API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 22nd, 2018
12,338
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.61 KB | None | 0 0
raw download clone embed print report
  1. Windows Registry Editor Version 5.00
  2.  
  3. Everything marked out with # is like that for a good reason. This can be saved as a regfile and imported without issue; designed for windows 7 sp1; create a restore point to be safe.
  4.  
  5. Anything RA is remote access, anything RD is remote desktop, anything TS is Terminal service or server. Terminal Services Is Now called Remote Desktop Services, though microsoft still uses old terminology. https://msdn.microsoft.com/en-us/library/dd979766(v=vs.85).aspx WinRM is windows remote management. Remote access does not mean its "bad." VPN's can be used for "remote access. Only another potential vector for malicious intent. Poke around in system32/drivers currentcontrolset/services. The remote access drivers are mostly VPN protocals, safe possibly, if you're not already hacked. But with INTEL ME on board, any of them can potentially be used as a VPN, spoofing your entire connection. I was noticing this activity on my own computer. The worst would be a VPN running directly from Intel ME, spoofing your connection, while maintaining your static IP on a per-packet basis.
  6.  
  7. Reboot immediately after merging! Unless you just love leaving Remote Desktop services and drivers enabled 24/7 because you just love wasting CPU & memory, security, or just love remotely servicing your computer from anywhere on the planet.
  8.  
  9. Remote Desktop Device Redirector Bus Driver (bus = hardwired, hardware level remote access. (re-director = remap local ports for remote access) I suspect Intel ME AMD PSP related.
  10. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpbus]
  11. "Start"=dword:00000004
  12.  
  13. Redirected Drive Buffering Subsystem ROOT Kernel Driver (RDBSS) Communicates with Mini-redirector drivers (everything to do with AMT?) (Mr X. IDE-R / RAS Async/ INTEL ME/AMT Has a Feature since at least 2008 (Intel Management Gen 5): IDE Redirect; allows for rebooting the computer remotely & performing remote service) One of the most powerful and core components of intel ME. Watch what they are doing in action:
  14.  
  15. https://www.youtube.com/watch?v=2yL42OnjMcA
  16. https://www.youtube.com/watch?v=ZL-WlfJaYCk
  17. https://software.intel.com/en-us/blogs/2014/06/24/meshcentralcom-intel-amt-ide-redirect-support
  18.  
  19. Kernel DRM driver for signing information probably something to do with Intel ME's DRM
  20. https://blogs.intel.com/technology/2011/01/intel_insider_-_what_is_it_no/
  21. http://www.sema-soft.de/en/home/
  22. Signer name Intel(R) Code Signing External Certificate issuer name Intel External Basic Issuing CA 3B Certificate serial number
  23. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\semav6msr64]
  24. "start"=dword:00000004
  25.  
  26. MR.X redirectors; Wow, cant get more conspicuous than that. Make sure you watch these videos on AMT/ Intel ME redirectors: https://www.youtube.com/results?search_query=intel+ide+redirection
  27.  
  28. (you may have to re-apply this following the update)
  29.  
  30. MR. X Windows NT Web Dav Mini Redirector (WebDAV Extension for IIS 7.0 enables Web authors to publish content easily and more securely to IIS 7.0 Web servers)
  31. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV]
  32. "Start"dword:=00000004
  33.  
  34. MR. X Windows NT SMB Mini Redirector
  35. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb]
  36. "Start"dword:=00000004
  37.  
  38. MR. X Loghorn SMB Downlevel Sub Redirector
  39. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10]
  40. "Start"dword:=00000004
  41.  
  42. MR. X Loghorn SMB 2.0 Redirector
  43. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb20]
  44. "Start"dword:=00000004
  45.  
  46. RAS ASYNC ADAPTER, MS Remote Access serial network driver; Was turning on and off randomly during hacker activity; (AMT Feature: Serial over LAN for Remote Control) AMT Serial over lan demonstration: https://www.youtube.com/watch?v=8vmG6rFd_BM
  47. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asyncmac]
  48. "Start"=dword:00000004
  49.  
