API tools faq
paste
brubaker

Hardening w2k1{6,9}

brubaker
Nov 16th, 2020 (edited)
646
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 10.01 KB | None | 0 0
raw download clone embed print report
  1. # Created by Fran Blanco
  2. # web: www.vlan18.com
  3. # LinkedIn: https://es.linkedin.com/in/fblancos
  4. # Date: 05/09/2020
  5. # Version: 1.01
  6.  
  7. Set-ExecutionPolicy Unrestricted -Force
  8.  
  9. Write-Host ""
  10. Write-Host "Starting setup ... Please, be patient" -ForegroundColor Black -BackgroundColor White
  11. Write-Host ""
  12.  
  13. #Install .Net Framework 3.5
  14. Enable-WindowsOptionalFeature -Online -FeatureName "NetFx3" -NoRestart
  15.  
  16. # Full path on Explorer title bar
  17. Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\" -Name CabinetState -Value 1
  18.  
  19. # TCP Hardening
  20. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "SynAttackProtect" -Type Dword -Value 2 -Force
  21. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "DefaultTTL" -Type Dword -Value 64 -Force
  22.  
  23. # Disable obsolete SMB 1.0 protocol
  24. Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart
  25. Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2 -NoRestart
  26.  
  27. # Set to private network profile
  28. Set-NetConnectionProfile -NetworkCategory Private
  29.  
  30. # Configuracion Firewall
  31. Set-NetFirewallProfile -Name Domain -LogMaxSizeKilobytes 16384 -DefaultInboundAction Block -DefaultOutboundAction Allow -LogAllowed True -LogBlocked True -NotifyOnListen True -AllowUnicastResponseToMulticast True -LogFileName %SystemRoot%\System32\LogFiles\Firewall\domainfw.log
  32. Set-NetFirewallProfile -Name Private -LogMaxSizeKilobytes 16384 -DefaultInboundAction Block -DefaultOutboundAction Allow -LogAllowed True -LogBlocked True -NotifyOnListen True -AllowUnicastResponseToMulticast True -LogFileName %SystemRoot%\System32\LogFiles\Firewall\privatefw.log
  33. Set-NetFirewallProfile -Name Public -LogMaxSizeKilobytes 16384 -DefaultInboundAction Block -DefaultOutboundAction Block -LogAllowed True -LogBlocked True -NotifyOnListen False -AllowUnicastResponseToMulticast True -LogFileName %SystemRoot%\System32\LogFiles\Firewall\publicfw.log
  34.  
  35. # Enable Controlled Folder Access
  36. Set-MpPreference -EnableControlledFolderAccess Enabled
  37.  
  38. # Stop and disable Diagnostics Tracking Service
  39. Stop-Service "DiagTrack" -WarningAction SilentlyContinue
  40. Set-Service "DiagTrack" -StartupType Disabled
  41.  
  42. # Block Microsoft Telemetry Spying
  43. New-NetFirewallRule -DisplayName 'DiagTrack-Service' -Name 'DiagTrack-Service' -Direction Outbound -Action Block -Service 'DiagTrack'
  44.  
  45. # Disable Error Reporting
  46. Disable-WindowsErrorReporting
  47.  
  48. # Disable Telemetry
  49. Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
  50. Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
  51. Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
  52.  
  53. # Disable Location Tracking
  54. Function DisableLocationTracking {
  55.     Write-Output "Disabling Location Tracking..."
  56.     If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location")) {
  57.         New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Force | Out-Null
  58.     }
  59.     Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Name "Value" -Type String -Value "Deny"
  60.     Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0
  61.     Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0
  62. }
  63.  
  64. # Stop and disable Diagnostics Tracking Service
  65. Stop-Service "DiagTrack" -WarningAction SilentlyContinue
  66. Set-Service "DiagTrack" -StartupType Disabled
  67.  
  68. # Disable Feedback
  69. Function DisableFeedback {
  70.     Write-Output "Disabling Feedback..."
  71.     If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules")) {
  72.         New-Item -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null
  73.     }
  74.     Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0
  75.     Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "DoNotShowFeedbackNotifications" -Type DWord -Value 1
  76.     Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClient" -ErrorAction SilentlyContinue | Out-Null
  77.     Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" -ErrorAction SilentlyContinue | Out-Null
  78. }
  79.  
