; We install a "software package", which does not touch ; any files in the system. It just messes around with ; registry entires to make this machine more secure. ; All the action takes place in the [DefaultInstall] ; section where it instructs windows installer to process ; the registry entries specificied in other sections [Version] Signature="$Windows NT$" Provider="%DeptName%" DriverVer=09/30/2002 ;--------------------------------------------------------------------- ; A Note about REGISTRY ENTRIES ; ----------------------------- ;Each line within these sections has a similar format, as shown ;You use all the parameters shown if you're adding a Registry entry. ;If you're removing a Registry entry, you only use the first three. ;HKEY, Subkey, Name, Type, Value ; HKEY: is one of HKCR (for HKEY_CLASSES_ROOT),HKCU (for HKEY_CURRENT_USER), ; HKLM (for HKEY_LOCAL_MACHINE), HKU (for HKEY_USERS), HKCC or HKDD ; Subkey: The subkey under the root key, not including the name of the root key itself. ; Name: The name of the value entry you're adding. Leaving this item blank implies ; you're working with the default value entry. ; Type: The type of value entry ; 0x00000000 for string - default, i.e. REG_SZ ; 0x00000001 for binary i.e. raw data, ; 0x00010001 for DWORD, REG_DWORD ; 0x00020000 for REG_EXPAND_SZ, i.e. a string which has to be interpolated with ; environment variables. E.g. "%SYSTEMROOT% and %TEMP%" ; Value: The data for the value entry. Use the appropriate format for the type you specified. ; That is, strings should be quoted, and Dwords in decimal/hexadecimal ; NOTE: For deleting if you dont specify Name, then entire Key will be deleted ;-------------------------------------------------------------------------------- [DefaultInstall] AddReg=Desktop.AddReg AddReg=LogonStartup.AddReg AddReg=HardenNT.AddReg AddReg=Misc.AddReg AddReg=FileSystem.AddReg DelReg=Desktop.DelReg DelReg=HardenNT.DelReg DelReg=Network.DelReg [Network.DelReg] ; Stuff which improves network performance ;The presence of this key instructs Win2K machines to spend about 30 seconds ;Searching for scheduled tasks on a remote computer. It does this when ;browsing the network. This is unnecessary and anyway is needed only for ; Win 9x/Me machines. To undo this just create the key we are deleting. ; No values needed in this key HKLM,Software\Microsoft\Windows\Current Version\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}, [FileSystem.AddReg] ; Stuff to improve file system efficiency ; NTFS will no longer generate 8.3 filenames. No longer compatible with Win3.1 and Win95 ; and by default accessing C:\A\B\C\D\E\F\G will update the Last Access Time stamps ; of all the directories A,B,...F. This disables that, and hence will result in speed ; up of the Access times HKLM,SYSTEM\CurrentControlSet\Control\FileSYSTEM, NtfsDisable8dot3NameCreation ,0x00010001, 1 HKLM,SYSTEM\CurrentControlSet\Control\FileSYSTEM, Win31FileSystem ,0x00010001, 0 HKLM,SYSTEM\CurrentControlSet\Control\FileSYSTEM, Win95TruncatedExtensions ,0x00010001, 1 HKLM,SYSTEM\CurrentControlSet\Control\FileSYSTEM, NtfsDisableLastAccessUpdate ,0x00010001, 1 ; When a broken shortcut is encountered Windows tried to search for the target ; Then if the target is still not found it searches all the drives on the machine ; This tweak disables it. If a user caused a broken shortcut, he/she can repair it him/herself. ; The suggested change is to HKCU. I am changing HKU\.DEFAULT so it should affect all users. HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoResolveTrack,0x00010001,1 HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoResolveSearch,0x00010001,1 [HardenNT.AddReg] ; Stuff recomended by Harden-NT software HKLM,SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Service,AddPrintDrivers,0x00010001, 1 HKLM,SYSTEM\CurrentControlSet\Control\Lsa,FullPrivilegeAuditing ,0x00000001, 1 HKLM,SYSTEM\CurrentControlSet\Control\Lsa,LmCompatibilityLevel ,0x00010001, 5 HKLM,SYSTEM\CurrentControlSet\Control\Lsa,CrashOnAuditFail ,0x00010001, 1 HKLM,SYSTEM\CurrentControlSet\Services\W3SVC\Parameters, SSIEnableCmdDirective ,0x00010001, 0 HKLM,SYSTEM\CurrentControlSet\Control\GraphicsDrivers\DCI,Timeout ,0x00010001, 0 HKLM,SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, DisableIPSourceRouting ,0x00010001, 2 HKLM,SYSTEM\CurrentControlSet\Services\Rdr\Parameters, EnablePlainTextPassword ,0x00010001, 0 HKLM,SYSTEM\CurrentControlSet\Services\LanManServer\Parameters,AutoShareServer ,0x00010001, 0 HKLM,SYSTEM\CurrentControlSet\Services\LanManServer\Parameters,AutoShareWks ,0x00010001, 0 HKLM,SYSTEM\CurrentControlSet\Services\EventLog\Application,RestrictGuestAccess ,0x00010001, 1 HKLM,SYSTEM\CurrentControlSet\Services\EventLog\SYSTEM,RestrictGuestAccess ,0x00010001, 1 HKLM,SYSTEM\CurrentControlSet\Control\Session Manager,EnhancedSecurityLevel ,0x00010001, 1 HKLM,SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems,Optional ,0x00000001, 00 HKLM,SYSTEM\CurrentControlSet\Control\Lsa,RestrictAnonymous ,0x00010001, 1 HKLM,SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, ClearPageFileAtShutdown ,0x00010001, 1 [HardenNT.DelReg] ; Stuff Recommended by HardenNT ; Disable Os2 and Posix subsystems HKLM,SYSTEM\CurrentControlSet\Control\Session