From e614bf2cecc0aa4a9b0dd3cff6f562857a3b11b6 Mon Sep 17 00:00:00 2001 From: Mikhael William Sasiang <46641376+mike2miky@users.noreply.github.com> Date: Mon, 4 Feb 2019 11:11:30 +0800 Subject: [PATCH] Security --- Security/CabinetState.reg | 5 ++ Security/Clear the Page File at shutdown.reg | 4 + .../Configure Windows script host shell.reg | 4 + .../Deactivate the secured shell modus.reg | 6 ++ Security/Disable Roaming security check.reg | 7 ++ Security/Disable WPAD.reg | Bin 0 -> 436 bytes ...Do not allow removable storage devices.reg | 7 ++ ...t safe zone information in attachments.reg | 4 + Security/EFS/Disable EFS encryption.reg | 4 + Security/Enable secured login.reg | 4 + ...itive entries in DNS Cache for 4 hours.reg | 5 ++ ... a protected action - Silently Succeed.reg | 5 ++ .../Disable unimportant error msgs.reg | 4 + ... automatically installations of addons.reg | 4 + ...t allow to import or export favourites.reg | 7 ++ ...nternet Explorer configuration example.reg | Bin 0 -> 102234 bytes .../Restict unsafe online help functions.reg | 7 ++ .../no lmhash on passwort change on LAN.reg | 4 + ...install anything from removable drives.reg | 4 + .../Only allow specific shell extensions.reg | 7 ++ Security/Restrict Anonymous User.reg | 4 + ...tivate Security Center for Domain PC's.reg | 4 + .../Configure the Security Center.reg | 6 ++ Security/Telemetry/all-in-one.bat | 83 ++++++++++++++++++ Security/Telemetry/badupdateremover.bat | 29 ++++++ Security/Telemetry/telemetryremover.vbs | 30 +++++++ Security/Telemetry/wiper.bat | 75 ++++++++++++++++ 27 files changed, 323 insertions(+) create mode 100644 Security/CabinetState.reg create mode 100644 Security/Clear the Page File at shutdown.reg create mode 100644 Security/Configure Windows script host shell.reg create mode 100644 Security/Deactivate the secured shell modus.reg create mode 100644 Security/Disable Roaming security check.reg create mode 100644 Security/Disable WPAD.reg create mode 100644 Security/Do not allow removable storage devices.reg create mode 100644 Security/Do not safe zone information in attachments.reg create mode 100644 Security/EFS/Disable EFS encryption.reg create mode 100644 Security/Enable secured login.reg create mode 100644 Security/Force keep positive entries in DNS Cache for 4 hours.reg create mode 100644 Security/If an Administrator attempts a protected action - Silently Succeed.reg create mode 100644 Security/Internet Explorer/Disable unimportant error msgs.reg create mode 100644 Security/Internet Explorer/Do not allow automatically installations of addons.reg create mode 100644 Security/Internet Explorer/Do not allow to import or export favourites.reg create mode 100644 Security/Internet Explorer/Internet Explorer configuration example.reg create mode 100644 Security/Internet Explorer/Restict unsafe online help functions.reg create mode 100644 Security/LAN/no lmhash on passwort change on LAN.reg create mode 100644 Security/MSI/Do not allow the Windows Installer to install anything from removable drives.reg create mode 100644 Security/Only allow specific shell extensions.reg create mode 100644 Security/Restrict Anonymous User.reg create mode 100644 Security/Security Center/Activate Security Center for Domain PC's.reg create mode 100644 Security/Security Center/Configure the Security Center.reg create mode 100644 Security/Telemetry/all-in-one.bat create mode 100644 Security/Telemetry/badupdateremover.bat create mode 100644 Security/Telemetry/telemetryremover.vbs create mode 100644 Security/Telemetry/wiper.bat diff --git a/Security/CabinetState.reg b/Security/CabinetState.reg new file mode 100644 index 0000000..fe14463 --- /dev/null +++ b/Security/CabinetState.reg @@ -0,0 +1,5 @@ +Windows Registry Editor Version 5.00 + +[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState] +"FullPath"=dword:00000001 +"FullPathAddress"=dword:00000001 diff --git a/Security/Clear the Page File at shutdown.reg b/Security/Clear the Page File at shutdown.reg new file mode 100644 index 0000000..59b57ba --- /dev/null +++ b/Security/Clear the Page File at shutdown.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] +"ClearPageFileAtShutdown"=dword:1 diff --git a/Security/Configure Windows script host shell.reg b/Security/Configure Windows script host shell.reg new file mode 100644 index 0000000..fb5f66c --- /dev/null +++ b/Security/Configure Windows script host shell.