API tools faq
paste
Guest User

Untitled

a guest
Dec 7th, 2017
397
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.97 KB | None | 0 0
raw download clone embed print report
  1. @echo off
  2.  
  3. :Author
  4. color 0E
  5. ECHO #################################################################
  6. ECHO # #
  7. ECHO # Bharat Babbar #
  8. ECHO # Bharatbabbar28@gmail.com #
  9. ECHO # #
  10. ECHO # Donate Bitcoins :- 15XgKbvduGygsNc1eUfkb2h5B5Q5su3X1V #
  11. ECHO # Donate Etheriums:- 0xEdf3bbB6457ec13ACb13690A693b1952B9E2BF69 #
  12. ECHO # #
  13. ECHO #################################################################
  14. pause
  15. cls
  16.  
  17.  
  18. :INFO
  19. color F1
  20. echo **************************************************************************************************************************************************
  21. echo * Hi All, *
  22. echo * You have to follow below steps to apply Group Policy settings using UI mode:- *
  23. echo * *
  24. echo * 1. To setup lockout policy and to hide last user login name from login screen:- *
  25. echo * *
  26. echo * Click on Start > Run > type gpedit.msc and press enter *
  27. echo * Go to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Account Lockout Policy *
  28. echo * *
  29. echo * Account lockout duration 10 *
  30. echo * Account lockout threshold 03 *
  31. echo * Reset account lockout counter after 10 *
  32. echo * *
  33. echo * *
  34. echo * *
  35. echo * 2. To wallpaper control policy:- *
  36. echo * *
  37. echo * Click on Start > Run > type gpedit.msc and press enter *
  38. echo * Go to Local Computer Policy > User Configuration > Administrative Templates > Desktop *
  39. echo * In the right pane, select Desktop wallpaper and enable it *
  40. echo * Indicate the full path for your custom/default wallpaper *
  41. echo * Centre and stretch the image as required and press on the OK button to validate. *
  42. echo * *
  43. echo * *
  44. echo * *
  45. echo * 3. To lock system after 300 seconds:- *
  46. echo * *
  47. echo * ? FOR WINDOWS 7:- *
  48. echo * *
  49. echo * Click on Start > Run > type gpedit.msc and press enter *
  50. echo * Go to Local Computer Policy > User Configuration > Administrative Templates > control Panel > personalization *
  51. echo * *
  52. echo * Enable screen saver Enabled *
  53. echo * Password protect the screen saver Enabled *
  54. echo * Screen saver timeout Enabled (Time should be 300 seconds) *
  55. echo * Force specific screen saver Enabled *
  56. echo * *
  57. echo * *
  58. echo * ? FOR WINDOWS 8/8.1/10:- *
  59. echo * *
  60. echo * Click on Start > Run > type gpedit.msc and press enter *
  61. echo * Go to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options *
  62. echo * In the right pane, select interactive logon machine inactivity limit and input 300 Seconds then Apply and OK. *
  63. echo * *
  64. echo * *
  65. echo * *
  66. echo * 4. To change in Password Policy:- *
  67. echo * Click on Start > Run > type gpedit.msc and press enter *
  68. echo * Go to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies>Account Policies>Password Policy *
  69. echo * Make changes In the right pane as below:- *
  70. echo * *
  71. echo * Enforce Password History 0 Password Remembered *
  72. echo * Maximum Password Age 60 Days *
  73. echo * Minimum Password Age 2 Days *
  74. echo * Minimum Password Length 8 Characters *
  75. echo * Password Complexity Enabled *
  76. echo * Store Password Using Reversible encryption Disabled *
  77. echo **************************************************************************************************************************************************
  78. @pause
  79. (
  80. @echo PRESS ANY KEY TO APPLY ABOVE POLICIES
  81. )
  82. @cls
  83.  
  84. color 0A
  85.  
  86. :Trick_to_Update_Policy
  87.  
  88. rmdir /s /q "c:/temp"
  89. mkdir "c:/temp/temp"
  90. cd c:/temp/temp
  91.  