  50. Serial Port Driver (who knows, hackers are clever ways of storing rootkits; and if you not using it, free up resources)
  51. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Serial]
  52. Start"=dword:00000004
  53.  
  54. Terminal Server Stack Driver; The RDP protocol, which listens for RDP client connections on a TCP port.
  55. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]
  56. "Start"=dword:00000004
  57.  
  58. Terminal service, aka Remote Desktop Generic USB Device, Keyboard/Mouse (Keylogging and remote control, both were enabled and running on my pc)
  59. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbFlt]
  60. "Start"=dword:00000004
  61.  
  62. Terminal service, aka Remote Desktop Generic USB Device, Keyboard/Mouse (both were enabled and running on my pc)
  63. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbGD]
  64. "Start"=dword:00000004
  65.  
  66. Remote Packet Capture Protocol v.0 (experimental) Allows to capture traffic on this machine from a remote machine.
  67. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rpcapd]
  68. "Start"=dword:00000004
  69.  
  70. Packages the RDP protocol onto the underlying network protocol, TCP/IP.
  71. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TDTCP]
  72. "Start"=dword:00000004
  73.  
  74. Remote Access Auto Connection Driver (Auto handshake/connection to VPN. Remote Access is Microsofts key term for VPN; Disabling may cause connectivity issues with aftermarket VPN software included with provides like (Windscribe/NordVPN) from establishing a connection; I left this enabled. On an Intel ME compromized system, any protocal may be used for good or malicious purposes; if you're not using, its safer to isable it until IM is totally disabled. I recommend running VPNS on Open source Firmware Routers or dedicated hardware/software from VPN vendors. Block incoming/outgoing IP ports via router associated wth Intel Management OOBE; 16992, 16993, 16994, 16995, 623, 644
  75. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd]
  76. "Start"=dword:00000004
  77.  
  78. None of the following affects openvpn; it will disable weak ciphers and windows built in vpn functionality. I recommend only openvpn with dhe perfect forward secrecy only; not IKEv2. This will not break openvpn.
  79.  
  80. Remote Access Auto Connection Manager (Manages VPN connectivity)
  81. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAuto]
  82. "Start"=dword:00000004
  83.  
  84. Remote Access L2TP (WAN Miniport (L2TP) (VPN protocal, used with IPsec, not the safest protocol to use)
  85. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Rasl2tp]
  86. "Start"=dword:00000004
  87.  
  88. Remote Access WAN Miniport (IKEv2) (VPN Protocal, Used with IPsec. Most powerful encryption of these protocols offered by windows, typically considered highly secure; disable if not using! Intel ME hackers turned this on on my system; however after securing a computer with OpenVPN or IKEv2 VPN protocal you should be ok)
  89. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAgileVpn]
  90. Start"=dword:00000004
  91.  
  92. Remote Access PPPOE Driver (VPN) Point-to-Point Tunneling Protocol over Ethernet (oldest weakest protocal)
  93. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasPppoe]
  94. Start"=dword:00000004
  95.  
  96. Remote Access WAN Miniport (SSTP) (VPN) Secure Socket Tunneling Protocol VPN tunnel PPP traffic through SSL/TLS channel
  97. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasSstp]
  98. Start"=dword:00000004
  99.  
  100. Remote Access Peer-to-Peer Tunneling Protocol
  101. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PptpMiniport]
  102. Start"=dword:00000004
  103.  
  104. Secure Socket Tunneling Protocol service (manual/3) (VPN)
  105. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc]
  106. "Start"=dword:00000004
  107.  
  108. "SSDP Discovery" is a Windows 7 service that "Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered.
  109.  
  110. #SSDP Discovery
  111. #[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV]
  112. #"Start"=dword:00000004
  113.  