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings] +"TrustPolicy"=dword:1 diff --git a/Security/Deactivate the secured shell modus.reg b/Security/Deactivate the secured shell modus.reg new file mode 100644 index 0000000..dace540 --- /dev/null +++ b/Security/Deactivate the secured shell modus.reg @@ -0,0 +1,6 @@ +Windows Registry Editor Version 5.00 + +; This decrease the security since it disabled the Protocol Behavior, but in some cases +; it can help. +[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] +"PreXPSP2ShellProtocolBehavior"=dword:1 diff --git a/Security/Disable Roaming security check.reg b/Security/Disable Roaming security check.reg new file mode 100644 index 0000000..0de6f78 --- /dev/null +++ b/Security/Disable Roaming security check.reg @@ -0,0 +1,7 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] +"CompatibleRUPSecurity"=dword:0 + +[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System] +"CompatibleRUPSecurity"=dword:0 diff --git a/Security/Disable WPAD.reg b/Security/Disable WPAD.reg new file mode 100644 index 0000000000000000000000000000000000000000..46ce019b40e5c5afe0734e91c3719f4faeeaa6a6 GIT binary patch literal 436 zcmY+AT}#725Jk_k;D0E6kFb+VK>Pvf3dr=%D7AHV57h`c4iz?il;5ldxgzxO>8;c+Zp2 x^ED7BG1HMdWZRlPyL9Dxe5w}y>2K}@Z%zz56}rmf#LQm_^E3AC`hU8ydjZz8NE`qF literal 0 HcmV?d00001 diff --git a/Security/Do not allow removable storage devices.reg b/Security/Do not allow removable storage devices.reg new file mode 100644 index 0000000..485b4b0 --- /dev/null +++ b/Security/Do not allow removable storage devices.reg @@ -0,0 +1,7 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices] +"Deny_All"=dword:1 + +[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\RemovableStorageDevices] +"Deny_All"=dword:1 diff --git a/Security/Do not safe zone information in attachments.reg b/Security/Do not safe zone information in attachments.reg new file mode 100644 index 0000000..19c2df2 --- /dev/null +++ b/Security/Do not safe zone information in attachments.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments] +"SaveZoneInformation"=dword:1 diff --git a/Security/EFS/Disable EFS encryption.reg b/Security/EFS/Disable EFS encryption.reg new file mode 100644 index 0000000..9671f03 --- /dev/null +++ b/Security/EFS/Disable EFS encryption.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Efs] +"EfsConfiguration"=dword:1 diff --git a/Security/Enable secured login.reg b/Security/Enable secured login.reg new file mode 100644 index 0000000..56ed5c9 --- /dev/null +++ b/Security/Enable secured login.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI] +"EnableSecureCredentialPrompting"=dword:1 diff --git a/Security/Force keep positive entries in DNS Cache for 4 hours.reg b/Security/Force keep positive entries in DNS Cache for 4 hours.reg new file mode 100644 index 0000000..a035509 --- /dev/null +++ b/Security/Force keep positive entries in DNS Cache for 4 hours.reg @@ -0,0 +1,5 @@ +Windows Registry Editor Version 5.00 + +; Force keep positive entries in DNS Cache for only 4 hours instead of the default 24 hours +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters] +"MaxCacheTtl "=dword:00003840 diff --git a/Security/If an Administrator attempts a protected action - Silently Succeed.reg b/Security/If an Administrator attempts a protected action - Silently Succeed.reg new file mode 100644 index 0000000..15af8aa --- /dev/null +++ b/Security/If an Administrator attempts a protected action - Silently Succeed.reg @@ -0,0 +1,5 @@ +Windows Registry Editor Version 5.00 + +;If an Administrator attempts a protected action - Silently Succeed +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] +"ConsentPromptBehaviorAdmin"=dword:00000000 diff --git a/Security/Internet Explorer/Disable unimportant error msgs.reg b/Security/Internet Explorer/Disable unimportant error msgs.reg new file mode 100644 index 0000000..c3e6d3e --- /dev/null +++ b/Security/Internet Explorer/Disable unimportant error msgs.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] +"Friendly http errors"="yes" diff --git a/Security/Internet Explorer/Do not allow automatically installations of addons.reg b/Security/Internet Explorer/Do not allow automatically installations of addons.reg new file mode 100644 index 0000000..4a6425a --- /dev/null +++ b/Security/Internet Explorer/Do not allow automatically installations of addons.