Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Windows Registry Editor Version 5.00
- Everything marked out with # is like that for a good reason. This can be saved as a regfile and imported without issue; designed for windows 7 sp1; create a restore point to be safe.
- Anything RA is remote access, anything RD is remote desktop, anything TS is Terminal service or server. Terminal Services Is Now called Remote Desktop Services, though microsoft still uses old terminology. https://msdn.microsoft.com/en-us/library/dd979766(v=vs.85).aspx WinRM is windows remote management. Remote access does not mean its "bad." VPN's can be used for "remote access. Only another potential vector for malicious intent. Poke around in system32/drivers currentcontrolset/services. The remote access drivers are mostly VPN protocals, safe possibly, if you're not already hacked. But with INTEL ME on board, any of them can potentially be used as a VPN, spoofing your entire connection. I was noticing this activity on my own computer. The worst would be a VPN running directly from Intel ME, spoofing your connection, while maintaining your static IP on a per-packet basis.
- Reboot immediately after merging! Unless you just love leaving Remote Desktop services and drivers enabled 24/7 because you just love wasting CPU & memory, security, or just love remotely servicing your computer from anywhere on the planet.
- Remote Desktop Device Redirector Bus Driver (bus = hardwired, hardware level remote access. (re-director = remap local ports for remote access) I suspect Intel ME AMD PSP related.
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpbus]
- "Start"=dword:00000004
- Redirected Drive Buffering Subsystem ROOT Kernel Driver (RDBSS) Communicates with Mini-redirector drivers (everything to do with AMT?) (Mr X. IDE-R / RAS Async/ INTEL ME/AMT Has a Feature since at least 2008 (Intel Management Gen 5): IDE Redirect; allows for rebooting the computer remotely & performing remote service) One of the most powerful and core components of intel ME. Watch what they are doing in action:
- https://www.youtube.com/watch?v=2yL42OnjMcA
- https://www.youtube.com/watch?v=ZL-WlfJaYCk
- https://software.intel.com/en-us/blogs/2014/06/24/meshcentralcom-intel-amt-ide-redirect-support
- Kernel DRM driver for signing information probably something to do with Intel ME's DRM
- https://blogs.intel.com/technology/2011/01/intel_insider_-_what_is_it_no/
- http://www.sema-soft.de/en/home/
- Signer name Intel(R) Code Signing External Certificate issuer name Intel External Basic Issuing CA 3B Certificate serial number
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\semav6msr64]
- "start"=dword:00000004
- MR.X redirectors; Wow, cant get more conspicuous than that. Make sure you watch these videos on AMT/ Intel ME redirectors: https://www.youtube.com/results?search_query=intel+ide+redirection
- (you may have to re-apply this following the update)
- MR. X Windows NT Web Dav Mini Redirector (WebDAV Extension for IIS 7.0 enables Web authors to publish content easily and more securely to IIS 7.0 Web servers)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV]
- "Start"dword:=00000004
- MR. X Windows NT SMB Mini Redirector
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb]
- "Start"dword:=00000004
- MR. X Loghorn SMB Downlevel Sub Redirector
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10]
- "Start"dword:=00000004
- MR. X Loghorn SMB 2.0 Redirector
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb20]
- "Start"dword:=00000004
- RAS ASYNC ADAPTER, MS Remote Access serial network driver; Was turning on and off randomly during hacker activity; (AMT Feature: Serial over LAN for Remote Control) AMT Serial over lan demonstration: https://www.youtube.com/watch?v=8vmG6rFd_BM
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asyncmac]
- "Start"=dword:00000004
- Serial Port Driver (who knows, hackers are clever ways of storing rootkits; and if you not using it, free up resources)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Serial]
- Start"=dword:00000004
- Terminal Server Stack Driver; The RDP protocol, which listens for RDP client connections on a TCP port.
