Script to run after resetting a hacked windows 11 pc

::security - How to harden Windows Public and Default folder permissions - Super User

::I have an image of settings that you need to set at the end of this script

netsh advfirewall set allprofiles firewallpolicy blockinboundalways,blockoutbound

netsh wlan add filter permission=denyall networktype=infrastructure

netsh wlan add filter permission=denyall networktype=adhoc

netsh wlan add filter permission=allow ssid="WIFINAME" networktype=infrastructure

netsh wlan set hostednetwork mode= disallow

netsh wlan stop hostednetwork

reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "EnableAutoproxyResultCache" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v WinStationsDisabled /t REG_SZ /d "1" /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fLogonDisabled /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" /v fLogonDisabled /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration" /v fLogonDisabled /t REG_DWORD /d 1 /f

cd\
del /s /q ehshell.exe
cd c:\windows\system32

:: Disables the Teredo tunneling. Teredo is a transition technology that gives

:: full IPv6 connectivity and host-to-host automatic tunneling

:: for unicast IPv6 traffic.

netsh interface teredo set state disabled

:: Disables the 6to4 tunnels that support communication with IPv6 internet

netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled

:: Disables all IPv6 transition technologies

netsh interface ipv6 isatap set state state=disabled

net share IPC$ /delete

net share C$ /delete

net share D$ /delete

sc stop IntelAudioService

sc stop "Intel(R) Capability Licensing Service TCP IP Interface"

sc stop CDPSvc

sc stop cplspcon

sc stop cphs

sc stop jhi_service

sc stop esifsvc

sc stop igccservice

sc stop WMIRegistrationService

sc stop "Intel(R) TPM Provisioning Service"

sc stop "NVDisplay.ContainerLocalSystem"

sc stop "AESMService"

sc stop Spooler

sc stop RasMan

sc stop "LanmanServer"

sc stop "LanmanWorkstation"

sc stop "TrkWks"

sc stop "hns"

sc stop "HvHost"

sc stop "SstpSvc"

sc stop "RasAcd"

sc stop "RasAgileVpn"

sc stop "RasAuto"

sc stop "Rasl2tp"

sc stop "RasPppoe"

sc stop "RasSstp"

sc stop "DsmSvc"

sc stop "vds"

sc stop WwanSvc

sc stop UsoSvc

sc stop wuauserv

sc stop WFDSConMgrSvc

::Wi-Fi Direct is a technology that enables two devices to connect directly to each other using Wi-Fi, ::without needing to join an existing network through an access point.

sc.exe config "UsoSvc" start= disabled

sc.exe config "wuauserv" start= disabled

sc.exe config "WFDSConMgrSvc" start= disabled

sc stop DeviceAssociationBrokerSvc_8c08e

sc.exe config "DeviceAssociationBrokerSvc_8c08e" start= disabled

sc.exe config "WwanSvc" start= disabled

sc delete WinHttpAutoProxySvc

sc.exe config vds start= disabled

sc.exe config IntelAudioService start= disabled

sc.exe config "Intel(R) Capability Licensing Service TCP IP Interface" start= disabled

sc.exe config cplspcon start= disabled

sc.exe config cphs start= disabled

sc.exe config jhi_service start= disabled

sc.exe config esifsvc start= disabled

sc.exe config igccservice start= disabled

sc.exe config "igfxCUIService2.0.0.0" start= disabled

sc.exe config WMIRegistrationService start= disabled

sc.exe config "Intel(R) TPM Provisioning Service" start= disabled

sc.exe config "NVDisplay.ContainerLocalSystem" start= disabled

sc.exe config "AESMService" start= disabled

sc.exe config "Spooler" start= disabled

sc.exe config "RasMan" start= disabled

sc.exe config "LanmanServer" start= disabled

sc.exe config "LanmanWorkstation" start= disabled

sc.exe config "wuauserv" start= disabled

sc.exe config "UsoSvc" start= disabled

sc.exe config "TrkWks" start= disabled

sc.exe config "hns" start= disabled

sc.exe config "HvHost" start= disabled

sc.exe config "SstpSvc" start= disabled

sc.exe config "RasAcd" start= disabled

sc.exe config "RasAgileVpn" start= disabled

sc.exe config "RasAuto" start= disabled

sc.exe config "Rasl2tp" start= disabled

sc.exe config "RasPppoe" start= disabled

sc.exe config "RasSstp" start= disabled

sc.exe config "CDPSvc" start= disabled

sc.exe config "DsmSvc" start= disabled

takeown /F "c:" /A

takeown /F "c:"

takeown /F "c:\program files" /R /D N

takeown /F "c:\program files (x86)" /R /D N

takeown /F "c:\Windows" /R /D N

takeown /F "c:\Users" /R /D N

icacls "c:\program files" /remove "NT Service\TrustedInstaller" /T

icacls "c:\program files (x86)" /remove "NT Service\TrustedInstaller" /T

icacls "c:\Windows" /remove "NT Service\TrustedInstaller" /T

icacls "c:\Users" /remove "NT Service\TrustedInstaller" /T

:::::::::::::::::::::::This is how they access the pc::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::it was (Default)=192.228.79.201