  114. Shared Access (Internet Connection Sharing (ICS) Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. (safer to disable, does not disable windows firewall)
  115. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess]
  116. Start"=dword:00000004
  117.  
  118. RDP Display Driver aka Remote Desktop Protocol Chained Display Driver (for watching you from NSA's MESH central servers)
  119. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD]
  120. "Start"=dword:00000004
  121.  
  122. Remote Desktop Protocol Display Driver; Captures the Windows user interface and translates it into a form that is readily converted by RDPWD into the RDP protocol
  123. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDD]
  124. "Start"=dword:00000004
  125.  
  126. Terminal Server (2006) Device Redirector Driver aka Remote desktop device redirector
  127. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDR]
  128. "Start"=dword:00000004
  129.  
  130. Remote Desktop Protocol Encoder Mirror driver
  131. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPENCDD]
  132. "Start"=dword:00000004
  133.  
  134. Microsoft Remote Desktop Session Host Server Network Provider
  135. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPNP]
  136. "Start"=dword:00000004
  137.  
  138. Reflector Display Driver used to gain access to graphics data. It handles the Remote Desktop Protocol Reflector Driver Miniport.
  139. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPREFMP]
  140. "Start"=dword:00000004
  141.  
  142. User Mode Remote Desktop Services Display Driver
  143. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPUDD]
  144. "Start"=dword:00000004
  145.  
  146. Microsoft Remote Desktop Protocol Video Miniport driver
  147. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RdpVideoMiniport]
  148. "Start"=dword:00000004
  149.  
  150. Remote Desktop Protocol Terminal Stack Driver (US/Canada Only, Not for Export) Unwraps the multi-channel data and then transfers it to the appropriate session.
  151. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD]
  152. "Start"=dword:00000004
  153.  
  154. Remote Desktop Services UserMode Port redirector
  155. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UmRdpService]
  156. "start"=dword:00000004
  157.  
  158. Remote Desktop Services Security Filter Driver
  159. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tssecsrv]
  160. "start"=dword:00000004
  161.  
  162. Remote Desktop Configuration Service
  163. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SessionEnv]
  164. "start"=dword:00000004
  165.  
  166. Windows Remote Management (WS-Management)
  167. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinRM]
  168. "start"=dword:00000004
  169.  
  170.  
  171. Terminal Server
  172.  
  173. Usually companies which need a terminal server with these advanced functions want to remotely control, monitor, diagnose and troubleshoot equipment over a telecommunications network. Tied to the fundamental core of Microsoft & Intel ME's remote functions. Here is 30,000 pages if you want to know how it works: https://technet.microsoft.com/en-us/library/cc776276(v=ws.10).aspx Bigger than the Talmud. Took my computer 5 minutes just to search for one setting listed below, and came up with nothing. On one core level I'm sure Intels goals are failsafe access to systems in the most extreme conditions. We're talking space stations, submarines and all the rest too. But this is also being leased to the NSA for thier own selfish gains, and probably Nato & the Military Industrial Complex for infiltration of war zones so they can plot the rape and bombing of innocent people back to the stone age. http://etutorials.org/Microsoft+Products/microsoft+windows+server+2003+terminal+services/Chapter+6+Registry/Registry+Keys+for+Terminal+Services/
  174.  
  175. What the EFF? Notice how the most sensitive and critical entries have an F beside them, making them stick out; this lead me to wonder if these were failsafes to ensure you could renable them with another registry key. Who knows.
  176.  
  177. Harden/Disable Terminal Server (Its important we repeat this for each control set because windows uses 001 and sometimes 002 for its official saving and referencing; saved at the bottom of this registry file for ease of reading)
  178.  