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]
- "Start"=dword:00000004
- Terminal service, aka Remote Desktop Generic USB Device, Keyboard/Mouse (Keylogging and remote control, both were enabled and running on my pc)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbFlt]
- "Start"=dword:00000004
- Terminal service, aka Remote Desktop Generic USB Device, Keyboard/Mouse (both were enabled and running on my pc)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbGD]
- "Start"=dword:00000004
- Remote Packet Capture Protocol v.0 (experimental) Allows to capture traffic on this machine from a remote machine.
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rpcapd]
- "Start"=dword:00000004
- Packages the RDP protocol onto the underlying network protocol, TCP/IP.
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TDTCP]
- "Start"=dword:00000004
- Remote Access Auto Connection Driver (Auto handshake/connection to VPN. Remote Access is Microsofts key term for VPN; Disabling may cause connectivity issues with aftermarket VPN software included with provides like (Windscribe/NordVPN) from establishing a connection; I left this enabled. On an Intel ME compromized system, any protocal may be used for good or malicious purposes; if you're not using, its safer to isable it until IM is totally disabled. I recommend running VPNS on Open source Firmware Routers or dedicated hardware/software from VPN vendors. Block incoming/outgoing IP ports via router associated wth Intel Management OOBE; 16992, 16993, 16994, 16995, 623, 644
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd]
- "Start"=dword:00000004
- None of the following affects openvpn; it will disable weak ciphers and windows built in vpn functionality. I recommend only openvpn with dhe perfect forward secrecy only; not IKEv2. This will not break openvpn.
- Remote Access Auto Connection Manager (Manages VPN connectivity)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAuto]
- "Start"=dword:00000004
- Remote Access L2TP (WAN Miniport (L2TP) (VPN protocal, used with IPsec, not the safest protocol to use)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Rasl2tp]
- "Start"=dword:00000004
- Remote Access WAN Miniport (IKEv2) (VPN Protocal, Used with IPsec. Most powerful encryption of these protocols offered by windows, typically considered highly secure; disable if not using! Intel ME hackers turned this on on my system; however after securing a computer with OpenVPN or IKEv2 VPN protocal you should be ok)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAgileVpn]
- Start"=dword:00000004
- Remote Access PPPOE Driver (VPN) Point-to-Point Tunneling Protocol over Ethernet (oldest weakest protocal)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasPppoe]
- Start"=dword:00000004
- Remote Access WAN Miniport (SSTP) (VPN) Secure Socket Tunneling Protocol VPN tunnel PPP traffic through SSL/TLS channel
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasSstp]
- Start"=dword:00000004
- Remote Access Peer-to-Peer Tunneling Protocol
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PptpMiniport]
- Start"=dword:00000004
- Secure Socket Tunneling Protocol service (manual/3) (VPN)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc]
- "Start"=dword:00000004
- "SSDP Discovery" is a Windows 7 service that "Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered.
- #SSDP Discovery
- #[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV]
- #"Start"=dword:00000004
- Shared Access (Internet Connection Sharing (ICS) Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. (safer to disable, does not disable windows firewall)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess]
- Start"=dword:00000004
- RDP Display Driver aka Remote Desktop Protocol Chained Display Driver (for watching you from NSA's MESH central servers)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD]
- "Start"=dword:00000004
- Remote Desktop Protocol Display Driver; Captures the Windows user interface and translates it into a form that is readily converted by RDPWD into the RDP protocol
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDD]
- "Start"=dword:00000004
- Terminal Server (2006) Device Redirector Driver aka Remote desktop device redirector
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDR]
- "Start"=dword:00000004
- Remote Desktop Protocol Encoder Mirror driver
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPENCDD]
- "Start"=dword:00000004
- Microsoft Remote Desktop Session Host Server Network Provider
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPNP]
- "Start"=dword:00000004
- Reflector Display Driver used to gain access to graphics data. It handles the Remote Desktop Protocol Reflector Driver Miniport.
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPREFMP]
- "Start"=dword:00000004
- User Mode Remote Desktop Services Display Driver
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPUDD]
- "Start"=dword:00000004
- Microsoft Remote Desktop Protocol Video Miniport driver
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RdpVideoMiniport]
- "Start"=dword:00000004
- Remote Desktop Protocol Terminal Stack Driver (US/Canada Only, Not for Export) Unwraps the multi-channel data and then transfers it to the appropriate session.