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList" /ve /d "" /f

::it was RootDnsIpv6Addr=2001:478:65::53

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList" /v "RootDnsIpv6Addr" /t REG_SZ /d "" /f

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters" /v ScopeAddress /f

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters" /v ScopeAddressBackup /f

::Run the following code in powershell

::Watch this key it keeps getting recreated
Take-Permissions "HKLM" "SYSTEM\ControlSet001\Services\WlanSvc\Parameters\EapolKeyIpAddress"

$acl = Get-Acl "HKLM:SYSTEM\ControlSet001\Services\WlanSvc\Parameters\EapolKeyIpAddress"

$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("NT Service\Administrators”","FullControl",@("ObjectInherit","ContainerInherit"),"None","Allow")

$acl.SetAccessRule($rule)

$acl |Set-Acl -Path HKLM:SYSTEM\ControlSet001\Services\WlanSvc\Parameters\EapolKeyIpAddress

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlanSvc\Parameters\EapolKeyIpAddress" /v LocalAddress /f

::If it doesn't work just manually take ownership of the registry key

::HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlanSvc\Parameters\EapolKeyIpAddress

:: delete LocalAddress

:: Manually change all permissions to read in the following folder:

::remember to replace all child objects

::C:\Windows\ServiceProfiles

::I still need time to learn how to do this programmatically

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoLogonSID" /t REG_SZ /d "" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Edge\Main" /v "AllowPrelaunch" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v "RunAsPPL" /t REG_DWORD /d 1 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f

powershell.exe Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

powershell.exe Set-SmbClientConfiguration -EnableMailslots $false

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v MinSMB2Dialect /t REG_DWORD /d 311/f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v MaxSMB2Dialect /t REG_DWORD /d 311 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v AllowInsecureGuestAuth /t REG_DWORD /d 0 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v EnablePlainTextPassword /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\cellularData" /v "Value" /t REG_SZ /d "Deny" /f

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\cellularData\NcsiUwpApp_8wekyb3d8bbwe" /v "Value" /t REG_SZ /d "Deny" /f

reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\wifiData\NcsiUwpApp_8wekyb3d8bbwe" /v "Value" /t REG_SZ /d "Deny" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\wiFiDirect" /v "Value" /t REG_SZ /d "Deny" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Wifi\AowAutoConnectToWiFiSenseHotspots" /v "value" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Wifi\AllowInternetSharing" /v "value" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Wifi\AllowWiFiDirect" /v "value" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "EnableSIHostIntegration" /t REG_DWORD /d 0 /f

SetACL.exe –on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WiFiDirectAPI" -ot reg -actn setowner -ownr “n:Administrators”

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WiFiDirectAPI" /v "EnablePairingUxIntegration" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer" /v "AutoShareWks" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\Software\Policies\Samba\smb_conf\disable netbios" /v "disable netbios" /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableUwpStartupTasks /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS" /v AllowRemoteShellAccess /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service" /v AllowAutoConfig /t REG_DWORD /d 0 /f

reg add "HKLM\System\CurrentControlSet\Control\Remote Assistance" /v fAllowToGetHelp /t REG_DWORD /d 0 /f

reg add "HKLM\System\CurrentControlSet\Control\Remote Assistance" /v fAllowFullControl /t REG_DWORD /d 0 /f

netsh advfirewall firewall set rule group="Remote Assistance" new enable=no

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections" /v NC_PersonalFirewallConfig /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections" /v NC_ShowSharedAccessUI /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters" /v AllowExclusiveScriptsShareAccess /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint" /v Enabled /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop" /v Enabled /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint" /v Enabled /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop" /v Enabled /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings" /v Enabled /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\SharedProfile\RemoteAdminSettings" /v Enabled /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy" /v fBlockRoaming /t REG_DWORD /d 1 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\wcmsvc\wifinetworkmanager\config" /v AutoConnectAllowedOEM /t REG_DWORD /d 0 /f

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wlansvc\Parameters\HostedNetworkSettings" /v HostedNetworkSettings /f