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions] +"NoJITSetup"=dword:1 diff --git a/Security/Internet Explorer/Do not allow to import or export favourites.reg b/Security/Internet Explorer/Do not allow to import or export favourites.reg new file mode 100644 index 0000000..5da45fc --- /dev/null +++ b/Security/Internet Explorer/Do not allow to import or export favourites.reg @@ -0,0 +1,7 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer] +"DisableImportExportFavorites"=dword:1 + +[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer] +"DisableImportExportFavorites"=dword:1 diff --git a/Security/Internet Explorer/Internet Explorer configuration example.reg b/Security/Internet Explorer/Internet Explorer configuration example.reg new file mode 100644 index 0000000000000000000000000000000000000000..659e52148dd21be026072f983dea0a38b9dd12ed GIT binary patch literal 102234 zcmeI5X>%J#mag&nM%@3v;N0nOM~D*l#SxAkZn8Bk$!d|Z+cUhO-~!5OQ4~j{ENMKx zKmE?UPrf+JDxeA|PzwMF!5~nmB`fpndGef-|NZ}eZar_Ew@zBGT5nsIt(n&2R=f2~ z=Pp}Ut=FyhI*&-Lq-e$TXi()HK6`dq)y^?RjtyEU)B|K0ju>HptbKeYa;XMSlt zZEd%nsJ+Mf^{}soH$oI#g?Ioq3=Zk9GV?ZTs3m>z>|lmEL!* z&#Tmzcdd)oneO1J*RB7X-Z`uGUZ$3=T05z)zox5<>{)BJ^_@oWHa&CF`Zo2J9{X>h z)54Cfzt#P;eW?4N=0E0|zjyR& zPQO=m@0PAD>3df&T1i*_P-~-s(?M%faJxwG{Y|hr>A(``o?m10@*1AMC+N`cZ5^$r zF|X^_dTTL_d0BAS($S`_ZV481`n{G$%stz>Yg1$2)G=fJt_42c3HB?x@0Osms?RmS znd4)9E~n20_3M_NJJRPu`rOc)Z|SV>;n{-(!5Q^`Aw7ST+B(r2X>m!P^PTf;9sBA^ zx_YX&+)@u{k#XEopVrbnK?A?1zJukvx^Gp#=Jd(0&CaNo^c=zmLp3xeC6 z#sm&c;oyMr!`qA(n5^k8ps=7mfOW?Ip%gx!Fm|Z68FiV$4?DO6;~q=9Gxkiw8;KGY z(ilwx#|iJt9WH>QPStLVdR|b1rHGSXKSeA5d zL%pBV(W1_I)L;>51_he0k=%=F0m@$%gy8R09evoS*Y%!TY8RZGB;4jv8?(o$=c@_J zZS{dsGrIL84b9i!g7E@1qz?BW4d7__=j0mKn`y-8CtwE+FDKl`sA+pnEigW?zN_{a zDYOlT!{bQG4;%G-8q<2>)WtNWJnEx_)1`EWC4P*EQPXcA#dr_Xla_vmX}n9RMMGvo z@CgcsN5R%+8Ve(YevxpDe<#6$QA5#OT}j^_@w{MgSAF8y4;%Gb>bu8hnU+VrlCI5b ze9$no3Y~#RFb;iko-^i?bt!5#HF+FZks{aeb6V1Mh$_#*s&j6#?}#Mr%0U$f!BLo_Kk^0|8)in4q-O z880@$YC1FD!8IfQyw+x~6}2m?rrUrhv0C5M%|uiq~<9&GDF9bJ@cqoc(2 z%V~_3fk$cV^9lQ>>8dq2+|1}l1A#Z{{VP%0t2BZ$^$`ff7;R@_Rbpe7?=m!ORliSg z7@a-5m26?=Jj^3@HI_HB{i|?xU%c`}xH?H!!Ctc&#S_7R_Dmlqt^1vs1=e@779MC` z6A*OIjzmFc`oGf5?19=lQSY0zwW;xeH|9yu<+1v6s8(L3^UV5=b{&_%hy_C zP+LE!f6p|g?h#=L7XK`bi>(1=MpmStkOSSV(Gt3lImfAB*xTA8VW%xD!AWn_Zttx1 zweUf^v+6ChccHt!ZQaq|b3J*iXQ3Z@bX&C0J?FlisNkjUz9*hw&U;7yOM(@)FWQ6o zF4`5X9&K6@Kv(pvEvV;rywh9gk;g)-MT#za6NZCw|F)WAe-u)5kn}kal;A78BZs0= zj)O;bbOyewGx8~XO?gl6~{(qiBQysSvhYgg+75LrM*w2#8{aMgBl8j-j=!Vb-%{1rujTk>9n)aRk zPlVmAg0)jU=HSsIjU5YPd`Av;&?#3M72a1YBKu7Pue-^Pu?+fA$L8bLdg4vTg01(i zj><2L{DcRwcEH_M8fA>A>RNG>P3^P0YW26&Ht%?xpx2+L!{@dq?F_7oy70MpCR=wu z=@?DAmFzQQ&iMd&5#EmB+5|GDVcx*AZ}fdN;9VZaC^(fK(m!bQP3rAsBg!3w)6r5Y zBZB+RG-rC0Xtu56pw}m|it)s-nsUGOH;ucAl|H%=m9^oFR)qGGeO_KmiqUcRrR>hv z!s$iAY|#3w){S22Ok3w!lNsG?vDt_YG!9le;3to66dW>qUk}u0uklT0uMax2mXP)y z#lKvyJAEUs)1Ng9T1-9^EG$+{vUe2^X?R*=4T*c0^Tc`kWc}=_pcUu6wiM@CS?N74 zw&OlzuUPbk6)qo_dvNofEfq#+k6iD&mWBCvuf2@EC--lq0E6Wc{D6?}4nH1em?6gb z#Zv2dETaeZTKoQdeo@!so+7UB+Q<3s{_z_w8x5zu66L*-m4UyD_383zdPukjl3wp5 z-LU@uGx3^d=;xAdF*8PP*vDYq8!M(BZ}%soot1U)T$Fg#@k`V{vEG5vta`zlo7`z1 zQ2m{whC95D4X`KpKTC5ld>Unc>qEg5|7_9sV#~bBYlhF|NdN1iw)RMAs^8cSWC>s; zwxt{KA)`Bk&QA0T&;D-0@~mhhe&3cXSn1H(s5qqhqDj+x_R3G5-rsKU(LtIBQc-!M~3MJxn{f2h0oMv5O&QqodQx-)pSQ zq|nV?>tH?+w6N8=0$i}u%f71d_0xPW3V3oo3jF5KGoHwMedwC?3ABKvCNl#(^zd`P zr--m=%g67h(6C365${DuRZlGn%J3lX%Fzc<9Pf%q!G5%RsAv7IX6pf2>iDSY*=qlP z^^-fTze}saA)$5dr`|J@>(_5u^Sgf*Cf*8SL=iQ`P4uO=h30rFj=$K4K{$(d$9HcZ zhQS}L^tSLJxGavP+|Dp~Ew=LEIPQ*F#ruZ@!N-dQGd!hyoEA65;fKj{f>#J%^{J?l z-pq;v%W~p7#beA0TkjILA{qEij7?E8?C9CJ&yv7*U6v$4@vd$e;QL>9S`8VHTZQ9& z4?WEB#J*!gYm=Vj`Gl^Te-`Ll@~8OBW=dpTb(f*VKD`ru9v-Wo9JB?o00P z%Nsyjqw^>Ipb?yD98cvJ14D08bTr<*umIqv&mG;uimGMLzF>(C9k<>b$b!i}!ss1V zD>|OYab`yN%(0rFEVMjP=4h`b96Bnv@2j6DBb*O_d-vf$RERb!uHKFYD)?0FO?@u? z45z=mrpQ^@Lwl)@5o^^vt_F+vg{&#Z{){hGc>J$L+1ZXo=h&9TzZo)YR(9;7@-FU+ zI|gZ@(an0%O<=TlL}Y~I6@cLDQBvLDJ{}|;8uJSH2hWVxh@n=-8a^6pV`gN`tifUU z{dkV3o>#(L)2GHCE(_N)l_qfUYA94rh7l{0K#6F)=1>~c#`wc*aVVHQ7IavBem(?@ zx}O<;m@Ewi6KLSIbU!