  179. Disable Terminal Server
  180. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
  181. "TSUserEnabled"=dword:00000000
  182. "TSAdvertise"=dword:00000000
  183. "StartRCM"=dword:00000000
  184. "AllowRemoteRPC"=dword:00000000
  185. "fDenyTSConnections"=dword:00000001
  186. "fCredentialLessLogonSupportedTSS"=dword:00000000
  187. "fCredentialLessLogonSupportedKMRDP"=dword:00000000
  188. "fCredentialLessLogonSupported"=dword:00000000
  189.  
  190. Core of Remote Desktop; WDS=Winstation Driver, rdpwd Remote Desktop Protocol Terminal Stack
  191. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd]
  192. "StartupPrograms"=-
  193. "fAutoClientDrives"=dword:00000000
  194. "fAutoClientLpts"=dword:00000000
  195. "FlowHardwareRx"=dword:00000000
  196. "FlowHardwareTx"=dword:00000000
  197. "fFlowSoftwareRx"=dword:00000000
  198. "fFlowSoftwareTx"=dword:00000000
  199. "fEnableDTR"=dword:00000000
  200. "fInheritAutoClient"=dword:000000000
  201.  
  202. Delete terminal services System Processes
  203. [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
  204. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
  205.  
  206. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Pds\tssecsrv]
  207. "PdDLL"=""
  208. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]
  209. "PdDLL"=""
  210.  
  211. Shadow Remote control configuration. This value becomes effective only if you set the fInheritShadow flag to 0.
  212. 0: Deny remote control.
  213. 1: Obtain user permission and interact with the session.
  214. 2: Do not obtain user permission and interact with the session.
  215. 3: Obtain user permission and display session.
  216. 4: Do not obtain user permission and display session.
  217.  
  218. Disable Remote Control of Terminal Server
  219. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
  220. "fInheritShadow"=dword:00000000
  221. "Shadow"=dword:00000000
  222. "fInheritAutoLogon"=dword:00000000
  223. "fInheritInitialProgram"=dword:00000000
  224. "fLogonDisabled"=dword:00000001
  225.  
  226. Disable Shadow Remote Control of Winstation Console
  227.  
  228. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console]
  229. "Shadow"=dword:00000000
  230.  
  231. Disable Winstation Remote destkop Console; It appears Winstation its part of Remote Desktop Terminal Server/Services, and Local System as well. Theoretically, the Local system is what we're more concerned about in relation to Intel Management.
  232. https://blogs.technet.microsoft.com/askperf/2007/07/24/sessions-desktops-and-windows-stations/
  233. https://msdn.microsoft.com/en-us/library/windows/desktop/ms687105(v=vs.85).aspx
  234. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console\RDP]
  235. "PdDLL"=""
  236. "rdpwd"=""
  237. "WsxDLL"=""
  238.  
  239. Disable Intherit Shadow Remote Control For Remote Desktop Protocal EH-Tcp
  240.  
  241. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\EH-Tcp]
  242. "fInheritShadow"=dword:00000000
  243.  
  244. Disable Intherit Shadow Remote Control For Remote Desktop Protocal RDP-Tcp
  245.  
  246. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
  247. "fInheritShadow"=dword:00000000
  248.  
  249. Info:
  250.  
  251. fAutoClientDrives: Connect to client drives upon logon.
  252. fAutoClientLpts: Connect to client printers upon logon.
  253. fEnableWinstation: Enable remote user sessions.
  254. fDisableCam: Disable client audio mapping.
  255. fDisableCcm: Disable client COM port mapping.
  256. fDisableCdm: Disable client drive mapping.
  257. fDisableClip: Disable clipboard mapping.
  258. fDisableCpm: Disable Windows client printer mapping.
  259. fDisableEncryption :Disable encryption.
  260. fDisableExe: Disable program start upon connection.
  261. fDisableLPT: Disable use of printers.
  262. fEnableWinStation: Enable remote user sessions.
  263.  
