44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

default selection is now none

Browse Source
This commit is contained in:
undergroundwires
2020-01-06 20:02:12 +01:00
parent 20020af7c1
commit 3140cc663b
21 changed files with 295 additions and 237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

294
src/application/application.yaml
View File

@@ -9,26 +9,26 @@ actions:
children:
-
name: Clear Listary indexes
default: false
recommend: false
code: del /f /s /q %appdata%\Listary\UserData > nul
-
name: Clear Java cache
default: true
recommend: true
code: rd /s /q "%APPDATA%\Sun\Java\Deployment\cache"
-
name: Clear Flash traces
default: true
recommend: true
code: rd /s /q "%APPDATA%\Macromedia\Flash Player"
-
name: Clear Steam dumps, logs and traces
default: true
recommend: true
code: |-
del /f /q %ProgramFiles(x86)%\Steam\Dumps
del /f /q %ProgramFiles(x86)%\Steam\Traces
del /f /q %ProgramFiles(x86)%\Steam\appcache\*.log
-
name: Clear Visual Studio telemetry & feedback data
default: true
recommend: true
code: |-
rmdir /s /q "%AppData%\vstelemetry" 2>nul
rmdir /s /q "%LocalAppData%\Microsoft\VSApplicationInsights" 2>nul
@@ -45,7 +45,7 @@ actions:
children:
-
name: Clear windows recent files
default: true
recommend: true
docs: https://www.tenforums.com/tutorials/3476-reset-clear-recent-items-frequent-places-windows-10-a.html
code: |-
rd /s /q "%USERPROFILE%\Recent"
@@ -54,56 +54,56 @@ actions:
del /f /q %APPDATA%\Microsoft\Windows\Recent\CustomDestinations\*
-
name: Clear regedit last key
default: true
recommend: true
code: |-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit" /va /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit" /va /f
-
name: Clear regedit favorites
default: true
recommend: true
code: |-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites" /va /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites" /va /f
-
name: Clear list of recent programs opened
default: true
recommend: true
code: |-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU" /va /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy" /va /f
-
name: Clear Adobe Media Browser MRU
default: true
recommend: true
code: reg delete "HKEY_CURRENT_USER\Software\Adobe\MediaBrowser\MRU" /va /f
-
name: Clear MSPaint MRU
default: true
recommend: true
code: |-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List" /va /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List" /va /f
-
name: Clear Wordpad MRU
default: true
recommend: true
code: reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List" /va /f
-
name: Clear Map Network Drive MRU MRU
default: true
recommend: true
code: |-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU" /va /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU" /va /f
-
name: Clear Windows Search Assistant history
default: true
recommend: true
code: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru" /va /f
-
name: Clear list of Recent Files Opened, by Filetype
default: true
recommend: true
code: |-
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs" /va /f
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs" /va /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU" /va /f
-
name: Clear windows media player recent files and urls
default: true
recommend: true
code: |-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentFileList" /va /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentURLList" /va /f
@@ -111,13 +111,13 @@ actions:
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Player\RecentURLList" /va /f
-
name: Clear Most Recent Application's Use of DirectX
default: true
recommend: true
code: |-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication" /va /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication" /va /f
-
name: Clear Windows Run MRU & typedpaths
default: true
recommend: true
code: |-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" /va /f
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths" /va /f
@@ -126,7 +126,7 @@ actions:
children:
-
name: Clear Internet Explorer traces
default: true
recommend: true
code: |-
del /f /q "%localappdata%\Microsoft\Windows\INetCache\IE\*"
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\TypedURLs" /va /f
@@ -142,7 +142,7 @@ actions:
rd /s /q "%localappdata%\Microsoft\InternetExplorer\DOMStore"
-
name: Clear Google Chrome traces
default: true
recommend: true
code: |-