  92. echo [Unicode] > secconfig.cfg
  93. echo Unicode=yes >>secconfig.cfg
  94. echo [System Access] >>secconfig.cfg
  95. echo MinimumPasswordAge = 2 >>secconfig.cfg
  96. echo MaximumPasswordAge = 60 >>secconfig.cfg
  97. echo MinimumPasswordLength = 8 >>secconfig.cfg
  98. echo PasswordComplexity = 1 >>secconfig.cfg
  99. echo PasswordHistorySize = 0 >>secconfig.cfg
  100. echo LockoutBadCount = 3 >>secconfig.cfg
  101. echo ResetLockoutCount = 10 >>secconfig.cfg
  102. echo LockoutDuration = 10 >>secconfig.cfg
  103. echo RequireLogonToChangePassword = 0 >>secconfig.cfg
  104. echo ForceLogoffWhenHourExpire = 0 >>secconfig.cfg
  105. echo NewAdministratorName = "Administrator" >>secconfig.cfg
  106. echo NewGuestName = "Guest" >>secconfig.cfg
  107. echo ClearTextPassword = 0 >>secconfig.cfg
  108. echo LSAAnonymousNameLookup = 0 >>secconfig.cfg
  109. echo EnableAdminAccount = 1 >>secconfig.cfg
  110. echo EnableGuestAccount = 0 >>secconfig.cfg
  111. echo [Event Audit] >>secconfig.cfg
  112. echo AuditSystemEvents = 0 >>secconfig.cfg
  113. echo AuditLogonEvents = 0 >>secconfig.cfg
  114. echo AuditObjectAccess = 0 >>secconfig.cfg
  115. echo AuditPrivilegeUse = 0 >>secconfig.cfg
  116. echo AuditPolicyChange = 0 >>secconfig.cfg
  117. echo AuditAccountManage = 0 >>secconfig.cfg
  118. echo AuditProcessTracking = 0 >>secconfig.cfg
  119. echo AuditDSAccess = 0 >>secconfig.cfg
  120. echo AuditAccountLogon = 0 >>secconfig.cfg
  121. echo [Registry Values] >>secconfig.cfg
  122. echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0 >>secconfig.cfg
  123. echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0 >>secconfig.cfg
  124. echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,"10" >>secconfig.cfg
  125. echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,0 >>secconfig.cfg
  126. echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,5 >>secconfig.cfg
  127. echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,"0" >>secconfig.cfg
  128. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin=4,0 >>secconfig.cfg
  129. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser=4,3 >>secconfig.cfg
  130. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,0 >>secconfig.cfg
  131. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection=4,1 >>secconfig.cfg
  132. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA=4,0 >>secconfig.cfg
  133. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths=4,1 >>secconfig.cfg
  134. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle=4,0 >>secconfig.cfg
  135. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization=4,1 >>secconfig.cfg
  136. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken=4,0 >>secconfig.cfg
  137. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,"" >>secconfig.cfg
  138. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7, >>secconfig.cfg
  139. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop=4,0 >>secconfig.cfg
  140. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption=4,0 >>secconfig.cfg
  141. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,1 >>secconfig.cfg
  142. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1 >>secconfig.cfg
  143. echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures=4,0 >>secconfig.cfg
  144. echo MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled=4,0 >>secconfig.cfg
  145. echo MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0 >>secconfig.cfg
  146. echo MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0 >>secconfig.cfg
  147. echo MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0 >>secconfig.cfg
  148. echo MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0 >>secconfig.cfg
  149. echo MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled=4,0 >>secconfig.cfg
  150. echo MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0 >>secconfig.cfg
  151. echo MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0 >>secconfig.cfg
  152. echo MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1 >>secconfig.cfg
  153. echo MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,536870912 >>secconfig.cfg
  154. echo MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,536870912 >>secconfig.cfg
  155. echo MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1 >>secconfig.cfg
  156. echo MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,0 >>secconfig.cfg
  157. echo MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1 >>secconfig.cfg
  158. echo MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,0 >>secconfig.cfg
  159. echo MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=7,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion >>secconfig.cfg
  160. echo MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=7,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog >>secconfig.cfg
  161. echo MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1 >>secconfig.cfg
  162. echo MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,0 >>secconfig.cfg
  163. echo MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1 >>secconfig.cfg
  164. echo MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional=7,Posix >>secconfig.cfg
