win10-prep

Batch script to tweak Windows 10 to a more usable form
Log | Files | Refs
commit 8401d5c9b9462d9fc240efd0a7267b9227bc7953
parent b32c2c85bd44c5663e25c006358e3c26bd82696c
Author: breadcat <peter@minskio.co.uk>
Date:   Tue, 22 Sep 2020 12:41:39 +0100

Add some hardening steps from hardentools

Diffstat:

Mwin10-prep.bat | 12++++++++++++


1 file changed, 12 insertions(+), 0 deletions(-)

diff --git a/win10-prep.bat b/win10-prep.bat
@@ -298,6 +298,18 @@ rem disable improve typing/inking recognition
 reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d 0 /f
 rem allow long character paths
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v "LongPathsEnabled" /t REG_DWORD /d "1" /f
+rem disable snipping tool
+reg add "HKLM\SOFTWARE\Policies\Microsoft\TabletPC" /v "DisableSnippingTool" /t REG_DWORD /d "1" /f
+rem disable windows script host
+reg add "HKLM\Software\Microsoft\Windows Script\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
+rem disable drive autoruns
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d "181" /f
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAutorun" /t REG_DWORD /d "1" /f
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" /v "DisableAutoplay" /t REG_DWORD /d "1" /f
+rem disable powershell
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "powershell.exe" /f
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "powershell_ise.exe" /f
 exit /b %errorlevel%
 
 :remove_software