|;;V7s4)cC_?c__I2Rg{AN#;58agaHWr;CUJH2bjHt9fhV569uGW>zuI1V2_Rh^J(Hv+|h^ znuAq6H~z30&U*e{8V)P*W#UCve49ciKj~-2A2P$)&*Wjvw7wVT5o^QxS##L<*+&&m zk3W=#v!szKSV;Hv{bmRVJxX4@?kC3|I>Xu14@E=p7HcTONuKVf#vd}nS=JBJ+-o>* zPxmw950l|6>s?XFg=9@z6oUoXT;5baIsWh&&boe-tR6h9&cllOK#nKFPI@8O4Wq+` zYjND+Ih^Kau0pgO87FvPhn=nLC&@;9UOY=3Dd)h2tQ&ub4L574vY~$w9PGa)^KBU4 zN%PjmACBdjP5-rxJyF~xBo3 z6DiBQDeQ)U-Ei}vdy@1o#G&vg-l<1ALK8Q)Qu?>aUtTkR5_O z=USGGu!*m$`pNN!&u}xW2a40hRzrpjXQ}l*H~z30ZgxdwA^b6h4N~i-R_)++#vOLU zX~yYH>OhgY!>s;HA$Fj=fhokw)t<}oj@{9L2g)-U24YpKH%&BQ)pO%6uZGitQ|>!Z z?*A~f^ff??YCz=w6zjknMx&h#zK(zC;BzwidLZlERq-bY!nxPT zW~#qaN0*wj98obGe+;z(sXVc$Z|ja#`}e4vxY1s!`rQf=s6?d7Y`sh3B4`Gco(FfANhdlKL^nqEadqQ#s~D zf8{DNP;IeF3G!!Fv&-I=7c1IcRO_zjOkIEKofIq7RJA>6^6k?}ieAn*X#J}^Mbw6f z9Lp)M4Ca+?m}Mxko=4n5@CM$?^OSwSS}T4z;;F7CRP&COGKYsU{iT+#*KDZ;ZT}4U zY>xBKl}Q(rKT9U0Ij^)EC6-YzZ=(;+uS)d@Zsz@v^dl zn==u!?)X;GhDi29jTy;~?l?-H>^XwIK-M4YE+1QKprxqYfxVlfs{GdaH+dh0rPP*p zP4M0eSY35*f{&xZ@SyrAQKg|+Pl>ua<6d1QW0ERERr^QfJNCs*8H+B1nA8o(_31MMiw zoLxrPV}>0?kX!84!u)1K(u3W>w#9?&hsCUjTAu7}!cH!KT+0>joKVgfy{EQqvECL< zl3N<`+ILecG^md(_-|F$;GmOFYH9RRx*;lt5ufvoT4C=KDj<}7ZpfM$y{~L9&vf1& z7IVCxHD7eivG}DwuPlvFf-{yf?e|g}*z`VU-sO!Qyo|5Af)m(e9}Z@w>F# zvP%s6yKM=V>^ZYlfz4|CMCSQr!ojv8`NaK{Bd@cKHDqV7JO_f~iwj82LMz?fn zf@5Sq`z?WI_8r?64)K72W8@1yG4g2(*hvjOWB) z6UWX}>3g&UwS36Zd?n4n4Dow?UnLzwz4?gGoz+{}A+&6NR6pzY9rsXFQT9%jO)!{i zrxwCwT6=>r%Px5E9Qz&GN9J9a(7x;d$qv5oFSb2#o?VNov-^h~3k6+$Fw(PYpdhmTbI{y>1m+mpM|IQoP zZ&bP-wSC*KZ_GmT43SlH>Js9En9N?stlG5)@wx7G?5gm!j>bnhh(_x1&~HRUMX)Qv ziENZr;cZ3r2_rwob;sBt9ItZxd(AdJ|Iqp0WoxiEukBp?C3Er?;0MLNWw!y=xv+wc zb#$zw6}@j&cd)j0q9@s(dqY?LX#H2RS6rLW^=q+ge$c(tSb!UdNdGBOoa^yZEiy(} zWf^sQLblbCE5JV2d=gp3{F++WoM$h~>_y?)w(Kf%;-2o$w$MLI#(4MifCb-k`uAV| zqqr-+*@Jd`<~u^-0sd}w=ib%*SkCNs zi+3$+V%8606&Jam_oe{Cy|TXk40|Zxzt1~-4BJBS{=B~iXYIFHuIOuVM~ve0y~or` zt?zyB{msvm`&xcS9aQppkB#-7A|BYyw|Ngf-JRvJeR-UAEP1*n>2xBFVNN<~DgI9_ z%g4>cwQw|h%GCBOi?azgqv1E=Ug%5Sa+8_0YSUsc; z`k`bQ&wmOl*Ouygy_@;*sqEu-$+F$n{H1s;4d2ZCZR%}k~9mnogg zR%*6tKi2uFb)2)*9e+@_&UQ0j(;!YJh68I7`MWW4=|8oO?I9c+GwWo$s~E zW<|l}88)7d$@d<7EIC`(&c~3y>@;#q{~yOQRHTSrJk#ILy(^4k;(F!pj@DhMZs_O& z$A^udZ=ZNJbd2{0U{{m2JhxPFyp(T&+G=OI=~9qnNyu#*UT{&>&V(MPrRa!6G#Svhzq7!%b=yoICr0*kC1IBJB|W^5AnbH(fB zNJQqBM2@gJvnKiO73yVq%ZM>vm7k0l{3Tt-GgckJj8@>!vhSgw2rR31_VazLdULeg zdE$5Va9eL8s(eAcAzE@r*WFw8f8NklR?P9@GYiJUN6Zud^bT(xYv+Ud81d%6YkaF} zpVfGt$4f{w6qXwhAcn@-g!njlH!J!06ImBvb%1y&VsQq&(Q(?dX$6O8$VFt8!83T` zJc;EYBG0Q5jsa#B>#p7c?(XVt$8Pc5?!Y&WIy$zOYKa^}TDtD&_({WZ{|*$fgk*dv zej-A}`)fy>R7iy!8$BrYHd|4V^=Ceb*y=&g<8k>vlG8+g{i6T-I=U^2xTk&&YP%fA zRTaPBJj8O3s-L1Cy;TJ{Ti&CbGdt?w7&GtK9P2(ehi7jrGEYJ zc82L0HNB|+PtRC&C#&sVvfZ#^&UKaiguDv>X>i^Is(H8O(eHYr8vV!;;a#_n>i?Zj1R;tc0 zGoYpdvr*Q@@LiF!x|&*COP}Q&*-_9WbGGaum=z|_rI9^L?c%(LC7E<>&9dLfukcJq zuak{3D;~2&U<-hKevk*~JnA&Er#tsz$)fRqZuc{pTAu2O3q3*HYg^vyyLz(S`VYO6 znQ>(15g*Gh?s%ln*ZL-Z9RGml&XLpS@sJ1?8G~NBe)8e&IT1SI3 zvR?Y=rU64D%T?;h`aK?fSl+!-^-{gWmcedd=7&r@O1&pj`nKMFr7JPIJ+(??U-#&r zrk!-MP4qOu>uHiMSh4QKxki^;0%LCz#Mv|DOn6}L=6-kXsU`6AMm=^ux$iF1LwKp4 zrmPL(XPeyXw?i?*zQs?H<7V_(t4EXRpc|{;=1SE2 zZR?Kys5N<8xFWW*n5A=Dzo{dCM;@uSdKY7Spd?=W!hPDfS^hjTB`j^K2^tsXz&tGcUqz-^YZL>H62goG@Pt0*Usc)SDY7d1+F!n3h& zB{Qha&@GYrok7F(-d|h;s5{PjvF?s0=kYjI^RX&JK0IH<>7a7VMYkbL*VyZE4puzt|t-oO|cI#>!sySlDLI~~ub z@e`TR?YDNN$L>*B6W-If7z>_+vn0=;RQMOI(zG5%)yRVC-In!il^-77xh3hv=aSwT zzW2f7L26S0=4N>4eY&c5^NByaCV*~l(mSm33qcfHW=0r16D((hOZ%C7`IRhH^s@JU z02}b?jIiO@`zj6mP*^+G$k74p6x~kRI^N1V>gh3PyKKD`ZMSaA4g9*_Wo^AH=p%2D z+18AFV-rF{*ig9@P?M=32Gj6SF4D2gM+KE z21R1Eye)Y`@q=TV4XXSS@Ws}~y9bq@sV6hZ+Qg!n(b=Gj(4%F#*%N(ZaZ$O$bcY?q zekc9LA8#&V2>wFvzA9Mfj0C9S39lM|$cq`>6BhkUhho7Pwrx~3YDzWupy9XQA2E* z5Aj>V5if=Bm=PlBdf`%p2hcyp~+_4Iz?0&_~(7#r!$%&X}g_EVGI9Vcw%*|~8` zMAJ#q@9%~Au!&6-d%`K)8ngcXR2+IM?DlT!ey~*b4wlFYQOru4u`m@GF zh8;2oIviB%C;C{FQMLe(iBuYc)6j!Z3ce2Z((Ltdu+BoYqmy(W?*>X&k}XJXq)WFq zV({p@bwzQW@UdqJ)n2YT`#xLVb$1MV{y5octlWonA9EJl``vR0+jfx`oqJE+qq0Y@ z++vnAKPTKGQO`RzQ251~TG2mB2SFuS8e^4Lt%8=bxN~n~j8$i%r=jtX>d@A&A-r+?GW2&&3yz&F`^2}bE=OmmwVsPR5DYA8Ja=%9jDL1 zH3VZ!A0nISaqsh0(wPd0z{$&Z>{R?I9^nr;+Xo^`MAtEaeh_0As^>9%k6MamJ+6O zqFdt0YRWgw=h0;Q$MYseRWCO~?}nwu$}tk#kSkiWyytVT4?PfO7zNP_;OtP^)ice! zIy<_xpeDT|W*KkBM)F>+Y8h<}V#3$@9k4&T`Q_>U3OV3hfuV*_S$A3$77g^owop+5Z zMS(M-&h85G#GJ7TM=Tmvx3ko#SU^-78LD84SUn=qR%N?TNoGrUX0*i`Z8yQ$p7alu zC1b}`W-gx^OT_kJDTJ4OoUybmr~~;W!J5ii@D6c^@KeM~f+ec>z-_MNNF4&ZqOR@XR4>wf(^5Qp!ID)!TA-){1BJeGIs zXW0w8vgcSae4uOh(>?ce<>9qd-jprHEdH^iE-RI{HF{Tbt=7QQx0sh!Ge`eJFr&uh z+Xm0k`g(e9wA?uyB<~Aa+k)GDL6AyYKWKjUQ1E=JGhF$rco#@#h~j%I)^Z*MQ7okJ zC48BXaaDL$Rc+nn*w=dKQoEQaf``{|?r#%%em`3H73b}j;=R1a9FqDconuWpdzEJs zm(Ivu#OsRZv$*c#l^*k&Ju`Updt+I>?wRW?74v?)e#GQJfkA(!kiax`4OkCk7J8^Z=A!tO`pv^P)!Ip-!tS zyk38(?