  264. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\EH-Tcp]
  265. "fAutoClientDrives"=dword:00000000
  266. "fAutoClientLpts"=dword:00000000
  267. "fEnableWinstation"=dword:00000000
  268. "fInheritAutoClient"=dword:00000000
  269. "fInheritAutoLogon"=dword:00000000
  270. "fLogonDisabled"=dword:00000001
  271. "fDisableCam"=dword:00000001
  272. "fDisableCcm"=dword:00000001
  273. "fDisableCdm"=dword:00000001
  274. "fDisableClip"=dword:00000001
  275. "fDisableLPT"=dword:00000001
  276. "fDisableCpm"=dword:00000001
  277. "fDisableExe"=dword:00000001
  278. "fInheritInitialProgram"=dword:00000000
  279. "CdDLL"=""
  280. "CfgDll"=""
  281. "PdDLL"=""
  282. "PdDLL1"=""
  283. "WsxDLL"=""
  284. "WdDLL"=""
  285.  
  286. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
  287. "fAutoClientDrives"=dword:00000000
  288. "fAutoClientLpts"=dword:00000000
  289. "UserAuthentication"=dword:00000001
  290. "fInheritAutoClient"=dword:00000000
  291. "fInheritAutoLogon"=dword:00000000
  292. "fLogonDisabled"=dword:00000001
  293. "fDisableCcm"=dword:00000001
  294. "fDisableCdm"=dword:00000001
  295. "fDisableClip"=dword:00000001
  296. "fDisableLPT"=dword:00000001
  297. "fDisableCpm"=dword:00000001
  298. "fDisableExe"=dword:00000001
  299. "fInheritInitialProgram"=dword:00000000
  300. "CdDLL"=""
  301. "CfgDll"=""
  302. "PdDLL"=""
  303. "PdDLL1"=""
  304. "WsxDLL"=""
  305. "WdDLL"=""
  306.  
  307.  
  308. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
  309. "ehshell.exe"=dword:00000000
  310.  
  311. USE PCHunter to modify fAcceptConnection under (trusted installer is the only thing that has permissions to change this; PChunter will keep the permissions in tact so you don't have to mess around too much)
  312. #[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
  313. #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\ConnectionHandler]
  314. #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\ConnectionHandler]
  315. #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\ConnectionHandler]
  316.  
  317. Connecting multi-hop mesh networks using MAC bridge
  318. AMT Mesh Central: https://meshcentral.com/
  319. see image: https://patentimages.storage.googleapis.com/76/a0/06/3d6938ad658e24/US08340106-20121225-D00000.png
  320.  
  321. #======================================================
  322.  
  323. Harden/Disable Terminal Server across all controlsets
  324.  
  325. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server]
  326. "TSUserEnabled"=dword:00000000
  327. "TSAdvertise"=dword:00000000
  328. "StartRCM"=dword:00000000
  329. "AllowRemoteRPC"=dword:00000000
  330. "fDenyTSConnections"=dword:00000001
  331. "fCredentialLessLogonSupportedTSS"=dword:00000000
  332. "fCredentialLessLogonSupportedKMRDP"=dword:00000000
  333. "fCredentialLessLogonSupported"=dword:00000000
  334.  
  335. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server]
  336. "TSUserEnabled"=dword:00000000
  337. "TSAdvertise"=dword:00000000
  338. "StartRCM"=dword:00000000
  339. "AllowRemoteRPC"=dword:00000000
  340. "fDenyTSConnections"=dword:00000001
  341. "fCredentialLessLogonSupportedTSS"=dword:00000000
  342. "fCredentialLessLogonSupportedKMRDP"=dword:00000000
  343. "fCredentialLessLogonSupported"=dword:00000000
  344.  
  345. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server]
  346. "TSUserEnabled"=dword:00000000
  347. "TSAdvertise"=dword:00000000
  348. "StartRCM"=dword:00000000
  349. "AllowRemoteRPC"=dword:00000000
  350. "fDenyTSConnections"=dword:00000001
  351. "fCredentialLessLogonSupportedTSS"=dword:00000000
  352. "fCredentialLessLogonSupportedKMRDP"=dword:00000000
  353. "fCredentialLessLogonSupported"=dword:00000000
  354.  