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /f

reg delete "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge" /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc" /v "Start" /t REG_DWORD /d 4 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc" /v "Start" /t REG_DWORD /d 4 /f

powershell.exe set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\tcpip* -Name NetbiosOptions -Value 2

reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /v "WpadOverride" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /v "WpadOverride" /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" /v DisableWpad /t REG_DWORD /d 1 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge" /v WPADQuickCheckEnabled /t REG_DWORD /d 0 /f

sc stop iphlpsvc

sc config iphlpsvc start= disabled

sc stop EntAppSvc

sc config EntAppSvc start= disabled

sc stop camsvc

sc config camsvc start= disabled

sc stop CDPSvc

sc config CDPSvc start= disabled

sc stop WinHttpAutoProxySvc

sc config WinHttpAutoProxySvc start= disabled

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge" /v DefaultFileSystemReadGuardSetting /t REG_DWORD /d 2 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge" /v DefaultWebHidGuardSetting /t REG_DWORD /d 2 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge" /v DefaultWebBluetoothGuardSetting /t REG_DWORD /d 2 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge" /v DefaultWebUsbGuardSetting /t REG_DWORD /d 2 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge" /v DefaultFileSystemWriteGuardSetting /t REG_DWORD /d 2 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\CDP" /v CdpSessionUserAuthzPolicy /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\CDP" /v NearShareChannelUserAuthzPolicy /t REG_DWORD /d 0 /f

REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\CDP" /v RomeSdkChannelUserAuthzPolicy /t REG_DWORD /d 0 /f

REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CDP" /v CdpSessionUserAuthzPolicy /t REG_DWORD /d 0 /f

REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CDP" /v NearShareChannelUserAuthzPolicy /t REG_DWORD /d 0 /f

REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CDP" /v RomeSdkChannelUserAuthzPolicy /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{0040D221-54A1-11D1-9DE0-006097042D69}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{835BEE60-8731-4159-8BFF-941301D76D05}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{91BC037F-B58C-43cb-AD9C-1718ACA70E2F}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{9da0e0ea-86ce-11d1-8699-00c04fb98036}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{A373F3DA-7A87-11D3-B1C1-00C04F68155C}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{A50398B8-9075-4FBF-A7A1-456BF21937AD}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{AD65A69D-3831-40D7-9629-9B0B50A93843}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{C7310557-AC80-11D1-8DF3-00C04FB6EF4F}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{CA6C8347-120F-4122-873F-F89138694AC8}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList" /v "{E8494122-79AD-11D2-909C-00A0C9AFE0AA}" /t REG_SZ /d "0" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NcdAutoSetup\Private" /v AutoSetup /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 2500 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1001 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1004 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1400 /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\software\policies\microsoft\office\16.0\excel\security\trusted locations" /v allownetworklocations /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\software\policies\microsoft\office\16.0\excel\security" /v blockcontentexecutionfrominternet /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3" /v "Com+Enabled" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3" /v "RemoteAccessEnabled" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\COM3" /v "Com+Enabled" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\COM3" /v "RemoteAccessEnabled" /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Service" /v allow_remote_requests /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service" /v allow_remote_requests /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\Tethering" /v RemoteStartupDisabled /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\Tethering\Roaming" /v PermissionsSet /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule" /v DisableRpcOverTcp /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /v DisableRpcOverTcp /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /v DisableRemoteScmEndpoints /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole" /v EnableDCOM /t REG_SZ /d "N" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole" /v EnableRemoteConnect /t REG_SZ /d "N" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM" /v EnableRemoteConnect /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Ole" /v EnableDCOM /t REG_SZ /d "N" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Ole" /v EnableRemoteConnect /t REG_SZ /d "N" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM" /v EnableRemoteConnect /t REG_DWORD /d 0 /f

PolicyAgent

powershell.exe -command "Disable-PsRemoting -force"

powershell.exe Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse -Force

powershell Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

:: Prevent Edge from running in background

:: On the new Chromium version of Microsoft Edge, extensions and other services can keep the browser running in the background even after it's closed.

:: Although this may not be an issue for most desktop PCs, it could be a problem for laptops and low-end devices as these background processes can

:: increase battery consumption and memory usage. The background process displays an icon in the system tray and can always be closed from there.

:: If you run enable this policy the background mode will be disabled.

reg add "HKLM\Software\Policies\Microsoft\Edge" /f

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BackgroundModeEnabled" /t REG_DWORD /d 0 /f

:: EDGE HARDENING ::

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SitePerProcess" /t REG_DWORD /d "0x00000001" /f

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SSLVersionMin" /t REG_SZ /d "tls1.2^@" /f

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NativeMessagingUserLevelHosts" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t REG_DWORD /d "0x00000001" /f

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverride" /t REG_DWORD /d "0x00000001" /f

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverrideForFiles" /t REG_DWORD /d "0x00000001" /f