del /f /q "%localappdata%\Google\Software Reporter Tool\*.log"
rd /s /q "%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data"
@@ -154,7 +154,7 @@ actions:
children:
-
name: Clear browsing history and caches
default: true
recommend: true
code: |-
set ignoreFiles="content-prefs.sqlite" "permissions.sqlite" "favicons.sqlite"
for %%d in ("%APPDATA%\Mozilla\Firefox\Profiles\"
@@ -178,21 +178,21 @@ actions:
)
-
name: Clear all user settings and data
default: false
recommend: false
enables: Clear browsing history and caches
code: |-
rd "%localappdata%\Local\Mozilla\Firefox\Profiles"
rd /s /q "%APPDATA%\Mozilla\Firefox\Profiles"
-
name: Clear Opera traces
default: true
recommend: true
code: |-
rd /s /q "%USERPROFILE%\AppData\Local\Opera\Opera"
rd /s /q "%APPDATA%\Opera\Opera"
rd /s /q "%USERPROFILE%\Local Settings\Application Data\Opera\Opera"
-
name: Clear Safari traces
default: true
recommend: true
code: |-
rd /s /q "%USERPROFILE%\AppData\Local\Apple Computer\Safari\Traces"
rd /s /q "%APPDATA%\Apple Computer\Safari"
@@ -206,11 +206,11 @@ actions:
children:
-
name: Clear thumbnail cache
default: false
recommend: false
code: del /f /s /q /a %LocalAppData%\Microsoft\Windows\Explorer\*.db
-
name: Clear Windows log files
default: true
recommend: true
code: |-
del /f /q %SystemRoot%\Temp\CBS\*
del /f /q %SystemRoot%\comsetup.log
@@ -246,14 +246,14 @@ actions:
rd /s /q "%localappdata%\Microsoft\Windows\Traces"
-
name: Clear Windows temp files
default: true
recommend: true
code: |-
del /f /q %localappdata%\Temp\*
rd /s /q "%WINDIR%\Temp"
rd /s /q "%TEMP%"
-
name: Clear main telemetry file
default: true
recommend: true
code: echo "" > %ProgramData%\Microsoft\Diagnosis\ETLTraces\AutoLogger\AutoLogger-Diagtrack-Listener.etl
-
name: Empty trash bin
@@ -263,25 +263,25 @@ actions:
children:
-
name: Disable ad customization with Advertising ID
default: true
recommend: true
code: |-
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t REG_DWORD /d 1 /f
-
name: Disable online device metadata collection
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 1 /f
-
name: Opt out from Windows privacy consent
default: true
recommend: true
code: |-
reg add "HKCU\SOFTWARE\Microsoft\Personalization\Settings" /v "AcceptedPrivacyPolicy" /t REG_DWORD /d 0 /f
reg add "HKU\DefaultUser\Software\Microsoft\Personalization\Settings" /v "AcceptedPrivacyPolicy" /d "0" /t REG_DWORD /f
-
name: Disable windows telemetry & data collection
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f
@@ -295,7 +295,7 @@ actions:
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d 0 /f
-
name: Disable Windows feedback
default: true
recommend: true
code: |-
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d 0 /f
:: removing this value sets feedback frequency to never
@@ -304,7 +304,7 @@ actions:
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "DoNotShowFeedbackNotifications" /t REG_DWORD /d 1 /f
-
name: Disable text and handwriting collection
default: true
recommend: true
code: |-
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d 1 /f
@@ -321,124 +321,124 @@ actions:
children:
-
name: Deny app access to location
default: false
recommend: false
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation" /t REG_DWORD /d 2 /f
-
name: Deny app access to motion data
default: false
recommend: false
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion" /t REG_DWORD /d 2 /f
-
name: Deny app access to phone
default: false
recommend: false
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone" /t REG_DWORD /d 2 /f
-
name: Deny app access to trusted devices
default: false
recommend: false
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices" /t REG_DWORD /d 2 /f
-
name: Deny app sync with devices
default: false
recommend: false
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices" /t REG_DWORD /d 2 /f
-
name: Deny app access to camera
default: false
recommend: false
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCamera" /t REG_DWORD /d 2 /f
-
name: Deny app access to microphone
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMicrophone" /t REG_DWORD /d 2 /f
-
name: Deny app access to diagnostics info about your other apps
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo" /t REG_DWORD /d 2 /f
-
name: Deny app access to your file system
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" /v "Value" /d "Deny" /t REG_SZ /f
-
name: Deny app access to your contacts
