265 /uninstall /quiet /norestart
+
+REM kb3065987 - update for Windows Update (v7 v2008)
+start "title" /b /wait wusa.exe /kb:3065987 /uninstall /quiet /norestart
+
+REM kb3068707 - Customer experience telemetry points
+start "title" /b /wait wusa.exe /kb:3068707 /uninstall /quiet /norestart
+
+REM kb3068708 (replaces KB3022345) Update for customer experience and diagnostic telemetry
+start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
+
+REM kb3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
+start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
+
+REM kb3080149 Update for customer experience and diagnostic telemetry 
+start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
+
+REM Remember to *hide* all these in Windows Update
--- a/Security/Telemetry/badupdateremover.bat
+++ b/Security/Telemetry/badupdateremover.bat
@ -0,0 +1,29 @@
+@echo off
+
+if %1. == . goto usage
+
+set UNINSTALLX=uninstall-%1-updates.cmd
+set HIDEX=hide-%1-updates.ps
+set BADUPDATES=
+
+echo %1
+if %1 == win7     set BADUPDATES=971033 2952664 2977759 2990214 3021917 3022345 3035583 3050265 3065987 3068708 3075249 3080149
+if %1 == win81    set BADUPDATES=2976978 3022345 3035583 3044374 3050267 3068708 3075249 3075853 3080149
+if %1 == w2008r2  set BADUPDATES=3022345 3050265 3065987 3068708 3080149
+if %1 == w2012r2  set BADUPDATES=3022345 3068708 3075853 3080140
+if not defined BADUPDATES goto usage
+
+echo %BADUPDATES%
+if exist %UNINSTALLX% del %UNINSTALLX%
+if exist %HIDEX%      del %HIDEX%
+for %%n in (%BADUPDATES%) do (
+	echo start /w wusa.exe /uninstall /kb:%%n /norestart                        >> %UNINSTALLX%
+	echo Hide-WUUpdate -Confirm:$false -HideStatus:$true -KBArticleID KB%%n     >> %HIDEX%
+)
+goto end
+
+:usage
+echo Okay, you didn't give the right parameter... it needs to be win7, win81, w2008r2 or w2012r2
+
+:end
+echo.
--- a/Security/Telemetry/telemetryremover.vbs
+++ b/Security/Telemetry/telemetryremover.vbs
@ -0,0 +1,30 @@
+Dim hideupdates(9)
+
+hideupdates(0) = "KB2952664"
+hideupdates(1) = "KB2990214"
+hideupdates(2) = "KB3021917"
+hideupdates(3) = "KB3035583"
+hideupdates(4) = "KB3068708"
+hideupdates(5) = "KB2977759"
+hideupdates(6) = "KB3075249"
+hideupdates(7) = "KB3080149"
+hideupdates(8) = "KB3050265"
+hideupdates(9) = "KB3022345"
+
+
+set updateSession = createObject("Microsoft.Update.Session")
+set updateSearcher = updateSession.CreateupdateSearcher()
+
+Set searchResult = updateSearcher.Search("IsInstalled=0 and Type='Software'")
+
+For i = 0 To searchResult.Updates.Count-1
+set update = searchResult.Updates.Item(i)
+For j = LBound(hideupdates) To UBound(hideupdates)
+'MsgBox hideupdates(j)
+if instr(1, update.Title, hideupdates(j), vbTextCompare) = 0 then
+  'Wscript.echo "No match found for " & hideupdates(j)
+else
+Wscript.echo "Hiding " & hideupdates(j)
+update.IsHidden = True
+end if
+Next
--- a/Security/Telemetry/wiper.bat
+++ b/Security/Telemetry/wiper.bat
@ -0,0 +1,75 @@
+ECHO OFF
+REM --- remember to invoke from ELEVATED command prompt!
+REM --- or start the batch with context menu "run as admin".
+SETLOCAL
+
+REM --- (as of 2015-08-26):
+REM  KB3012973 - Upgrade to Windows 10 Pro
+REM  KB3021917 - Update to Windows 7 SP1 for performance improvements
+REM  KB3035583 - GWX Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
+REM  KB2952664 - Compatibility update for upgrading Windows 7
+REM  KB2976978 - Compatibility update for Windows 8.1 and Windows 8
+REM  KB3022345 - Telemetry [Replaced by KB3068708]
+REM  KB3068708 - Update for customer experience and diagnostic telemetry
+REM  KB2990214 - Update that enables you to upgrade from Windows 7 to a later version of Windows
+REM  KB3075249 - Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
+REM  KB3080149 - Update for customer experience and diagnostic telemetry
+REM  KB3044374 - W8,8.1 Nagware for W10
+REM  KB2977759 - W10 Diagnostics Compatibility Telemetry
+REM  KB3050265 - Windwos Update services update to upgrade to W10
+REM  KB3068707 - Customer experience telemetry point. W7,8,8.1
+
+
+REM --- uninstall updates
+echo uninstalling updates ...
+start "title" /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:2977759 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:3050265 /uninstall /quiet /norestart
+echo  - done.
+start "title" /b /wait wusa.exe /kb:3068707 /uninstall /quiet /norestart
+echo  - done.
+
+timeout 10
+
+echo ... COMPLETED (please remember to REBOOT, and Hide the Following KB Updates)
+echo ...3012973
+echo ...3021917
+echo ...3035583
+echo ...2952664
+echo ...2976978
+echo ...3022345
+echo ...3068708
+echo ...2990214
+echo ...3075249
+echo ...3080149
+echo ...3044374
+echo ...2977759
+echo ...3050265
+echo ...3068707
+echo  - done.
+
+
+pause
+REM --- EOF