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SSLErrorOverrideAllowed" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SmartScreenPuaEnabled" /t REG_DWORD /d "0x00000001" /f

reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AllowDeletingBrowserHistory" /t REG_DWORD /d "0x00000000" /f

reg add "HKLM\Software\Policies\Microsoft\Edge\ExtensionInstallAllowlist\1" /t REG_SZ /d "odfafepnkmbhccpbejgmiehpchacaeak" /f

reg add "HKLM\Software\Policies\Microsoft\Edge\ExtensionInstallForcelist\1" /t REG_SZ /d "odfafepnkmbhccpbejgmiehpchacaeak" /f

reg add "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Edge\Extensions\odfafepnkmbhccpbejgmiehpchacaeak" /v "update_url" /t REG_SZ /d "https://edge.microsoft.com/extensionwebstorebase/v1/crx" /f

::#######################################################################

:: Enable and Configure Google Chrome Internet Browser Settings

::#######################################################################

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AllowCrossOriginAuthPrompt" /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AlwaysOpenPdfExternally" /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AmbientAuthenticationInPrivateModesEnabled" /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AudioCaptureAllowed" /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AudioSandboxEnabled" /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "DnsOverHttpsMode" /t REG_SZ /d on /f

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ScreenCaptureAllowed" /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "SitePerProcess" /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "TLS13HardeningForLocalAnchorsEnabled" /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "VideoCaptureAllowed" /t REG_DWORD /d 1 /f

:: #####################################################################

:: Chrome hardening settings

:: #####################################################################

reg add "HKLM\Software\Policies\Google\Chrome" /v "AdvancedProtectionAllowed" /t REG_DWORD /d "1" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "RemoteAccessHostFirewallTraversal" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "DefaultPopupsSetting" /t REG_DWORD /d "33554432" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "DefaultGeolocationSetting" /t REG_DWORD /d "33554432" /f

:: reg add "HKLM\Software\Policies\Google\Chrome" /v "DefaultSearchProviderName" /t REG_SZ /d "Google Encrypted" /f

:: reg add "HKLM\Software\Policies\Google\Chrome" /v "DefaultSearchProviderSearchURL" /t REG_SZ /d "https://www.google.com/#q={searchTerms}" /f

:: reg add "HKLM\Software\Policies\Google\Chrome" /v "DefaultSearchProviderEnabled" /t REG_DWORD /d "16777216" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "AllowOutdatedPlugins" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "BackgroundModeEnabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "CloudPrintProxyEnabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "MetricsReportingEnabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "SearchSuggestEnabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "ImportSavedPasswords" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "IncognitoModeAvailability" /t REG_DWORD /d "16777216" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "EnableOnlineRevocationChecks" /t REG_DWORD /d "16777216" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "SavingBrowserHistoryDisabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "DefaultPluginsSetting" /t REG_DWORD /d "50331648" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "AllowDeletingBrowserHistory" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "PromptForDownloadLocation" /t REG_DWORD /d "16777216" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "DownloadRestrictions" /t REG_DWORD /d "33554432" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "AutoplayAllowed" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "SafeBrowsingExtendedReportingEnabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "DefaultWebUsbGuardSetting" /t REG_DWORD /d "33554432" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "ChromeCleanupEnabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "ChromeCleanupReportingEnabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "EnableMediaRouter" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "SSLVersionMin" /t REG_SZ /d "tls1.1" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "UrlKeyedAnonymizedDataCollectionEnabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "WebRtcEventLogCollectionAllowed" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "NetworkPredictionOptions" /t REG_DWORD /d "33554432" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "BrowserGuestModeEnabled" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome" /v "ImportAutofillFormData" /t REG_DWORD /d "0" /f

reg add "HKLM\Software\Policies\Google\Chrome\ExtensionInstallWhitelist" /v "1" /t REG_SZ /d "cjpalhdlnbpafiamejdnhcphjbkeiagm" /f

reg add "HKLM\Software\Policies\Google\Chrome\ExtensionInstallForcelist" /v "1" /t REG_SZ /d "cjpalhdlnbpafiamejdnhcphjbkeiagm" /f

reg add "HKLM\Software\Policies\Google\Chrome\URLBlacklist" /v "1" /t REG_SZ /d "javascript://*" /f

reg add "HKLM\Software\Policies\Google\Update" /v "AutoUpdateCheckPeriodMinutes" /t REG_DWORD /d "1613168640" /f

reg add "HKLM\Software\Policies\Google\Chrome\Recommended" /v "SafeBrowsingProtectionLevel" /t REG_DWORD /d "2" /f

reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters" /v RequireSecuritySignature /t REG_DWORD /d 1 /f

gpupdate /force

netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound

powershell.exe -command "Get-AppxPackage *QuickAssist* -AllUsers | Remove-AppxPackage"

powershell.exe -command "Get-AppxPackage *PowerAutomate* -AllUsers | Remove-AppxPackage"

powershell.exe Set-MpPreference -PUAProtection Enabled

powershell.exe iex ((New-Object System.Net.WebClient).DownloadString('https://simeononsecurity.ch/scripts/standalonewindows.ps1'))