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD]
- "Start"=dword:00000004
- Remote Desktop Services UserMode Port redirector
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UmRdpService]
- "start"=dword:00000004
- Remote Desktop Services Security Filter Driver
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tssecsrv]
- "start"=dword:00000004
- Remote Desktop Configuration Service
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SessionEnv]
- "start"=dword:00000004
- Windows Remote Management (WS-Management)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinRM]
- "start"=dword:00000004
- Terminal Server
- Usually companies which need a terminal server with these advanced functions want to remotely control, monitor, diagnose and troubleshoot equipment over a telecommunications network. Tied to the fundamental core of Microsoft & Intel ME's remote functions. Here is 30,000 pages if you want to know how it works: https://technet.microsoft.com/en-us/library/cc776276(v=ws.10).aspx Bigger than the Talmud. Took my computer 5 minutes just to search for one setting listed below, and came up with nothing. On one core level I'm sure Intels goals are failsafe access to systems in the most extreme conditions. We're talking space stations, submarines and all the rest too. But this is also being leased to the NSA for thier own selfish gains, and probably Nato & the Military Industrial Complex for infiltration of war zones so they can plot the rape and bombing of innocent people back to the stone age. http://etutorials.org/Microsoft+Products/microsoft+windows+server+2003+terminal+services/Chapter+6+Registry/Registry+Keys+for+Terminal+Services/
- What the EFF? Notice how the most sensitive and critical entries have an F beside them, making them stick out; this lead me to wonder if these were failsafes to ensure you could renable them with another registry key. Who knows.
- Harden/Disable Terminal Server (Its important we repeat this for each control set because windows uses 001 and sometimes 002 for its official saving and referencing; saved at the bottom of this registry file for ease of reading)
- Disable Terminal Server
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
- "TSUserEnabled"=dword:00000000
- "TSAdvertise"=dword:00000000
- "StartRCM"=dword:00000000
- "AllowRemoteRPC"=dword:00000000
- "fDenyTSConnections"=dword:00000001
- "fCredentialLessLogonSupportedTSS"=dword:00000000
- "fCredentialLessLogonSupportedKMRDP"=dword:00000000
- "fCredentialLessLogonSupported"=dword:00000000
- Core of Remote Desktop; WDS=Winstation Driver, rdpwd Remote Desktop Protocol Terminal Stack
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd]
- "StartupPrograms"=-
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "FlowHardwareRx"=dword:00000000
- "FlowHardwareTx"=dword:00000000
- "fFlowSoftwareRx"=dword:00000000
- "fFlowSoftwareTx"=dword:00000000
- "fEnableDTR"=dword:00000000
- "fInheritAutoClient"=dword:000000000
- Delete terminal services System Processes
- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Pds\tssecsrv]
- "PdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]
- "PdDLL"=""
- Shadow Remote control configuration. This value becomes effective only if you set the fInheritShadow flag to 0.
- 0: Deny remote control.
- 1: Obtain user permission and interact with the session.
- 2: Do not obtain user permission and interact with the session.
- 3: Obtain user permission and display session.
- 4: Do not obtain user permission and display session.
- Disable Remote Control of Terminal Server
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
- "fInheritShadow"=dword:00000000
- "Shadow"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fInheritInitialProgram"=dword:00000000
- "fLogonDisabled"=dword:00000001
- Disable Shadow Remote Control of Winstation Console
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console]
- "Shadow"=dword:00000000
- Disable Winstation Remote destkop Console; It appears Winstation its part of Remote Desktop Terminal Server/Services, and Local System as well. Theoretically, the Local system is what we're more concerned about in relation to Intel Management.