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts" /t REG_DWORD /d 2 /f
-
name: Deny app access to Notifications
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userNotificationListener" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessNotifications" /t REG_DWORD /d 2 /f
-
name: Deny app access to Account Information
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo" /t REG_DWORD /d 2 /f
-
name: Deny app access to Calendar
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar" /t REG_DWORD /d 2 /f
-
name: Deny app access to call history
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory" /t REG_DWORD /d 2 /f
-
name: Deny app access to email
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail" /t REG_DWORD /d 2 /f
-
name: Deny app access to tasks
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks" /t REG_DWORD /d 2 /f
-
name: Deny app access to messaging
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMessaging" /t REG_DWORD /d 2 /f
-
name: Deny app access to radios
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\radios" /v "Value" /d "Deny" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios" /t REG_DWORD /d 2 /f
-
name: Deny app access to videos
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" /v "Value" /d "Deny" /t REG_SZ /f
-
name: Deny app access to pictures
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" /v "Value" /d "Deny" /t REG_SZ /f
-
name: Deny app access to documents
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" /v "Value" /d "Deny" /t REG_SZ /f
-
name: Deny app access to bluetooth devices
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetoothSync" /v "Value" /d "Deny" /t REG_SZ /f
-
name: Deny location access
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocation" /d "1" /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocationScripting" /t REG_DWORD /d 1 /f
@@ -448,7 +448,7 @@ actions:
reg add "HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" /v "Status" /d "0" /t REG_DWORD /f
-
name: Deny sensor access
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "SensorPermissionState" /d "0" /t REG_DWORD /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v Value /t REG_SZ /d Deny /f
@@ -458,7 +458,7 @@ actions:
children:
-
name: Disable cortana
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana" /v "value" /t REG_DWORD /d 0 /f
@@ -473,26 +473,26 @@ actions:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "DisableWebSearch" /t REG_DWORD /d 1 /
-
name: Disable web search in search bar
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v DisableWebSearch /t REG_DWORD /d 1 /f
-
name: Disable search web when searching pc
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v ConnectedSearchUseWeb /t REG_DWORD /d 0 /f
-
name: Disable search indexing encrypted items / stores
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AllowIndexingEncryptedStoresOrItems /t REG_DWORD /d 0 /f
-
name: Disable location based info in searches
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AllowSearchToUseLocation /t REG_DWORD /d 0 /f
-
name: Disable language detection
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AlwaysUseAutoLangDetection /t REG_DWORD /d 0 /f
name: Turn Off Suggested Content in Settings app
default: true
recommend: true
docs: https://www.tenforums.com/tutorials/100541-turn-off-suggested-content-settings-app-windows-10-a.html
code: |-
reg add HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v "SubscribedContent-338393Enabled" /d "0" /t REG_DWORD /f
@@ -500,13 +500,13 @@ actions:
reg add HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v "SubscribedContent-353696Enabled" /d "0" /t REG_DWORD /f
-
name: Disable biometrics
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Policies\Microsoft\Biometrics" /v "Enabled" /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc" /v "Start" /t REG_DWORD /d 4 /f
-
name: Disable Wi-Fi sense
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" /v "value" /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" /v "value" /t REG_DWORD /d 0 /f
@@ -514,57 +514,57 @@ actions:
-
name: Disable App Launch Tracking
docs: https://www.thewindowsclub.com/enable-or-disable-app-launch-tracking-in-windows-10
default: true
recommend: true
code: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /d "0" /t REG_DWORD /f
-
name: Disable Inventory Collector