  355.  
  356. Core of Remote Desktop; WDS=Winstation Driver, rdpwd Remote Desktop Protocol Terminal Stack
  357. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd]
  358. "StartupPrograms"=-
  359. "fAutoClientDrives"=dword:00000000
  360. "fAutoClientLpts"=dword:00000000
  361. "FlowHardwareRx"=dword:00000000
  362. "FlowHardwareTx"=dword:00000000
  363. "fFlowSoftwareRx"=dword:00000000
  364. "fFlowSoftwareTx"=dword:00000000
  365. "fEnableDTR"=dword:00000000
  366. "fInheritAutoClient"=dword:000000000
  367.  
  368. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\Wds\rdpwd]
  369. "StartupPrograms"=-
  370. "fAutoClientDrives"=dword:00000000
  371. "fAutoClientLpts"=dword:00000000
  372. "FlowHardwareRx"=dword:00000000
  373. "FlowHardwareTx"=dword:00000000
  374. "fFlowSoftwareRx"=dword:00000000
  375. "fFlowSoftwareTx"=dword:00000000
  376. "fEnableDTR"=dword:00000000
  377. "fInheritAutoClient"=dword:000000000
  378.  
  379. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\Wds\rdpwd]
  380. "StartupPrograms"=-
  381. "fAutoClientDrives"=dword:00000000
  382. "fAutoClientLpts"=dword:00000000
  383. "FlowHardwareRx"=dword:00000000
  384. "FlowHardwareTx"=dword:00000000
  385. "fFlowSoftwareRx"=dword:00000000
  386. "fFlowSoftwareTx"=dword:00000000
  387. "fEnableDTR"=dword:00000000
  388. "fInheritAutoClient"=dword:000000000
  389.  
  390. Delete terminal services Sysytem Processes
  391. [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs]
  392. #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs]
  393. [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\SysProcs]
  394. #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\SysProcs]
  395. [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\SysProcs]
  396. #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\SysProcs]
  397.  
  398.  
  399. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd\Pds\tssecsrv]
  400. "PdDLL"=""
  401. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\Wds\rdpwd\Pds\tssecsrv]
  402. "PdDLL"=""
  403. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\Wds\rdpwd\Pds\tssecsrv]
  404. "PdDLL"=""
  405.  
  406. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]
  407. "PdDLL"=""
  408. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]
  409. "PdDLL"=""
  410. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]
  411. "PdDLL"=""
  412.  
  413.  
  414.  
  415. Disable Remote Control of Terminal Server
  416. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\DefaultUserConfiguration]
  417. "fInheritShadow"=dword:00000000
  418. "Shadow"=dword:00000000
  419. "fInheritAutoLogon"=dword:00000000
  420. "fInheritInitialProgram"=dword:00000000
  421. "fLogonDisabled"=dword:00000001
  422.  
  423. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\DefaultUserConfiguration]
  424. "fInheritShadow"=dword:00000000
  425. "Shadow"=dword:00000000
  426. "fInheritAutoLogon"=dword:00000000
  427. "fInheritInitialProgram"=dword:00000000
  428. "fLogonDisabled"=dword:00000001
  429.  
  430. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\DefaultUserConfiguration]
  431. "fInheritShadow"=dword:00000000
  432. "Shadow"=dword:00000000
  433. "fInheritAutoLogon"=dword:00000000
  434. "fInheritInitialProgram"=dword:00000000
  435. "fLogonDisabled"=dword:00000001
  436.  
  437. Disable Shadow Remote Control of Winstation Console
  438.  
  439. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\Console]
  440. "Shadow"=dword:00000000
  441. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\Console]
  442. "Shadow"=dword:00000000
  443. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\Console]
  444. "Shadow"=dword:00000000
  445.  