- https://blogs.technet.microsoft.com/askperf/2007/07/24/sessions-desktops-and-windows-stations/
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms687105(v=vs.85).aspx
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console\RDP]
- "PdDLL"=""
- "rdpwd"=""
- "WsxDLL"=""
- Disable Intherit Shadow Remote Control For Remote Desktop Protocal EH-Tcp
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\EH-Tcp]
- "fInheritShadow"=dword:00000000
- Disable Intherit Shadow Remote Control For Remote Desktop Protocal RDP-Tcp
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
- "fInheritShadow"=dword:00000000
- Info:
- fAutoClientDrives: Connect to client drives upon logon.
- fAutoClientLpts: Connect to client printers upon logon.
- fEnableWinstation: Enable remote user sessions.
- fDisableCam: Disable client audio mapping.
- fDisableCcm: Disable client COM port mapping.
- fDisableCdm: Disable client drive mapping.
- fDisableClip: Disable clipboard mapping.
- fDisableCpm: Disable Windows client printer mapping.
- fDisableEncryption :Disable encryption.
- fDisableExe: Disable program start upon connection.
- fDisableLPT: Disable use of printers.
- fEnableWinStation: Enable remote user sessions.
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\EH-Tcp]
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "fEnableWinstation"=dword:00000000
- "fInheritAutoClient"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fLogonDisabled"=dword:00000001
- "fDisableCam"=dword:00000001
- "fDisableCcm"=dword:00000001
- "fDisableCdm"=dword:00000001
- "fDisableClip"=dword:00000001
- "fDisableLPT"=dword:00000001
- "fDisableCpm"=dword:00000001
- "fDisableExe"=dword:00000001
- "fInheritInitialProgram"=dword:00000000
- "CdDLL"=""
- "CfgDll"=""
- "PdDLL"=""
- "PdDLL1"=""
- "WsxDLL"=""
- "WdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "UserAuthentication"=dword:00000001
- "fInheritAutoClient"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fLogonDisabled"=dword:00000001
- "fDisableCcm"=dword:00000001
- "fDisableCdm"=dword:00000001
- "fDisableClip"=dword:00000001
- "fDisableLPT"=dword:00000001
- "fDisableCpm"=dword:00000001
- "fDisableExe"=dword:00000001
- "fInheritInitialProgram"=dword:00000000
- "CdDLL"=""
- "CfgDll"=""
- "PdDLL"=""
- "PdDLL1"=""
- "WsxDLL"=""
- "WdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
- "ehshell.exe"=dword:00000000
- USE PCHunter to modify fAcceptConnection under (trusted installer is the only thing that has permissions to change this; PChunter will keep the permissions in tact so you don't have to mess around too much)
- #[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
- #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\ConnectionHandler]
- #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\ConnectionHandler]
- #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\ConnectionHandler]
- Connecting multi-hop mesh networks using MAC bridge
- AMT Mesh Central: https://meshcentral.com/
- see image: https://patentimages.storage.googleapis.com/76/a0/06/3d6938ad658e24/US08340106-20121225-D00000.png
- #======================================================
- Harden/Disable Terminal Server across all controlsets
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server]
- "TSUserEnabled"=dword:00000000
- "TSAdvertise"=dword:00000000
- "StartRCM"=dword:00000000
- "AllowRemoteRPC"=dword:00000000
- "fDenyTSConnections"=dword:00000001
- "fCredentialLessLogonSupportedTSS"=dword:00000000
- "fCredentialLessLogonSupportedKMRDP"=dword:00000000
- "fCredentialLessLogonSupported"=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server]
- "TSUserEnabled"=dword:00000000
- "TSAdvertise"=dword:00000000
- "StartRCM"=dword:00000000
- "AllowRemoteRPC"=dword:00000000
- "fDenyTSConnections"=dword:00000001
- "fCredentialLessLogonSupportedTSS"=dword:00000000
- "fCredentialLessLogonSupportedKMRDP"=dword:00000000
- "fCredentialLessLogonSupported"=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server]
- "TSUserEnabled"=dword:00000000
- "TSAdvertise"=dword:00000000
- "StartRCM"=dword:00000000
- "AllowRemoteRPC"=dword:00000000
- "fDenyTSConnections"=dword:00000001
- "fCredentialLessLogonSupportedTSS"=dword:00000000