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableInventory" /t REG_DWORD /d 1 /f
-
name: Disable Auto Downloading Maps
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Maps" /v "AllowUntriggeredNetworkTrafficOnSettingsPage" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Maps" /v "AutoDownloadAndUpdateMapData" /t REG_DWORD /d 0 /f
-
name: Disable targeted tips
default: true
recommend: true
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableSoftLanding" /t REG_DWORD /d 1 /f
-
name: Disable steps recorder
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableUAR" /t REG_DWORD /d 1 /f
-
name: Disable game screen recording
default: true
recommend: true
code: |-
reg add "HKCU\System\GameConfigStore" /v "GameDVR_Enabled" /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t REG_DWORD /d 0 /f
-
name: Disable Windows DRM internet access
docs: https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.DigitalRights2::DisableOnline
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\WMDRM" /v "DisableOnline" /t REG_DWORD /d 1 /f
-
name: Disable feedback on write (sending typing info)
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d 0 /f
reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d 0 /f
-
name: Disable Activity Feed
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableActivityFeed" /d "0" /t REG_DWORD /f
-
name: Disable Windows Insider Program
default: true
recommend: true
code: |-
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "AllowBuildPreview" /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableConfigFlighting" /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableExperimentation" /t REG_DWORD /d 0 /f
-
name: Disable the Windows Connect Now wizard
default: false
recommend: false
docs:
- https://docs.microsoft.com/en-us/windows/win32/wcn/about-windows-connect-now
- https://www.windows-security.org/f637a705712eb59f8cd410673c96472e/prohibit-access-of-the-windows-connect-now-wizards
@@ -574,7 +574,7 @@ actions:
children:
-
name: Disable all settings sync
default: true
recommend: true
enabler: all those bottom
code: |-
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSync" /t REG_DWORD /d 2 /f
@@ -583,50 +583,50 @@ actions:
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" /v "SyncPolicy" /t REG_DWORD /d 5 /f
-
name: Disable Application Setting Sync
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSync" /t REG_DWORD /d 2 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSyncUserOverride" /t REG_DWORD /d 1 /f
-
name: Disable App Sync Setting Sync
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSync" /t REG_DWORD /d 2 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSyncUserOverride" /t REG_DWORD /d 1 /f
-
name: Disable Credentials Setting Sync
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSync" /t REG_DWORD /d 2 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSyncUserOverride" /t REG_DWORD /d 1 /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials" /v "Enabled" /t REG_DWORD /d 0 /f
-
name: Disable Desktop Theme Setting Sync
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSync" /t REG_DWORD /d 2 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSyncUserOverride" /t REG_DWORD /d 1 /f
-
name: Disable Personalization Setting Sync
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSync" /t REG_DWORD /d 2 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSyncUserOverride" /t REG_DWORD /d 1 /f
-
name: Disable Start Layout Setting Sync
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSync" /t REG_DWORD /d 2 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSyncUserOverride" /t REG_DWORD /d 1 /f
-
name: Disable Web Browser Setting Sync
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSync" /t REG_DWORD /d 2 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSyncUserOverride" /t REG_DWORD /d 1 /f
-
name: Disable Windows Setting Sync
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSync" /t REG_DWORD /d 2 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSyncUserOverride" /t REG_DWORD /d 1 /f
@@ -641,36 +641,36 @@ actions:
children:
-
name: Disable SQM 64 bit OS key
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\VSCommon\14.0\SQM" /v OptIn /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\VSCommon\15.0\SQM" /v OptIn /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\VSCommon\16.0\SQM" /v OptIn /t REG_DWORD /d 0 /f
-
name: Disable SQM 32 bit OS key