  446. Disable Winstation Remote destkop Console;
  447. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\Console\RDP]
  448. "PdDLL"=""
  449. "rdpwd"=""
  450. "WsxDLL"=""
  451. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\Console\RDP]
  452. "PdDLL"=""
  453. "rdpwd"=""
  454. "WsxDLL"=""
  455. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\Console\RDP]
  456. "PdDLL"=""
  457. "rdpwd"=""
  458. "WsxDLL"=""
  459.  
  460. Disable Intherit Shadow Remote Control For Remote Desktop Protocal EH-Tcp
  461.  
  462. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\EH-Tcp]
  463. "fInheritShadow"=dword:00000000
  464. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\EH-Tcp]
  465. "fInheritShadow"=dword:00000000
  466. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\EH-Tcp]
  467. "fInheritShadow"=dword:00000000
  468.  
  469. Disable Intherit Shadow Remote Control For Remote Desktop Protocal RDP-Tcp
  470. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp]
  471. "fInheritShadow"=dword:00000000
  472. Disable Intherit Shadow Remote Control For Remote Desktop Protocal RDP-Tcp
  473. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp]
  474. "fInheritShadow"=dword:00000000
  475. Disable Intherit Shadow Remote Control For Remote Desktop Protocal RDP-Tcp
  476. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\RDP-Tcp]
  477. "fInheritShadow"=dword:00000000
  478.  
  479. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\EH-Tcp]
  480. "fAutoClientDrives"=dword:00000000
  481. "fAutoClientLpts"=dword:00000000
  482. "fEnableWinstation"=dword:00000000
  483. "fInheritAutoClient"=dword:00000000
  484. "fInheritAutoLogon"=dword:00000000
  485. "fLogonDisabled"=dword:00000001
  486. "fDisableCam"=dword:00000001
  487. "fDisableCcm"=dword:00000001
  488. "fDisableCdm"=dword:00000001
  489. "fDisableClip"=dword:00000001
  490. "fDisableLPT"=dword:00000001
  491. "fDisableCpm"=dword:00000001
  492. "fDisableExe"=dword:00000001
  493. "fInheritInitialProgram"=dword:00000000
  494. "CdDLL"=""
  495. "CfgDll"=""
  496. "PdDLL"=""
  497. "PdDLL1"=""
  498. "WsxDLL"=""
  499. "WdDLL"=""
  500.  
  501. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\EH-Tcp]
  502. "fAutoClientDrives"=dword:00000000
  503. "fAutoClientLpts"=dword:00000000
  504. "fEnableWinstation"=dword:00000000
  505. "fInheritAutoClient"=dword:00000000
  506. "fInheritAutoLogon"=dword:00000000
  507. "fLogonDisabled"=dword:00000001
  508. "fDisableCam"=dword:00000001
  509. "fDisableCcm"=dword:00000001
  510. "fDisableCdm"=dword:00000001
  511. "fDisableClip"=dword:00000001
  512. "fDisableLPT"=dword:00000001
  513. "fDisableCpm"=dword:00000001
  514. "fDisableExe"=dword:00000001
  515. "fInheritInitialProgram"=dword:00000000
  516. "CdDLL"=""
  517. "CfgDll"=""
  518. "PdDLL"=""
  519. "PdDLL1"=""
  520. "WsxDLL"=""
  521. "WdDLL"=""
  522. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\EH-Tcp]
  523. "fAutoClientDrives"=dword:00000000
  524. "fAutoClientLpts"=dword:00000000
  525. "fEnableWinstation"=dword:00000000
  526. "fInheritAutoClient"=dword:00000000
  527. "fInheritAutoLogon"=dword:00000000
  528. "fLogonDisabled"=dword:00000001
  529. "fDisableCam"=dword:00000001
  530. "fDisableCcm"=dword:00000001
  531. "fDisableCdm"=dword:00000001
  532. "fDisableClip"=dword:00000001
  533. "fDisableLPT"=dword:00000001
  534. "fDisableCpm"=dword:00000001
  535. "fDisableExe"=dword:00000001
  536. "fInheritInitialProgram"=dword:00000000
  537. "CdDLL"=""
  538. "CfgDll"=""
  539. "PdDLL"=""
  540. "PdDLL1"=""
  541. "WsxDLL"=""
  542. "WdDLL"=""
  543.  