- "fCredentialLessLogonSupportedKMRDP"=dword:00000000
- "fCredentialLessLogonSupported"=dword:00000000
- Core of Remote Desktop; WDS=Winstation Driver, rdpwd Remote Desktop Protocol Terminal Stack
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd]
- "StartupPrograms"=-
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "FlowHardwareRx"=dword:00000000
- "FlowHardwareTx"=dword:00000000
- "fFlowSoftwareRx"=dword:00000000
- "fFlowSoftwareTx"=dword:00000000
- "fEnableDTR"=dword:00000000
- "fInheritAutoClient"=dword:000000000
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\Wds\rdpwd]
- "StartupPrograms"=-
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "FlowHardwareRx"=dword:00000000
- "FlowHardwareTx"=dword:00000000
- "fFlowSoftwareRx"=dword:00000000
- "fFlowSoftwareTx"=dword:00000000
- "fEnableDTR"=dword:00000000
- "fInheritAutoClient"=dword:000000000
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\Wds\rdpwd]
- "StartupPrograms"=-
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "FlowHardwareRx"=dword:00000000
- "FlowHardwareTx"=dword:00000000
- "fFlowSoftwareRx"=dword:00000000
- "fFlowSoftwareTx"=dword:00000000
- "fEnableDTR"=dword:00000000
- "fInheritAutoClient"=dword:000000000
- Delete terminal services Sysytem Processes
- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs]
- #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs]
- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\SysProcs]
- #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\SysProcs]
- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\SysProcs]
- #[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\SysProcs]
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd\Pds\tssecsrv]
- "PdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\Wds\rdpwd\Pds\tssecsrv]
- "PdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\Wds\rdpwd\Pds\tssecsrv]
- "PdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]
- "PdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]
- "PdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]
- "PdDLL"=""
- Disable Remote Control of Terminal Server
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\DefaultUserConfiguration]
- "fInheritShadow"=dword:00000000
- "Shadow"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fInheritInitialProgram"=dword:00000000
- "fLogonDisabled"=dword:00000001
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\DefaultUserConfiguration]
- "fInheritShadow"=dword:00000000
- "Shadow"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fInheritInitialProgram"=dword:00000000
- "fLogonDisabled"=dword:00000001
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\DefaultUserConfiguration]
- "fInheritShadow"=dword:00000000
- "Shadow"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fInheritInitialProgram"=dword:00000000
- "fLogonDisabled"=dword:00000001
- Disable Shadow Remote Control of Winstation Console
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\Console]
- "Shadow"=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\Console]
- "Shadow"=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\Console]
- "Shadow"=dword:00000000
- Disable Winstation Remote destkop Console;
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\Console\RDP]
- "PdDLL"=""
- "rdpwd"=""
- "WsxDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\Console\RDP]
- "PdDLL"=""
- "rdpwd"=""
- "WsxDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\Console\RDP]
- "PdDLL"=""
- "rdpwd"=""
- "WsxDLL"=""
- Disable Intherit Shadow Remote Control For Remote Desktop Protocal EH-Tcp
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\EH-Tcp]
- "fInheritShadow"=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\EH-Tcp]
- "fInheritShadow"=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\EH-Tcp]
- "fInheritShadow"=dword:00000000
- Disable Intherit Shadow Remote Control For Remote Desktop Protocal RDP-Tcp
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp]
- "fInheritShadow"=dword:00000000
- Disable Intherit Shadow Remote Control For Remote Desktop Protocal RDP-Tcp
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp]
- "fInheritShadow"=dword:00000000