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSCommon\14.0\SQM" /v OptIn /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSCommon\15.0\SQM" /v OptIn /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSCommon\16.0\SQM" /v OptIn /t REG_DWORD /d 0 /f
-
name: Disable SQM group policy
default: true
recommend: true
code: reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\VisualStudio\SQM" /v OptIn /t REG_DWORD /d 0 /f
-
name: Disable visual studio telemetry
default: true
recommend: true
code: reg add "HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\Telemetry" /v TurnOffSwitch /t REG_DWORD /d 1 /f
-
name: Disable Visual Studio feedback
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v DisableFeedbackDialog /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v DisableEmailInput /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v DisableScreenshotCapture /t REG_DWORD /d 1 /f
-
name: Stop and disable Visual Studio Standard Collector Service
default: true
recommend: true
code: |-
sc stop "VSStandardCollectorService150"
net stop VSStandardCollectorService150 2>nul
@@ -680,7 +680,7 @@ actions:
children:
-
name: Disable Microsoft SpyNet (Windows Defender cloud export for analysis)
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d 0 /f
@@ -688,15 +688,15 @@ actions:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d 2 /f
-
name: Disable sending infection information
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f
-
name: Disable NetCore Cli telemetry
default: true
recommend: true
code: setx DOTNET_CLI_TELEMETRY_OPTOUT 1
-
name: Disable Visual Studio Code telemetry
default: true
recommend: true
docs: https://code.visualstudio.com/docs/getstarted/telemetry
code: |-
mkdir %appdata%\Code\User
@@ -704,7 +704,7 @@ actions:
echo { "telemetry.enableCrashReporter": false, "telemetry.enableTelemetry": false } > %appdata%\Code\User\settings.json
-
name: Disable Microsoft Office telemetry
default: true
recommend: true
docs: https://docs.microsoft.com/en-us/deployoffice/compat/manage-the-privacy-of-data-monitored-by-telemetry-in-office
code: |-
reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\osm" /v "Enablelogging" /t REG_DWORD /d 0 /f
@@ -717,61 +717,61 @@ actions:
children:
-
name: Disable live tile data collection
default: true
recommend: true
code: reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\MicrosoftEdge\Main" /v "PreventLiveTileDataCollection" /t REG_DWORD /d 1 /f
-
name: Disable MFU tracking
default: true
recommend: true
code: reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\EdgeUI" /v "DisableMFUTracking" /t REG_DWORD /d 1 /f
-
name: Disable recent apps
default: true
recommend: true
code: reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\EdgeUI" /v "DisableRecentApps" /t REG_DWORD /d 1 /f
-
name: Turn off backtracking
default: true
recommend: true
code: reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\EdgeUI" /v "TurnOffBackstack" /t REG_DWORD /d 1 /f
-
name: Disable Search Suggestions in Edge
default: true
recommend: true
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\SearchScopes" /v "ShowSearchSuggestionsGlobal" /t REG_DWORD /d 0 /f
-
category: Configure Internet Explorer
children:
-
name: Disable Geolocation in Internet Explorer
default: true
recommend: true
code: reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Geolocation" /v "PolicyDisableGeolocation" /t REG_DWORD /d 1 /f
-
name: Disable Internet Explorer InPrivate logging
default: true
recommend: true
code: |-
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" /v "DisableLogging" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" /v "DisableLogging" /t REG_DWORD /d 1 /f
-
name: Disable Internet Explorer CEIP
default: true
recommend: true
code: |-
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SQM" /v "DisableCustomerImprovementProgram" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\SQM" /v "DisableCustomerImprovementProgram" /t REG_DWORD /d 0 /f
-
name: Disable calling legacy WCM policies
default: true
recommend: true
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "CallLegacyWCMPolicies" /t REG_DWORD /d 0 /f
-
name: Disable SSLv3 fallback
default: true
recommend: true
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "EnableSSL3Fallback" /t REG_DWORD /d 0 /f
-
name: Disable ignoring cert errors
default: true
recommend: true
