Security für Windows 10 – Registry Hacks

Security Registry Hacks

Mit diesen Registry Hacks lassen sich folgende Sicherheitseinstellungen vornehmen:

Enable DEP and isolation in Internet Explorer

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main“ /v „DEPOff“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main“ /v „Isolation64Bit“ /t REG_DWORD /d 1 /f

Disable SSLv3 fallback, and the ability to ingore certificate errors, in Internet Explorer

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings“ /v „CallLegacyWCMPolicies“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings“ /v „EnableSSL3Fallback“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings“ /v „PreventIgnoreCertErrors“ /t REG_DWORD /d 1 /f

Disable Flash Player in Edge

Powershell anzeigen

reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\MicrosoftEdge\Addons“ /v „FlashPlayerEnabled“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Addons“ /v „FlashPlayerEnabled“ /t REG_DWORD /d 0 /f

Enable Edge Phising Filter

Powershell anzeigen

reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter“ /v „EnabledV9“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter“ /v „EnabledV9“ /t REG_DWORD /d 1 /f

Disable and configure Windows Remote Desktop and Remote Desktop Services

Powershell anzeigen

reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services“ /v „AllowSignedFiles“ /t REG_DWORD /d 0 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services“ /v „AllowUnsignedFiles“ /t REG_DWORD /d 0 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services“ /v „DisablePasswordSaving“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing“ /v „NoRDS“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS“ /v „AllowRemoteShellAccess“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services“ /v „AllowSignedFiles“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services“ /v „AllowUnsignedFiles“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services“ /v „CreateEncryptedOnlyTickets“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services“ /v „DisablePasswordSaving“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services“ /v „fAllowToGetHelp“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services“ /v „fAllowUnsolicited“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services“ /v „fDenyTSConnections“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client“ /v „fEnableUsbBlockDeviceBySetupClass“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client“ /v „fEnableUsbNoAckIsochWriteToDevice“ /t REG_DWORD /d 80 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client“ /v „fEnableUsbSelectDeviceByInterface“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings“ /v „Enabled“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop“ /v „Enabled“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework“ /v „Enabled“ /t REG_DWORD /d 0 /f

Block Macros and other Content Execution for Office 2016

Powershell anzeigen

reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\access\security“ /v „vbawarnings“ /t REG_DWORD /d 4 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\excel\security“ /v „vbawarnings“ /t REG_DWORD /d 4 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\excel\security“ /v „blockcontentexecutionfrominternet“ /t REG_DWORD /d 1 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\excel\security“ /v „excelbypassencryptedmacroscan“ /t REG_DWORD /d 0 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\ms project\security“ /v „vbawarnings“ /t REG_DWORD /d 4 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\ms project\security“ /v „level“ /t REG_DWORD /d 4 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\outlook\security“ /v „level“ /t REG_DWORD /d 4 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\powerpoint\security“ /v „vbawarnings“ /t REG_DWORD /d 4 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\powerpoint\security“ /v „blockcontentexecutionfrominternet“ /t REG_DWORD /d 1 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\publisher\security“ /v „vbawarnings“ /t REG_DWORD /d 4 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\visio\security“ /v „vbawarnings“ /t REG_DWORD /d 4 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\visio\security“ /v „blockcontentexecutionfrominternet“ /t REG_DWORD /d 1 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\word\security“ /v „vbawarnings“ /t REG_DWORD /d 4 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\word\security“ /v „blockcontentexecutionfrominternet“ /t REG_DWORD /d 1 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\word\security“ /v „wordbypassencryptedmacroscan“ /t REG_DWORD /d 0 /f
reg add „HKEY_CURRENT_USER\Software\Policies\Microsoft\office\common\security“ /v „automationsecurity“ /t REG_DWORD /d 3 /f

Enable Automatic Updates for Office

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\16.0\common\officeupdate“ /v „enableautomaticupdates“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\16.0\common\officeupdate“ /v „hideenabledisableupdates“ /t REG_DWORD /d 1 /f

Enable Enhanced Face Spoofing Protection

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures“ /v „EnhancedAntiSpoofing“ /t REG_DWORD /d 1 /f

Disable Pushing of Apps for Installation from the Windows Store

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PushToInstall“ /v „DisablePushToInstall“ /t REG_DWORD /d 1 /f

Disable Projecting (Connect) to the Device, and require a PIN for pairing

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent“ /v „AllowProjectionToPC“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent“ /v „RequirePinForPairing“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WirelessDisplay“ /v „EnforcePinBasedPairing“ /t REG_DWORD /d 1 /f
reg add „HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings“ /v „NoPresentationSettings“ /t REG_DWORD /d 1 /f

Force enable Data Execution Prevention (DEP)

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer“ /v „NoDataExecutionPrevention“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System“ /v „DisableHHDEP“ /t REG_DWORD /d 0 /f

Disable Autorun

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer“ /v „NoAutorun“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer“ /v „NoDriveTypeAutoRun“ /t REG_DWORD /d 255 /f

Disable Active Desktop

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer“ /v „ForceActiveDesktopOn“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer“ /v „NoActiveDesktop“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer“ /v „NoActiveDesktopChanges“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop“ /v „NoAddingComponents“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop“ /v „NoComponents“ /t REG_DWORD /d 1 /f

Disable Desktop Gadgets

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar“ /v „TurnOffSidebar“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar“ /v „TurnOffUnsignedGadgets“ /t REG_DWORD /d 1 /f

Force Process digital Certificates when running Executables

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers“ /v „authenticodeenabled“ /t REG_DWORD /d 1 /f

Enable Network Authentication

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services“ /v „UserAuthentication“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp“ /v „UserAuthentication“ /t REG_DWORD /d 1 /f

Disable Picture Passwords

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System“ /v „BlockDomainPicturePassword“ /t REG_DWORD /d 1 /f

Enable SmartScreen

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System“ /v „EnableSmartScreen“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System“ /v „ShellSmartScreenLevel“ /t REG_SZ /d „Warn“ /f

Disable Windows Update deferrals

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate“ /v „DeferFeatureUpdates“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate“ /v „DeferQualityUpdates“ /t REG_DWORD /d 0 /f

Enable Windows Defender

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender“ /v „DisableAntiSpyware“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender“ /v „ServiceKeepAlive“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection“ /v „DisableIOAVProtection“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection“ /v „DisableRealtimeMonitoring“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan“ /v „CheckForSignaturesBeforeRunningScan“ /t REG_DWORD /d 1 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan“ /v „DisableHeuristics“ /t REG_DWORD /d 0 /f
reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments“ /v „ScanWithAntiVirus“ /t REG_DWORD /d 3 /f

Do not allow Users and Apps to connect to Malicious Websites

Powershell anzeigen

reg add „HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection“ /v „EnableNetworkProtection“ /t REG_DWORD /d 1 /f

Security für Windows 10 – Registry Hacks

Security für Windows 10 – Registry Hacks