  165. echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15 >>secconfig.cfg
  166. echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1 >>secconfig.cfg
  167. echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,0 >>secconfig.cfg
  168. echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes=7, >>secconfig.cfg
  169. echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0 >>secconfig.cfg
  170. echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1 >>secconfig.cfg
  171. echo MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0 >>secconfig.cfg
  172. echo MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1 >>secconfig.cfg
  173. echo MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0 >>secconfig.cfg
  174. echo MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1 >>secconfig.cfg
  175. echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0 >>secconfig.cfg
  176. echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30 >>secconfig.cfg
  177. echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1 >>secconfig.cfg
  178. echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,1 >>secconfig.cfg
  179. echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1 >>secconfig.cfg
  180. echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1 >>secconfig.cfg
  181. echo [Privilege Rights] >>secconfig.cfg
  182. echo SeNetworkLogonRight = *S-1-1-0,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 >>secconfig.cfg
  183. echo SeBackupPrivilege = *S-1-5-32-544,*S-1-5-32-551 >>secconfig.cfg
  184. echo SeChangeNotifyPrivilege = *S-1-1-0,*S-1-5-19,*S-1-5-20,SQLServer2005MSSQLUser$E2E-SER-004$SQLEXPRESS,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 >>secconfig.cfg
  185. echo SeSystemtimePrivilege = *S-1-5-19,*S-1-5-32-544 >>secconfig.cfg
  186. echo SeCreatePagefilePrivilege = *S-1-5-32-544 >>secconfig.cfg
  187. echo SeDebugPrivilege = *S-1-5-32-544 >>secconfig.cfg
  188. echo SeRemoteShutdownPrivilege = *S-1-5-32-544 >>secconfig.cfg
  189. echo SeAuditPrivilege = *S-1-5-19,*S-1-5-20 >>secconfig.cfg
  190. echo SeIncreaseQuotaPrivilege = *S-1-5-19,*S-1-5-20,SQLServer2005MSSQLUser$E2E-SER-004$SQLEXPRESS,*S-1-5-32-544 >>secconfig.cfg
  191. echo SeIncreaseBasePriorityPrivilege = *S-1-5-32-544 >>secconfig.cfg
  192. echo SeLoadDriverPrivilege = *S-1-5-32-544 >>secconfig.cfg
  193. echo SeBatchLogonRight = SQLServer2005MSSQLUser$E2E-SER-004$SQLEXPRESS,*S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559 >>secconfig.cfg
  194. echo SeServiceLogonRight = SQLServer2005SQLBrowserUser$E2E-SER-004,SQLServer2005MSSQLUser$E2E-SER-004$SQLEXPRESS,*S-1-5-80-0 >>secconfig.cfg
  195. echo SeInteractiveLogonRight = Guest,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 >>secconfig.cfg
  196. echo SeSecurityPrivilege = *S-1-5-32-544 >>secconfig.cfg
  197. echo SeSystemEnvironmentPrivilege = *S-1-5-32-544 >>secconfig.cfg
  198. echo SeProfileSingleProcessPrivilege = *S-1-5-32-544 >>secconfig.cfg
  199. echo SeSystemProfilePrivilege = *S-1-5-32-544,*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420 >>secconfig.cfg
  200. echo SeAssignPrimaryTokenPrivilege = *S-1-5-19,*S-1-5-20,SQLServer2005MSSQLUser$E2E-SER-004$SQLEXPRESS >>secconfig.cfg
  201. echo SeRestorePrivilege = *S-1-5-32-544,*S-1-5-32-551 >>secconfig.cfg
  202. echo SeShutdownPrivilege = E2ESS4,*S-1-5-32-544,*S-1-5-32-551 >>secconfig.cfg
  203. echo SeTakeOwnershipPrivilege = *S-1-5-32-544 >>secconfig.cfg
  204. echo SeDenyNetworkLogonRight = Guest >>secconfig.cfg
  205. echo SeDenyInteractiveLogonRight = Guest >>secconfig.cfg
  206. echo SeUndockPrivilege = *S-1-5-32-544,*S-1-5-32-545 >>secconfig.cfg
  207. echo SeManageVolumePrivilege = *S-1-5-32-544 >>secconfig.cfg
  208. echo SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555 >>secconfig.cfg
  209. echo SeImpersonatePrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6 >>secconfig.cfg
  210. echo SeCreateGlobalPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6 >>secconfig.cfg
  211. echo SeIncreaseWorkingSetPrivilege = *S-1-5-32-545 >>secconfig.cfg
  212. echo SeTimeZonePrivilege = *S-1-5-19,*S-1-5-32-544,*S-1-5-32-545 >>secconfig.cfg
  213. echo SeCreateSymbolicLinkPrivilege = *S-1-5-32-544 >>secconfig.cfg
  214. echo [Version] >>secconfig.cfg
  215. echo signature="$CHICAGO$" >>secconfig.cfg
  216. echo Revision=1 >>secconfig.cfg
  217.  
  218. secedit.exe /configure /db %windir%\securitynew.sdb /cfg C:\temp\temp\secconfig.cfg /areas SECURITYPOLICY
  219.  
  220. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v dontdisplaylastusername /t REG_Dword /d 1 /f
  221. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_DWORD /d 1 /f
  222. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_DWORD /d 1 /f
  223. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper /t REG_SZ /d C:\Windows\Web\Wallpaper\Nature\img1.jpg /f
  224. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v WallpaperStyle /t REG_SZ /d 4 /f
  225.  
  226. gpupdate /force
  227. rmdir /s /q "c:/temp/temp"
  228.  
  229. ECHO *************************
  230. ECHO PRESS ANY KEY TO EXIT
  231. ECHo *************************
  232. @pause
  233. Exit
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!