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "PreventIgnoreCertErrors" /t REG_DWORD /d 1 /f
-
category: Configure Google Chrome
children:
-
name: Disable Chrome Software Reporter Tool
default: true
recommend: true
code: |-
icacls "%localappdata%\Google\Chrome\User Data\SwReporter" /inheritance:r /deny "*S-1-1-0:(OI)(CI)(F)" "*S-1-5-7:(OI)(CI)(F)"
cacls "%localappdata%\Google\Chrome\User Data\SwReporter" /e /c /d %username%
@@ -782,13 +782,13 @@ actions:
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "software_reporter_tool.exe" /f
-
name: Disable Chrome metrics reporting
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v "MetricsReportingEnabled" /t REG_DWORD /d 0 /f
reg add "HKEY_CURRENT_USER\SOFTWARE\Policies\Google\Chrome" /v "MetricsReportingEnabled" /t REG_DWORD /d 0 /f
-
name: Disable Google update service
default: true
recommend: true
code: |-
sc config gupdate start= disabled
sc config gupdatem start= disabled
@@ -796,25 +796,25 @@ actions:
schtasks /Change /DISABLE /TN "GoogleUpdateTaskMachineUA"
-
name: Disable Adobe Acrobat update service
default: true
recommend: true
code: |-
sc config AdobeARMservice start= disabled
schtasks /Change /DISABLE /TN "Adobe Acrobat Update Task"
-
name: Disable Razer Game Scanner Service
default: true
recommend: true
code: |-
sc stop "Razer Game Scanner Service"
sc config "Razer Game Scanner Service" start= disabled
-
name: Disable Logitech Gaming Registry Service
default: true
recommend: true
code: |-
sc stop "LogiRegistryService"
sc config "LogiRegistryService" start= disabled
-
name: Disable Dropbox auto update service
default: true
recommend: true
code: |-
sc config dbupdate start= disabled
sc config dbupdatem start= disabled
@@ -825,11 +825,11 @@ actions:
children:
-
name: Do not send Windows Media Player statistics
default: true
recommend: true
code: reg add "HKCU\SOFTWARE\Microsoft\MediaPlayer\Preferences" /v "UsageTracking" /t REG_DWORD /d 0 /f
-
name: Disable meta data retrieval
default: true
recommend: true
code: |-
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer" /v "PreventCDDVDMetadataRetrieval" /t REG_DWORD /d 1 /f
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer" /v "PreventMusicFileMetadataRetrieval" /t REG_DWORD /d 1 /f
@@ -844,33 +844,33 @@ actions:
children:
-
name: Spectre variant 2 and meltdown (Intel)
default: false
recommend: false
code: |-
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
-
name: Spectre variant 2 and meltdown (AMD)
default: false
recommend: false
code: |-
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 64 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
-
name: Spectre variant 2 and meltdown (HyperV)
default: false
recommend: false
code: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
-
name: Disable administrative shares
default: true
recommend: true
code: reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "AutoShareWks" /t REG_DWORD /d 0 /f
-
name: Force enable data execution prevention (DEP)
default: false
recommend: false
code: |-
reg add "HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ Explorer" /v "NoDataExecutionPrevention" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ System" /v "DisableHHDEP" /t REG_DWORD /d 0 /f
-
name: Disable AutoPlay and AutoRun
default: false
recommend: false
docs:
- https://en.wikipedia.org/wiki/AutoRun
- https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63667
@@ -882,59 +882,59 @@ actions:
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "NoAutoplayfornonVolume" /t REG_DWORD /d 1 /f
-
name: Disable remote Assistance
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63651
code: |-
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v "fAllowToGetHelp" /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v "fAllowFullControl" /t REG_DWORD /d 0 /f
-
name: Disable lock screen camera
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_8_8.1/2014-06-27/finding/V-43237
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "NoLockScreenCamera" /t REG_DWORD /d 1 /f
-
name: Prevent the storage of the LAN Manager hash of passwords
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63797
code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "NoLMHash" /t REG_DWORD /d 1 /f
-
name: Disable Windows Installer Always install with elevated privileges
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63797
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer" /v "AlwaysInstallElevated" /t REG_DWORD /d 0 /f