=h>A)^W319fsFWr8Q2ZBk4U}o$}gV6S!e1hWD~bn@wR$#GNGzo_{iaJj%=K zo;$*a*e@_%=BA~Nmjg)SA%U}iH&r7z=Dhi99O>4PjreYf@4&}QZo$-8;w>T2CBdsOP>mT=htJK z6q=~+eUVy-rpM|a2FlvH-n$mEripAKb8dB_aSW6eueoX%IED0V2B**qlgbOgDepKv z44j6eCvp`hS!MvIyle6lP79hlRLRx@ab47HolV(3pGH2db?mXpR`PY0*Tmru;VZ$eLBn;a*%X$mLLj?ij#a-4Pfo4{!}`84@_$9m5cPJ`)b zS+q8VQxiCSj(N-E^Brs5pPruB1#7bBEjN?mUz=5MGaGX_C{4bv;B#=?q|EF>N{{=@ ziY(=-nYv}?r1pO5-z%*4fyR_-RnThI?qpTnY_6i;S9IDHPk z%B0X!*59Fh#!Y9D8(sXH1pn~LMC+`&-cNN_S!dP5iTs{VKYN%ISzHgNn|e2fnPm~L z-ku2WMn5=x4tkm#omJ;mB-{Ga^WEgbi7ekw52s0yPkGIDY6H2Bk8AO}(jOIh$Z2^k zn}+PosthLhk-XoW338y7{Aw~q+)S$|Ju%*T^4 zYZEPF>U#fqWK7Po9CsO052vp|#*kn5Mzs>y#ch5ifn9WBfnV zj%QbOW=Wi*J`P#b=c*;a9$eIEJyY#?>(0ouCl<%`1%Y4x9C&tg8=ZHl4Bzf*hSY3g ze8|ojWp0yi`al@J(d)xmxLG@k- zR(U_B-hNQ~ib{{(^#WV~|L@f^R<7t{_s$H*L*Rg&DaRKFcLn*MR85G?7%DfsN_hA+ z;RYOx6E1#IU%y;Tj0dDGl_wXL5A%~1>FwR8y*ooeBOFjsDYs)Fo|*k9L1J&W0n&H(1Io6BCq z9_JBEHE?YkYFl_D zqk!@w!G%fkr;M|rC1s2W|?-?i9kNr6)IIt}3ev(~v zv*)Pg*Q5>!HIlqX0X4o|eZ~<))LD8e4yHO#vEp)Ycae6eV8b5a)R>Ao(Nu+Y4I0<{ z8U5aDtV&Y{7MaApWB$!K&o(k<%UEav$vPqsyl0eYxV*0`^Db!^7a1q#_04yxtH(dwWDS+6$u%a$21Bnp{ideY1VUI(L?r4 z-jTmyMb-p6B~mG$dfz+xU(nHl{&satLr_H#O`aVEMY9jF=P6;=kGdCSUjKV( zK8#h4wR@3d0dw74SNb)rtg#HLdpNrJMiK7)Mr)$*NC4UV>EmmH4R|7JlxxaGpmH+UFxZT48(3}5$U zTEApx0iK=Hjsol}@IyMgDd~2hc6t6VoqqAiimYVk*BlRb zpxW8^*VrG-ltvAC`xmepv9FMwwD&P#a$7CalUU_`s6IpmdFY=$!S#6W(M7Bo?`frH zU*GJPe*gN(`aOUAhTEb!yiB*%PH(H$2zMka>@@{8R1{}F_ujkbI&IA*4u_u6Ddmw2 zFN?F(dLo#huV}aE>Flo3%R2w6{;5?CC(Y{a{RESKUf0pZ29za#Gm7&r^L3itD{?PH zwXcK$W;ZVfXo!&1ZxfxLCNG}%7-()4u&b2U%~{uIW=YJZxj>mahwJgXL=$uRY^S*n zGjYj6?-7kteIfV7XOd#)#mhV8%F;`+{#I97!n(^#P9x^YY(jXESDZHw) zKDVv&>~v*$ysG&TGpZf^FY1%Ik~t;TM}pIfJU3|FEoi8_4Q2}LKFV6gpf+Ncirzgy zy1Cr@N$?rFAJA8?hd>KO2@&gPM69zG!d@1K`sO(Az~NnO%k}tYrD@o8gf$~eepZrb zANm^n#zozEOaJWcv7X*LpY{akx648q>*z)F4{M<8OI_4E{q3Dm+UnJGjh1Bpv86<> z%<-Yh9Z@Q@YMNaXl&~D;MXP9f_S=M3*@2Dyz7}?jUW5Sd(!a@oUog)x!7fJQxMtK-?EO@^v~`Wt0kDQLW&K+KK5n%VL#E(uR04~ z2IoJ~Oai+B$?~htqqiN;hu!Xdwu${h`?5mEj1jw`eg*rEdXVYhj*idO_b0Mc{?hsn zX&89uz25hGTBF6UO}q4towhFvQVH6J=PooF;?nBq{xsd?{S;;V@ zwRq&yGrb|=@ZMkRkLddw_3DnGjb*`V5x=^nUB3F4#H~ONO^U9*r{}&)w9Kk(?CFL@ z#|~jwsaTWsJ$DO`?nu#%aFy*cg7hfj@avEswtWJEWe%)@r{#D+F}};t z{F=D@<57Q^%c=3hocwJ`{t~-`#|*g}9)m%4aM;q(9(!wFNQ2RacS^3)fu@c8yd#G0 zNw1(m-_`0)KQ~GrS+*7OOb03byR7sT*+$H3mXj4Yr{7qCwi(%h*&e7x>1I}kmvlJ^zFYKbP(;i|* zFuXlJSvM=<`ZZbA$N@Yab4hA2 z&t#6tuBrG+m`fq`<}{~d4#g}BS;9`=D>_%)m)&b1)$^$bX`b;=zE>jTk7Vm3J>EBx z4@FBJE8g_nZ%$Q|PBAa3no||!O3^AJgX^Vq$(4FYG|`oQGvA`mFC=~N)G#;ulX{co z;FiuYCuDwtE+XO&ZoAME#UA~$;5M&y9cEq+)drIDJHh;))GEF#yy(22xgdLxl3POz zFM5rc(Sk7Xr|Ws%L%sE-AW9FpN}sG>S@EI8?-Ku>rM`weG|uxrJQ*w3l+o03LvOPJ z0R7=pk6B*#dCwpXhjHUce2=X9;Hx0EgFV|fI!E{~*%=d_+!o()bxX(W{LZQpJG`R* z`EI7ee@S!|7LR?K^_KDb!rd9Vakj_@e-YIJ^(#?c{mkP}qDoeYUh1w_qRl@EW2}05 z_Rr|CWLOaknhiUz$V)e|8)J>M`dLHZY3pCbpJZ58dwYu3>TO90XA3dv3>&P_Y}3wZ zyr=0Z>%xCY{7a?F{xEu@d(U(avLN8_rFnXYyGN?U_?mKj8S2!_-B-s?tWGTc`#T8ca0I_w>J8fXK#mb@I`!~JOzG*){4v-__35)5u_?%T% z>>$Hne6U;JM=Eh|%c^EZepmlk-yCmBpJS1;p0k;B{(`Qv!oj?q=ug&)So>kNzpGY) zf+8*?y!&7-R{5OMgk{g3=K0erd+XB0w8WG&hIYuSYNs_lzxN=mq|RtIP<*$K(UQD%S)a>#iao%|#qv9r(izqTxXPWZ=JF0! zDzU{m&-;9SG2KZ#G=p}@V=gooqczd z`faLOOYIa#TR!G3#8O53<*OMpxqrT+4rb&8FWT0c|OBvy#nvdN8@@awVC_pJ5D=&qAg=>G2Q2$9VVPcUS&6S zPSTyGp5RkP65K}5nAz}|@yjYETwkOsj*X4nzvIrxz?UVKpFB-1I^%ObwL&~RZ)My^ z2~+q^p(J2w&R9)%G7AF(jP@wuI^e`x+)l_p?({J;nUJQre}}2X_0%GD1Q-)zHAe8c z#OPU>q#w}0Nus}vbY?B}BjmPQ0DdQ_O^>;qj@Q$(L?SXOdbW|qe3Z_Z>qlAt1&b$V zAxE62>$qeq#c>Qdu5eT1N9VIPjQv#f!jz+O(SP+3GNa3NVBGkPY^%h$iTOX**zn~L zyU47M6>5&L@Entf^=FF={RQQ~Up@|))wSd2%#W64+3P~x1^oHM3b8hiC0gu5ywenf zOtR$TJKl>&4KG0NbMemk>w9gh%yf>yqUT0v5b zKC^vKaEiK3vuXb5RSBX@9JB0r7F)01XbgYW>bLcQHBv~&tmC_No&8(T^+_j6?Ktri zIB8lRBqS7aiU{Mj{{B<{#JLdX77>B{CCw<~tAO)Csqe*pXW0|8!+p_Qb)4#g;7B|b zS}0e)VO_WG8RCt}NSoIa%p1VSXy%QE!Xr`IjyP(RvqLo2nJ8$qy(s!A(I`a9qfK+a zW*f>I+fv8L(pb>*$QW!ATS!&%W>#}nYN<7=kQBb#A9epf)IPfZvPCU6}EKkp~% zVP1M7>koV7t!Sd?`I(h;zSQ*xiVk5N5Z{<Ei zRxEg*?`W#W`?XrOW1GZ*NBqh|_2Q9a`Y_pUqtijLGK$8|6>ErI#7Y9D{pl=59oVpq zk7x8UVV%|2;vB%Z{Y5QU@&LJDVKm{x!M#^WQV=Um5$u zVqgltDg16O?S`ec-utKYH>JNR{ngXJlt1cW(<@DS&rIPrh2K=Z)YHI}Kk8xAD@`~v zF0K1U}t^~`_H`7(LLRTvmNU#`XuZPm?