  80. # Enable Windows Defender Cloud
  81. Function EnableDefenderCloud {
  82.     Write-Host "Enabling Windows Defender Cloud..."
  83.     Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SpynetReporting" -ErrorAction SilentlyContinue
  84.     Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SubmitSamplesConsent" -ErrorAction SilentlyContinue
  85. }
  86.  
  87. # Disable Remote Assistance
  88. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0
  89.  
  90. # Show known file extensions
  91. Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0
  92.  
  93. # Hide hidden files
  94. Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 2
  95.  
  96. # Enable Ctrl+Alt+Del requirement before login
  97. Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "DisableCAD" -Type DWord -Value 0
  98.    
  99. # Disable IPv6
  100. Get-NetAdapter | foreach { Disable-NetAdapterBinding -InterfaceAlias $_.Name -ComponentID ms_tcpip6 }
  101.  
  102. # Enable Remote Desktop w/o Network Level Authentication
  103. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
  104. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 1
  105.  
  106. # Hide network options from Lock Screen
  107. Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "DontDisplayNetworkSelectionUI" -Type DWord -Value 1
  108.  
  109. # Hide shutdown options from Lock Screen
  110. Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ShutdownWithoutLogon" -Type DWord -Value 0
  111.  
  112. # Disable Sticky keys prompt
  113. Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506"
  114.  
  115. # Show Task Manager details
  116. Function ShowTaskManagerDetails {
  117.     Write-Host "Showing task manager details..."
  118.     If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager")) {
  119.         New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Force | Out-Null
  120.     }
  121.     $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue
  122.     If (!($preferences)) {
  123.         $taskmgr = Start-Process -WindowStyle Hidden -FilePath taskmgr.exe -PassThru
  124.         While (!($preferences)) {
  125.             Start-Sleep -m 250
  126.             $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue
  127.         }
  128.         Stop-Process $taskmgr
  129.     }
  130.     $preferences.Preferences[28] = 0
  131.     Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -Type Binary -Value $preferences.Preferences
  132. }
  133.  
  134. # Show file operations details
  135. Function ShowFileOperationsDetails {
  136.     Write-Host "Showing file operations details..."
  137.     If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager")) {
  138.         New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" | Out-Null
  139.     }
  140.     Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" -Name "EnthusiastMode" -Type DWord -Value 1
  141. }
  142.  
  143. # Show titles in taskbar
  144. Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel" -Type DWord -Value 1
  145.  
  146. # Hide tray icons as needed
  147. Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -ErrorAction SilentlyContinue
  148.  
  149. # Uninstall Microsoft Print to PDF
  150. Disable-WindowsOptionalFeature -Online -FeatureName "Printing-PrintToPDFServices-Features" -NoRestart -WarningAction SilentlyContinue | Out-Null
  151.  
  152. # Uninstall Microsoft XPS Document Writer
  153. Disable-WindowsOptionalFeature -Online -FeatureName "Printing-XPSServices-Features" -NoRestart -WarningAction SilentlyContinue | Out-Null
  154.  
  155. # Remove Default Fax Printer
  156. Remove-Printer -Name "Fax" -ErrorAction SilentlyContinue
  157.  
  158. # Set Photo Viewer association for bmp, gif, jpg, png and tif
  159. Function SetPhotoViewerAssociation {
  160.     Write-Output "Setting Photo Viewer association for bmp, gif, jpg, png and tif..."
  161.     If (!(Test-Path "HKCR:")) {
  162.         New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
  163.     }
  164.     ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) {
  165.         New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null
  166.         New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null
  167.         Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043"
  168.         Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1"
  169.     }
  170. }
  171.  
  172. Set-ExecutionPolicy Restricted -Force
  173.  
  174. Write-Host
  175. Write-Host "Press any key to restart your system..." -ForegroundColor Black -BackgroundColor White
  176. Write-Host
  177. $key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  178. Write-Host "Restarting..."
  179. Restart-Computer
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!