-
name: Prevent WinRM from using Basic Authentication
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63335
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client" /v "AllowBasic" /t REG_DWORD /d 0 /f
-
name: Restrict anonymous enumeration of shares
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63749
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client" /v "AllowBasic" /t REG_DWORD /d 0 /f
-
name: Systems must be maintained at a supported (security) level
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63349
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client" /v "AllowBasic" /t REG_DWORD /d 0 /f
-
name: Refuse less secure authentication
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63801
code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LmCompatibilityLevel" /t REG_DWORD /d 5 /f
-
name: Enable Structured Exception Handling Overwrite Protection (SEHOP)
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-68849
code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d 0 /f
-
name: Block Anonymous enumeration of SAM accounts
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63745
code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d 0 /f
-
name: Restrict anonymous access to Named Pipes and Shares
default: true
recommend: true
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63759
code: reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters" /v "RestrictNullSessAccess" /t REG_DWORD /d 1 /f
-
@@ -942,11 +942,11 @@ actions:
children:
-
name: Disable Windows Defender
default: false
recommend: false
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
-
name: Disable Smart Screen
default: false
recommend: false
code: |-
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f
@@ -955,18 +955,18 @@ actions:
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 0 /f
-
name: Disable scheduled On Demand anti malware scanner (MRT)
default: false
recommend: false
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f
-
category: UI for privacy
children:
-
name: Disable lock screen app notifications
default: true
recommend: true
code: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v "DisableLockScreenAppNotifications" /t REG_DWORD /d 1 /f
-
name: Disable online content in explorer
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "AllowOnlineTips" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInternetOpenWith" /t REG_DWORD /d 1 /f
@@ -975,21 +975,21 @@ actions:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoWebServices" /t REG_DWORD /d 1 /f
-
name: Disable & auto-clear recent documents in explorer
default: true
recommend: true
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoRecentDocsHistory" /t REG_DWORD /d 1 /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "ClearRecentDocsOnExit" /t REG_DWORD /d 1 /f
-
name: Disable Live Tiles push notifications
default: true
recommend: true
code: reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoTileApplicationNotification" /t REG_DWORD /d 1 /f
-
name: Turn off "Look For An App In The Store" option
default: true
recommend: true
code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "NoUseStoreOpenWith" /t REG_DWORD /d 1 /f
-
name: Do not show recently used files in Quick Access
default: true
recommend: true
docs: https://www.tenforums.com/tutorials/2713-add-remove-recent-files-quick-access-windows-10-a.html
code: |-
if %PROCESSOR_ARCHITECTURE%==x86 ( REM is 32 bit?
@@ -1003,13 +1003,13 @@ actions:
children:
# -
# name: Run script on start-up (EXPERIMENTAL)
# default: false
# recommend: false
# code: |-
# del /f /q %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\privacy-cleanup.bat
# copy "%~dpnx0" "%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\privacy-cleanup"
-
name: Change NTP (time) server to pool.ntp.org
default: false
recommend: false
code: |-
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\Parameters" /v "NtpServer" /t REG_SZ /d "pool.ntp.org, 0x8" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\Parameters" /v "Type" /t REG_SZ /d "NTP" /f
@@ -1020,7 +1020,7 @@ actions:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "SpecialPollInterval" /t REG_DWORD /d 1024 /f
-
name: Apply settings for all future users (EXPERIMENTAL)
default: false
recommend: false
code: |-
REG UNLOAD HKU\DefaultUser
reg load HKU\DefaultUser %SystemDrive%\Users\Default\NTUSER.DAT