Manager\SubSYSTEMs, Os2 HKLM,SYSTEM\CurrentControlSet\Control\Session Manager\SubSYSTEMs, Posix ; Delete Windows on Win32 (DOS, 16bit applications) compatibility ; This deletes the entire key HKLM,SYSTEM\CurrentControlSet\Control\WOW ;Not present in our default install ;HKLM,SOFTWARE\Microsoft\OS/2 SubSYSTEM\ for NT = DELETE ; This key does not exist in our default install ;HKLM,SYSTEM\CurrentControlSet\Control\Session Manager\Environment,Os2LibPath ; Disable RPC protocols over TCP/UDP ; If some service like pikt needs it, we can ; reenable on specific machines. HKLM,SOFTWARE\Microsoft\Rpc\ClientProtocols,ncacn_ip_tcp HKLM,SOFTWARE\Microsoft\Rpc\ClientProtocols,ncacn_ip_udp HKLM,SOFTWARE\Microsoft\Rpc\ServerProtocols,ncacn_ip_tcp HKLM,SOFTWARE\Microsoft\Rpc\ServerProtocols,ncacn_ip_udp [Desktop.AddReg] ; Rename My Computer to Username on ComputerName HKCR,CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString,0x00020000,"%USERNAME% on %COMPUTERNAME%" ;Disable Error Reporting HKLM,Software\Microsoft\Internet Explorer\Main,IEWatsonEnabled,0x00010001,0 ; Create separate processes for Desktop and Explorer HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer,DesktopProcess,0x00010001,1 ;Show File and Foldername in CorrectCase. So ALLCAPS will not become Allcaps HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced,DontPrettyPath,0x00010001,1 ;Disable AutoRun on CDROM WIN\Policies\Explorer\CDAutoRun HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer,CDAutoRun,0x00010001,0 ; Disable registry editing for all users HKU,.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM, DisableRegistryTools ,0x00010001, 1 ; Disable remote access to CDROMs. Only console user can use it. HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, AllocateCDRoms ,0x00010001, 1 ; Disable remote access to floppy. Only console user can use it HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, AllocateFloppies ,0x00010001, 1 ; Disable those Ballon Tips which come out of the taskbar HKU,.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,EnableBalloonTips,0x00010001,0 [Desktop.DelReg] ; Desktop/explorer cleanup ; Remove the Shared Documents Folder. Delete the entire key. To undo just recreate the key. ; There are no values inside the key HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee}, [LogonStartup.AddReg]: ; Automatically Close Non-Responding Applications on Shutdown ; and set the timeout to 10000 millisecs, i.e. if Application does not respond ; to shut down within 10 seconds, it is automatically closed HKU,.DEFAULT\Control Panel\Desktop,AutoEndTasks,0x00000000,"1" HKU,.DEFAULT\Control Panel\Desktop,WaitToKillAppTimeout,0x00010001,10000 ; Disable Shutdown from logon dialog box. HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,ShutdownWithoutLogon,0x00010001,0 ; Enable Ctrl-Alt-Del security for logon dialog box HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,DisableCAD,0x00010001,0 ; Show the Logon Options (Local or DOmain Login...) HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,ShowLogonOptions,0x00010001,1 ; Classic Logon Screen and not the Welcome Screen HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,LogonType,0x00010001,0 ; Dont Display previous users name in Logon Box HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,DontDisplayLastUserName,0x00000000,"1" ; Number of logons to cache? HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, CachedLogonsCount ,0x00000000, 0 ; Disable AutoAdminLogon. In our installation we set it, so that we can automatically login as admin HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,AutoAdminLogon,0x00000000,"0" ; Usually pressing Shift while loggin on or when the system is booting will enable one to bypass ; the shutdown,startup,logon and logoff scripts. This tweak disables this this override HKLM,Software\Microsoft\Windows NT\CurrentVersion\Winlogon, IgnoreShiftOveride,0x00010001,1 ; Disable Caching of Domain Passwords. So to access any additional network resource the password has to be ; typed in. Once per resource. HKLM, Network\Logon,NoDomainPwdCaching, 0x00010001, 1 ; Disable MSNMessenger from starting when a person logs on. He/She is still allowed to run it ; explicitly though HKLM,Software\Policies\Microsoft\Messenger\Client,PreventAutoRun, 0x00010001,1 HKLM,Software\Policies\Microsoft\Messenger\Client,PreventRun, 0x00010001,0 [Misc.AddReg] ; Avoid Accidental Registry Imports with RegEdit (make Edit default action for REG files) ; No Name in third argument means default value for AddReg Sections HKCR,regfile\shell,,0x00000000,"edit" ; Enable DVD Features in Media Player, Set value to "Yes" or "No" HKU,.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings,EnableDVDUI,0x00000000,"Yes" ; Change the amount of memory (in bytes) locked for IO operations ; Default of 0 => System default = 512KB ; Webpages suggest this can be reduced to 64K (for 256MB RAM) and ; 256K (for 512MB or more). So we set it at 256K HKLM,SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management,IOPageLockLimit,0x00010001,0x40000 ; Disable System Restore ;HKLM,SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore,DisableConfig,0x00010001,1 [Strings] DeptName="Dept of CS, Univ of Chicago, Chicago, IL - USA"