}{if-B+0i8R@TkE*z#IqawKo5F9(zx6aQ<&S#UG?6k>_)XzAl`r))Fy)VW*i7ZihrwpN;pfPV z;@q(~^ITPoT>rJ`QO>O2E8dLNa_1|KGJeR>iFqfg^6rSSqD|}r(V*lr6Swn15er1J z5PwE|Jkdr(0ldAA_^XQ}JJsF%kte*QPh+u3`w`U^F@<$+U_KtvZBVe^K!hhbMUhWa zuD|EL6DvYiXMehhs=@tRjNUeDb9A(53M4j?u@m1)+^+XO3+(?cypz>LRkmG0l!^l6 zv6Hv#n)N&B9QhK|C81{hypG5LCff;KBpY}wRXihZYILz2kyqt9x89M7*ePOrixG2V zEl^K^k*({SOzlmLjSK--?4vRzwG_zhB5#Fy!BF&F-Ahh4+2H<794{3Bi}4?IULz=% ztO4>9>Th z=rE1Xc^tj(jx+UVr5&jHrFr=MrvydoiEn)09!OXcsi|KsspL5@w9n(&|bf290 zv(kY-aP>XKQO2?9fqR_2g?0fC&YAG1M+i^22g{Nr&dT6UkC3bGL++oc%8^)P@9+#T zFizc9XXqh;pcUR7`9<{UIE|QkjnEePMb7l2IygP%)3oK*jDh8J-jTkJzIXoEso+qg zKj%FeM?tNoZo>n*^oX7P<*X*ESU?HfV?6rZ<{0N{I!lY%0o+ONoo9HOXnirAF%LQS zY&DJ3Ib#`qi)tSj@IF89+PCIn=Si4K3}a^ll5-2j8S6^wf%gzJ28#KWb$M^630LMt zw_~nyW?Jr_X~m!2%YA|keBXF|B_c2#J21^!aE1HswBTEfS7RzVzzGaj1 z%7Qi+EtRBrI~dFT!xDqzpgF_burW60(^XT3TQ>$R1)Y<+k@{^In{%DnLA_hX$y*&$ z?a$S8#@Uo79Xes;&a<=h$o(@^onL64u#~2H5iq0mm4r>>nhYk}dsKbq3YN=VeNr*W zwOOdpj}E83E&cPoA$`5Avs7eR)LEY0&^I~S$m(5vQ{y7XZ}w^!%ZsW0hMvGq$WJJ) z_xR)MZ%a;cRCph<)O_JH&g?u+=bi6sPI1ntH9eI^;7W9kWr4FGsLT@@-5lp<&6T!g zOsUSCEz&Rjux_$^@;jVSev6Ux9RnU&tZLMtbA7hGwu71vc?~ zH?o{u(p9xEbK84)| zJ-J=m5q_&}!;_9ivToqhH6?5{kr$4J;Q!w>*Zr$x`!A|Dw4Ho0kM)a;jHfBnWLFs{ zMEkP`$(4K?%#hnUQ?=j9J->7 zM$NeTd0XHO>O)|a`yKc76j`9d`-kW!wKC~D)<%7M!}JiXOr8QW`ErZiIi;EJ3huzd z#h&J`s-@<=avOZ2o62o{4BTV4Az>MF_o(}|-+Tn&XTw|3P9tCxpPQ@xE%~cnUT5Dt zR$s{Px)ROWYe_z2WcoTI4lmyu`7Zl=`U1oKTa5SjZ!0pNa$E5n`N!p6k%d3F+QF=< apW&%{Df^auf9IB0KgkS^Imh}nmi`Ao&1qu* literal 0 HcmV?d00001 diff --git a/Security/Internet Explorer/Restict unsafe online help functions.reg b/Security/Internet Explorer/Restict unsafe online help functions.reg new file mode 100644 index 0000000..bb6ea32 --- /dev/null +++ b/Security/Internet Explorer/Restict unsafe online help functions.reg @@ -0,0 +1,7 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] +"HelpQualifiedRootDir"=hex(2):00,00 + +[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System] +"HelpQualifiedRootDir"=hex(2):00,00 diff --git a/Security/LAN/no lmhash on passwort change on LAN.reg b/Security/LAN/no lmhash on passwort change on LAN.reg new file mode 100644 index 0000000..27c5500 --- /dev/null +++ b/Security/LAN/no lmhash on passwort change on LAN.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA] +"nolmhash"=dword:1 diff --git a/Security/MSI/Do not allow the Windows Installer to install anything from removable drives.reg b/Security/MSI/Do not allow the Windows Installer to install anything from removable drives.reg new file mode 100644 index 0000000..8af4f73 --- /dev/null +++ b/Security/MSI/Do not allow the Windows Installer to install anything from removable drives.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Installer] +"DisableMedia"=dword:1 diff --git a/Security/Only allow specific shell extensions.reg b/Security/Only allow specific shell extensions.reg new file mode 100644 index 0000000..62a8b0b --- /dev/null +++ b/Security/Only allow specific shell extensions.reg @@ -0,0 +1,7 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] +"[RSW:VALUELIST]"="" + +[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] +"[RSW:VALUELIST]"="" diff --git a/Security/Restrict Anonymous User.reg b/Security/Restrict Anonymous User.reg new file mode 100644 index 0000000..ffbe1bb --- /dev/null +++ b/Security/Restrict Anonymous User.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] +"RestrictAnonymous"=dword:1 diff --git a/Security/Security Center/Activate Security Center for Domain PC's.reg b/Security/Security Center/Activate Security Center for Domain PC's.reg new file mode 100644 index 0000000..9461aef --- /dev/null +++ b/Security/Security Center/Activate Security Center for Domain PC's.reg @@ -0,0 +1,4 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Security Center] +"SecurityCenterInDomain"=dword:1 diff --git a/Security/Security Center/Configure the Security Center.reg b/Security/Security Center/Configure the Security Center.reg new file mode 100644 index 0000000..4702954 --- /dev/null +++ b/Security/Security Center/Configure the Security Center.reg @@ -0,0 +1,6 @@ +Windows Registry Editor Version 5.00 + +; Warn on missing AV and if Firewall gets deactivated +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] +"FirewallOverride"=dword:1 +"AntiVirusOverride"=dword:1 diff --git a/Security/Telemetry/all-in-one.bat b/Security/Telemetry/all-in-one.bat