itsuki-hayashi · April 19, 2022 06:06
diff --git a/windows10-hardening.reg b/windows10-hardening.reg
 Windows Registry Editor Version 5.00
 ; See: https://github.com/0x6d69636b/windows_hardening
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging]
 "EnableScriptBlockLogging"=dword:00000001
 "EnableScriptBlockInvocationLogging"=dword:00000001

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription]
 "EnableTranscripting"=dword:00000001

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
 "RunAsPPL"=dword:00000001

 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe]
 "AuditLevel"=dword:00000008

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
 "NodeType"=dword:00000002

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest]
 "UseLogonCredential"=dword:00000000

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
 "SafeDLLSearchMode"=dword:00000001

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
 "DisableIPSourceRouting"=dword:00000002

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
 "DisableIPSourceRouting"=dword:00000002
 "EnableICMPRedirect"=dword:00000000

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
 "NoNameReleaseOnDemand"=dword:00000001

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch]
 "DriverLoadPolicy"=dword:00000003

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
 "NoBackgroundPolicy"=dword:00000000
 "NoGPOListChanges"=dword:00000000

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard]
 "HVCIMATRequired"=dword:00000001
 "ConfigureSystemGuardLaunch"=dword:00000001
 "DeployConfigCIPolicy"=dword:00000001

 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer]
 "DisableCoInstallers"=dword:00000001

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI]
 "AllowAppHVSI_ProviderSet"=dword:00000003
 "AuditApplicationGuard"=dword:00000001


 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 "EnableFirewall"=dword:00000001

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
 "LogFileSize"=dword:00004000
 "LogDroppedPackets"=dword:00000001
 "LogSuccessfulConnections"=dword:00000001

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
 "EnableFirewall"=dword:00000001

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
 "LogFileSize"=dword:00004000
 "LogDroppedPackets"=dword:00000001
 "LogSuccessfulConnections"=dword:00000001

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
 "EnableFirewall"=dword:00000001

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
 "LogFileSize"=dword:00004000
 "LogDroppedPackets"=dword:00000001
 "LogSuccessfulConnections"=dword:00000001

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging]
 "LogDroppedPackets"=dword:00000001
 "LogFileSize"=dword:00004000
 "LogSuccessfulConnections"=dword:00000001

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging]
 "LogDroppedPackets"=dword:00000001
 "LogFileSize"=dword:00004000
 "LogSuccessfulConnections"=dword:00000001

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
 "LogDroppedPackets"=dword:00000001
 "LogFileSize"=dword:00004000
 "LogSuccessfulConnections"=dword:00000001
	Windows Registry Editor Version 5.00
	; See: https://github.com/0x6d69636b/windows_hardening
	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell]

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging]
	"EnableScriptBlockLogging"=dword:00000001
	"EnableScriptBlockInvocationLogging"=dword:00000001

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription]
	"EnableTranscripting"=dword:00000001

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
	"RunAsPPL"=dword:00000001

	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe]
	"AuditLevel"=dword:00000008

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
	"NodeType"=dword:00000002

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest]
	"UseLogonCredential"=dword:00000000

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
	"SafeDLLSearchMode"=dword:00000001

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
	"DisableIPSourceRouting"=dword:00000002

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
	"DisableIPSourceRouting"=dword:00000002
	"EnableICMPRedirect"=dword:00000000

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
	"NoNameReleaseOnDemand"=dword:00000001

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch]
	"DriverLoadPolicy"=dword:00000003

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
	"NoBackgroundPolicy"=dword:00000000
	"NoGPOListChanges"=dword:00000000

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard]
	"HVCIMATRequired"=dword:00000001
	"ConfigureSystemGuardLaunch"=dword:00000001
	"DeployConfigCIPolicy"=dword:00000001

	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer]
	"DisableCoInstallers"=dword:00000001

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI]
	"AllowAppHVSI_ProviderSet"=dword:00000003
	"AuditApplicationGuard"=dword:00000001


	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
	"EnableFirewall"=dword:00000001

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
	"LogFileSize"=dword:00004000
	"LogDroppedPackets"=dword:00000001
	"LogSuccessfulConnections"=dword:00000001

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
	"EnableFirewall"=dword:00000001

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
	"LogFileSize"=dword:00004000
	"LogDroppedPackets"=dword:00000001
	"LogSuccessfulConnections"=dword:00000001

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
	"EnableFirewall"=dword:00000001

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
	"LogFileSize"=dword:00004000
	"LogDroppedPackets"=dword:00000001
	"LogSuccessfulConnections"=dword:00000001

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging]
	"LogDroppedPackets"=dword:00000001
	"LogFileSize"=dword:00004000
	"LogSuccessfulConnections"=dword:00000001

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging]
	"LogDroppedPackets"=dword:00000001
	"LogFileSize"=dword:00004000
	"LogSuccessfulConnections"=dword:00000001

	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
	"LogDroppedPackets"=dword:00000001
	"LogFileSize"=dword:00004000
	"LogSuccessfulConnections"=dword:00000001