  544. [HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Control\Terminal Server\WinStations\RDP-Tcp]
  545. "fAutoClientDrives"=dword:00000000
  546. "fAutoClientLpts"=dword:00000000
  547. "UserAuthentication"=dword:00000001
  548. "fInheritAutoClient"=dword:00000000
  549. "fInheritAutoLogon"=dword:00000000
  550. "fLogonDisabled"=dword:00000001
  551. "fDisableCcm"=dword:00000001
  552. "fDisableCdm"=dword:00000001
  553. "fDisableClip"=dword:00000001
  554. "fDisableLPT"=dword:00000001
  555. "fDisableCpm"=dword:00000001
  556. "fDisableExe"=dword:00000001
  557. "fInheritInitialProgram"=dword:00000000
  558. "CdDLL"=""
  559. "CfgDll"=""
  560. "PdDLL"=""
  561. "PdDLL1"=""
  562. "WsxDLL"=""
  563. "WdDLL"=""
  564.  
  565. [HKEY_LOCAL_MACHINE\SYSTEM\Controlset002\Control\Terminal Server\WinStations\RDP-Tcp]
  566. "fAutoClientDrives"=dword:00000000
  567. "fAutoClientLpts"=dword:00000000
  568. "UserAuthentication"=dword:00000001
  569. "fInheritAutoClient"=dword:00000000
  570. "fInheritAutoLogon"=dword:00000000
  571. "fLogonDisabled"=dword:00000001
  572. "fDisableCcm"=dword:00000001
  573. "fDisableCdm"=dword:00000001
  574. "fDisableClip"=dword:00000001
  575. "fDisableLPT"=dword:00000001
  576. "fDisableCpm"=dword:00000001
  577. "fDisableExe"=dword:00000001
  578. "fInheritInitialProgram"=dword:00000000
  579. "CdDLL"=""
  580. "CfgDll"=""
  581. "PdDLL"=""
  582. "PdDLL1"=""
  583. "WsxDLL"=""
  584. "WdDLL"=""
  585.  
  586. [HKEY_LOCAL_MACHINE\SYSTEM\Controlset003\Control\Terminal Server\WinStations\RDP-Tcp]
  587. "fAutoClientDrives"=dword:00000000
  588. "fAutoClientLpts"=dword:00000000
  589. "UserAuthentication"=dword:00000001
  590. "fInheritAutoClient"=dword:00000000
  591. "fInheritAutoLogon"=dword:00000000
  592. "fLogonDisabled"=dword:00000001
  593. "fDisableCcm"=dword:00000001
  594. "fDisableCdm"=dword:00000001
  595. "fDisableClip"=dword:00000001
  596. "fDisableLPT"=dword:00000001
  597. "fDisableCpm"=dword:00000001
  598. "fDisableExe"=dword:00000001
  599. "fInheritInitialProgram"=dword:00000000
  600. "CdDLL"=""
  601. "CfgDll"=""
  602. "PdDLL"=""
  603. "PdDLL1"=""
  604. "WsxDLL"=""
  605. "WdDLL"=""
  606.  
  607. [HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
  608. "ehshell.exe"=dword:00000000
  609. [HKEY_LOCAL_MACHINE\SYSTEM\Controlset002\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
  610. "ehshell.exe"=dword:00000000
  611. [HKEY_LOCAL_MACHINE\SYSTEM\Controlset003\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
  612. "ehshell.exe"=dword:00000000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!