new file mode 100644 index 0000000..a3e5c84 --- /dev/null +++ b/Security/Telemetry/all-in-one.bat @@ -0,0 +1,83 @@ +REM keeping win7 clean !!!! (change this file CleanWin7.txt extension to cmd and run) + +:: reg hacks ------------------------------------------- +REM disable downloaded w10 files +reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\Gwx /f /v DisableGwx /t REG_DWORD /d 1 +REM disable upgrade requests +reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v DisableOSUpgrade /t REG_DWORD /d 1 + +:: services --------------------------------------------- +sc config DiagTrack start= disabled +net stop DiagTrack + +:: scheduled tasks reporting to Redmond ----------- +schtasks /Change /TN "\Microsoft\Windows\Application Experience\AitAgent" /DISABLE +schtasks /Change /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /DISABLE +schtasks /Change /TN "\Microsoft\Windows\Application Experience\ProgramDataUpdater" /DISABLE +schtasks /Change /TN "\Microsoft\Windows\Autochk\Proxy" /DISABLE +schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /DISABLE +schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /DISABLE +schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /DISABLE +schtasks /Change /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /DISABLE +schtasks /Change /TN "\Microsoft\Windows\Maintenance\WinSAT" /DISABLE +REM schtasks /Change /TN "\Microsoft\Windows\Autochk\Media Center\*all*" /DISABLE +REM schtasks /Change /TN "\Microsoft\Windows\Setup\gwx\launchtrayprocess" /DISABLE +REM schtasks /Change /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig" /DISABLE +REM schtasks /Change /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" /DISABLE +REM schtasks /Change /TN "\Microsoft\Windows\Setup\gwx\refreshgwxcontent" /DISABLE +schtasks /Change /TN "\Microsoft\Windows\Windows Error Reporting\QueueReporting" /DISABLE + +:: evil updates ----------------------------------------- + +REM kb971033 License validation check +start "title" /b /wait wusa.exe /kb:971033 /uninstall /quiet /norestart + +REM kb2876229 Skype +start "title" /b /wait wusa.exe /kb:2876229 /uninstall /quiet /norestart + +REM kb2952664 Compatibility update for upgrading Windows 7 +start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart + +REM kb2976978 Compatibility update for Windows 8.1 and Windows 8 +start "title" /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart + +REM kb2977759 - W10 Diagnostics Compatibility telemetry +start "title" /b /wait wusa.exe /kb:2977759 /uninstall /quiet /norestart + +REM kb2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows +start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart + +REM kb3012973 Upgrade to Windows 10 Pro +start "title" /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart + +REM kb3021917 Update to Windows 7 SP1 for performance improvements +start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart + +REM kb3022345 Update for customer experience and diagnostic telemetry (replace with KB3068708) +start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart + +REM kb3035583 Update installs get windows 10 app in Windows 8.1 and Windows 7 SP1 +start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart + +REM kb3044374 - W8,8.1 Nagware for W10 +start "title" /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart + +REM kb3050265 - Windows Update service updated to accept upgrade to W10 +start "title" /b /wait wusa.exe /kb:3050265 /uninstall /quiet /norestart + +REM kb3065987 - update for Windows Update (v7 v2008) +start "title" /b /wait wusa.exe /kb:3065987 /uninstall /quiet /norestart + +REM kb3068707 - Customer experience telemetry points +start "title" /b /wait wusa.exe /kb:3068707 /uninstall /quiet /norestart + +REM kb3068708 (replaces KB3022345) Update for customer experience and diagnostic telemetry +start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart + +REM kb3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 +start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart + +REM kb3080149 Update for customer experience and diagnostic telemetry +start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart + +REM Remember to *hide* all these in Windows Update \ No newline at end of file diff --git