Saturday, January 26, 2013

Registry Lock Down


After you make your registry tweaks do a Start/Run regedt32/Security/Permissions.Go to the hives you made the changes and set permissions to each key so they can't be changed.

I took the time out to individually make these 43 registry tweaks seperatly with there titles into one zip file...Enjoy..Feel free to add to this thread if you have others not listed her

Security Message

(Logon)[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON] "Welcome"="   Unauthorized Access is prohibited "Policies (1=enabled 0=disabled)[

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\PROGRAM MANAGER\RESTRICTIONS] [HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\PROGRAM MANAGER\RESTRICTIONS] [

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM]enable logging of successful http requests[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\W3SVC\PARAMETERS] "LogSuccessfulRequests"=dword:00000001disable IIS FTP bounce attack (IIS 2/3)[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSFTPSVC\PARAMETERS] "EnablePortAttack"=dword:00000000enable logging of bad http requests[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\W3SVC\PARAMETERS] "LogErrorRequests"=dword:00000001After you make your registry tweaks do a Start/Run regedt32/Security/Permissions.Go to the hives you made the changes and set permissions to each key so they can't be changed.


These registry tweaks are for Windows NT4, Windows 2000 and Windows XP. disabling IP Forwarding[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS] "IPENABLEROUTER"=DWORD:00000000disallow fragmented IP[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\IPFILTERDRIVER\PARAMETERS] "ENABLEFRAGMENTCHECKING"=DWORD:00000001disabling ICMP-Redirect[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS] "ENABLEICMPREDIRECTS"=DWORD:00000000enabling TCP/IP-Filtering[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS] "ENABLESECURITYFILTERS"=DWORD:00000001disallow forward of fragmented IP-Pakets[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\IPFILTERDRIVER\PARAMETERS] "DEFAULTFORWARDFRAGMENTS"=DWORD:00000000restart if Evenlog fails[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA] "CRASHONAUDITFAIL"=DWORD:00000001Winsock Protection[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AFD\PARAMETERS] "ENABLEDYNAMICBACKLOG"=DWORD:00000020 "MAXIMUMDYNAMICBACKLOG"=DWORD:00020000 "DYNAMICBACKLOGGROWTHDELTA"=DWORD:00000010Denial-of-Service Protection[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS] "SYNATTACKPROTECT"=DWORD:00000002 "TCPMAXDATARETRANSMISSIONS"=DWORD:00000003 "TCPMAXHALFOPEN"=DWORD:00000064 "TCPMAXHALFOPENRETRIED"=DWORD:00000050 "TCPMAXPORTSEXHAUSTED"=DWORD:00000001 "TCPMAXCONNECTRESPONERETRANSMISSIONS"=DWORD:00000002 "ENABLEDEADGWDETECT"=DWORD:00000000 "ENABLEPMTUDISCOVERY"=DWORD:00000000 "KEEPALIVETIME"=DWORD:00300000 "ALLOWUNQUALIFIEDQUERY"=DWORD:00000000 "DISABLEDYNAMICUPDATE"=DWORD:00000001Disable Router-Discovery[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES] "PERFORMROUTERDISCOVERY"=DWORD:00000000Disabling DomainMaster[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER\PARAMETERS] "MAINTAINSERVERLIST"="No" "ISDOMAINMASTER"="False"Disable Netbios-Name exposing[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT\PARAMETERS] "NONAMERELEASEONDEMAND"=DWORD:00000001Fix for MS DNS Compatibility with BIND versions earlier than 4.9.4[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNS\PARAMETERS] "BINDSECONDARIES"=DWORD:00000001disabling Caching of Logon-Credentials (possible also with USRMGR.EXE)[

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON] "CACHEDLOGONCOUNT"=DWORD:00000001disabling IP-Source-Routing[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS] "DISABLEIPSOURCEROUTING"=DWORD:0000001allow only MS CHAP v2.0 for VPN connections[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP] "SECUREVPN"=DWORD:00000001disabling caching of RAS-Passwords[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PARAMETERS] "DISABLESAVEPASSWORD"=DWORD:00000001Printerinstallation only by Admins/Print Operators[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\LANMANPRINT SERVICES\SERVERS]"ADDPRINTDRIVERS"=DWORD:00000001disabling Administrative Shares NT4.0 Server ($c, $d, $e etc)[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\PARAMETERS] "AUTOSHARESERVER"=DWORD:00000000disabling Administrative Shares NT4.0 Workstation ($c, $d, $e etc)[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\PARAMETERS] "AUTOSHAREWKS"=DWORD:00000000allow only authenicated PPP Clients[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP] "FORCEENCRYPTEDPASSWORD"=DWORD:00000002enabling RAS-Logging[


HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PARAMETERS] "LOGGING"=DWORD:00000001disabling NTFS 8.3 Namegeneration[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\FILESYSTEM] "NTFSDISABLE8DOT3NAMEGENERATION"=DWORD:00000001disallow anonymous IPC-Connections[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA] "RESTRICTANONYMOUS"=DWORD:00000001enabling SMB Signatures (Server)[

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMA


--
Sent from hacked phone

No comments:

Post a Comment