- Disable Intherit Shadow Remote Control For Remote Desktop Protocal RDP-Tcp
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\RDP-Tcp]
- "fInheritShadow"=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\EH-Tcp]
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "fEnableWinstation"=dword:00000000
- "fInheritAutoClient"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fLogonDisabled"=dword:00000001
- "fDisableCam"=dword:00000001
- "fDisableCcm"=dword:00000001
- "fDisableCdm"=dword:00000001
- "fDisableClip"=dword:00000001
- "fDisableLPT"=dword:00000001
- "fDisableCpm"=dword:00000001
- "fDisableExe"=dword:00000001
- "fInheritInitialProgram"=dword:00000000
- "CdDLL"=""
- "CfgDll"=""
- "PdDLL"=""
- "PdDLL1"=""
- "WsxDLL"=""
- "WdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\EH-Tcp]
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "fEnableWinstation"=dword:00000000
- "fInheritAutoClient"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fLogonDisabled"=dword:00000001
- "fDisableCam"=dword:00000001
- "fDisableCcm"=dword:00000001
- "fDisableCdm"=dword:00000001
- "fDisableClip"=dword:00000001
- "fDisableLPT"=dword:00000001
- "fDisableCpm"=dword:00000001
- "fDisableExe"=dword:00000001
- "fInheritInitialProgram"=dword:00000000
- "CdDLL"=""
- "CfgDll"=""
- "PdDLL"=""
- "PdDLL1"=""
- "WsxDLL"=""
- "WdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\WinStations\EH-Tcp]
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "fEnableWinstation"=dword:00000000
- "fInheritAutoClient"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fLogonDisabled"=dword:00000001
- "fDisableCam"=dword:00000001
- "fDisableCcm"=dword:00000001
- "fDisableCdm"=dword:00000001
- "fDisableClip"=dword:00000001
- "fDisableLPT"=dword:00000001
- "fDisableCpm"=dword:00000001
- "fDisableExe"=dword:00000001
- "fInheritInitialProgram"=dword:00000000
- "CdDLL"=""
- "CfgDll"=""
- "PdDLL"=""
- "PdDLL1"=""
- "WsxDLL"=""
- "WdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Control\Terminal Server\WinStations\RDP-Tcp]
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "UserAuthentication"=dword:00000001
- "fInheritAutoClient"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fLogonDisabled"=dword:00000001
- "fDisableCcm"=dword:00000001
- "fDisableCdm"=dword:00000001
- "fDisableClip"=dword:00000001
- "fDisableLPT"=dword:00000001
- "fDisableCpm"=dword:00000001
- "fDisableExe"=dword:00000001
- "fInheritInitialProgram"=dword:00000000
- "CdDLL"=""
- "CfgDll"=""
- "PdDLL"=""
- "PdDLL1"=""
- "WsxDLL"=""
- "WdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\Controlset002\Control\Terminal Server\WinStations\RDP-Tcp]
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "UserAuthentication"=dword:00000001
- "fInheritAutoClient"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fLogonDisabled"=dword:00000001
- "fDisableCcm"=dword:00000001
- "fDisableCdm"=dword:00000001
- "fDisableClip"=dword:00000001
- "fDisableLPT"=dword:00000001
- "fDisableCpm"=dword:00000001
- "fDisableExe"=dword:00000001
- "fInheritInitialProgram"=dword:00000000
- "CdDLL"=""
- "CfgDll"=""
- "PdDLL"=""
- "PdDLL1"=""
- "WsxDLL"=""
- "WdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\Controlset003\Control\Terminal Server\WinStations\RDP-Tcp]
- "fAutoClientDrives"=dword:00000000
- "fAutoClientLpts"=dword:00000000
- "UserAuthentication"=dword:00000001
- "fInheritAutoClient"=dword:00000000
- "fInheritAutoLogon"=dword:00000000
- "fLogonDisabled"=dword:00000001
- "fDisableCcm"=dword:00000001
- "fDisableCdm"=dword:00000001
- "fDisableClip"=dword:00000001
- "fDisableLPT"=dword:00000001
- "fDisableCpm"=dword:00000001
- "fDisableExe"=dword:00000001
- "fInheritInitialProgram"=dword:00000000
- "CdDLL"=""
- "CfgDll"=""
- "PdDLL"=""
- "PdDLL1"=""
- "WsxDLL"=""
- "WdDLL"=""
- [HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
- "ehshell.exe"=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\Controlset002\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
- "ehshell.exe"=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\Controlset003\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
- "ehshell.exe"=dword:00000000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement