From 8401d5c9b9462d9fc240efd0a7267b9227bc7953 Mon Sep 17 00:00:00 2001
From: breadcat
Date: Tue, 22 Sep 2020 12:41:39 +0100
Subject: Add some hardening steps from hardentools

---
 win10-prep.bat | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/win10-prep.bat b/win10-prep.bat
index e0d936e..afa4bc8 100644
--- a/win10-prep.bat
+++ b/win10-prep.bat
@@ -298,6 +298,18 @@ rem disable improve typing/inking recognition
 reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d 0 /f
 rem allow long character paths
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v "LongPathsEnabled" /t REG_DWORD /d "1" /f
+rem disable snipping tool
+reg add "HKLM\SOFTWARE\Policies\Microsoft\TabletPC" /v "DisableSnippingTool" /t REG_DWORD /d "1" /f
+rem disable windows script host
+reg add "HKLM\Software\Microsoft\Windows Script\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
+rem disable drive autoruns
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d "181" /f
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAutorun" /t REG_DWORD /d "1" /f
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" /v "DisableAutoplay" /t REG_DWORD /d "1" /f
+rem disable powershell
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "powershell.exe" /f
+reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "powershell_ise.exe" /f
 exit /b %errorlevel%
 
 :remove_software
-- 
cgit v1.2.3