a/Security/Telemetry/badupdateremover.bat b/Security/Telemetry/badupdateremover.bat new file mode 100644 index 0000000..1d60997 --- /dev/null +++ b/Security/Telemetry/badupdateremover.bat @@ -0,0 +1,29 @@ +@echo off + +if %1. == . goto usage + +set UNINSTALLX=uninstall-%1-updates.cmd +set HIDEX=hide-%1-updates.ps +set BADUPDATES= + +echo %1 +if %1 == win7 set BADUPDATES=971033 2952664 2977759 2990214 3021917 3022345 3035583 3050265 3065987 3068708 3075249 3080149 +if %1 == win81 set BADUPDATES=2976978 3022345 3035583 3044374 3050267 3068708 3075249 3075853 3080149 +if %1 == w2008r2 set BADUPDATES=3022345 3050265 3065987 3068708 3080149 +if %1 == w2012r2 set BADUPDATES=3022345 3068708 3075853 3080140 +if not defined BADUPDATES goto usage + +echo %BADUPDATES% +if exist %UNINSTALLX% del %UNINSTALLX% +if exist %HIDEX% del %HIDEX% +for %%n in (%BADUPDATES%) do ( + echo start /w wusa.exe /uninstall /kb:%%n /norestart >> %UNINSTALLX% + echo Hide-WUUpdate -Confirm:$false -HideStatus:$true -KBArticleID KB%%n >> %HIDEX% +) +goto end + +:usage +echo Okay, you didn't give the right parameter... it needs to be win7, win81, w2008r2 or w2012r2 + +:end +echo. \ No newline at end of file diff --git a/Security/Telemetry/telemetryremover.vbs b/Security/Telemetry/telemetryremover.vbs new file mode 100644 index 0000000..62e62c3 --- /dev/null +++ b/Security/Telemetry/telemetryremover.vbs @@ -0,0 +1,30 @@ +Dim hideupdates(9) + +hideupdates(0) = "KB2952664" +hideupdates(1) = "KB2990214" +hideupdates(2) = "KB3021917" +hideupdates(3) = "KB3035583" +hideupdates(4) = "KB3068708" +hideupdates(5) = "KB2977759" +hideupdates(6) = "KB3075249" +hideupdates(7) = "KB3080149" +hideupdates(8) = "KB3050265" +hideupdates(9) = "KB3022345" + + +set updateSession = createObject("Microsoft.Update.Session") +set updateSearcher = updateSession.CreateupdateSearcher() + +Set searchResult = updateSearcher.Search("IsInstalled=0 and Type='Software'") + +For i = 0 To searchResult.Updates.Count-1 +set update = searchResult.Updates.Item(i) +For j = LBound(hideupdates) To UBound(hideupdates) +'MsgBox hideupdates(j) +if instr(1, update.Title, hideupdates(j), vbTextCompare) = 0 then + 'Wscript.echo "No match found for " & hideupdates(j) +else +Wscript.echo "Hiding " & hideupdates(j) +update.IsHidden = True +end if +Next \ No newline at end of file diff --git a/Security/Telemetry/wiper.bat b/Security/Telemetry/wiper.bat new file mode 100644 index 0000000..22ab3b3 --- /dev/null +++ b/Security/Telemetry/wiper.bat @@ -0,0 +1,75 @@ +ECHO OFF +REM --- remember to invoke from ELEVATED command prompt! +REM --- or start the batch with context menu "run as admin". +SETLOCAL + +REM --- (as of 2015-08-26): +REM KB3012973 - Upgrade to Windows 10 Pro +REM KB3021917 - Update to Windows 7 SP1 for performance improvements +REM KB3035583 - GWX Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1 +REM KB2952664 - Compatibility update for upgrading Windows 7 +REM KB2976978 - Compatibility update for Windows 8.1 and Windows 8 +REM KB3022345 - Telemetry [Replaced by KB3068708] +REM KB3068708 - Update for customer experience and diagnostic telemetry +REM KB2990214 - Update that enables you to upgrade from Windows 7 to a later version of Windows +REM KB3075249 - Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 +REM KB3080149 - Update for customer experience and diagnostic telemetry +REM KB3044374 - W8,8.1 Nagware for W10 +REM KB2977759 - W10 Diagnostics Compatibility Telemetry +REM KB3050265 - Windwos Update services update to upgrade to W10 +REM KB3068707 - Customer experience telemetry point. W7,8,8.1 + + +REM --- uninstall updates +echo uninstalling updates ... +start "title" /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:2977759 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:3050265 /uninstall /quiet /norestart +echo - done. +start "title" /b /wait wusa.exe /kb:3068707 /uninstall /quiet /norestart +echo - done. + +timeout 10 + +echo ... COMPLETED (please remember to REBOOT, and Hide the Following KB Updates) +echo ...3012973 +echo ...3021917 +echo ...3035583 +echo ...2952664 +echo ...2976978 +echo ...3022345 +echo ...3068708 +echo ...2990214 +echo ...3075249 +echo ...3080149 +echo ...3044374 +echo ...2977759 +echo ...3050265 +echo ...3068707 +echo - done. + + +pause +REM --- EOF \ No newline at end of file