|
REM "https://cafe.daum.net/candan/GGFN/470 "
REM "https://cafe.daum.net/candan/GGFN/518 이게 더 업글 버전"
REM 프린터 제거 하기
REM "수상한 계정이나 모두 삭제 다시 부팅"
REM rundll32.exe keymgr.dll, KRShowKeyMgr
REM "https://account.live.com/password/reset 비밀 번호 재설정 하라고 하네요. 16자 까지 사용 "
REM "RDP 차단 Microsoft Authenticator [추가 인증이 요청됨]"
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp" /v fEnableWinStation /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp" /v MaxInstanceCount /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp" /v fLogonDisabled /t REG_DWORD /d 1 /f
REM "https://cafe.daum.net/candan/AurF/110 Microsoft Authenticator [추가 인증이 요청됨]"
REG add "HKLM\System\CurrentControlSet\Control\Lsa" /v AuditBaseObjects /t REG_DWORD /d 1 /f
REG add "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxIdleTime /t REG_DWORD /d 40 /f
REM REG add "HKLM\System\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 1 /f
REM RDP 접속 할 경우 IP 남기기
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v LogIPAddress /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v Logging /t REG_DWORD /d 1 /f
rem "msn 메신지 비활성화 하기 https://admx.help/?Category=Windows_11_2022&Policy=Microsoft.Policies.WindowsMessenger::WinMSG_NoWindowsMsg_User&Language=ko-kr "
REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client" /v "PreventRun" /t REG_DWORD /d 1 /f
REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client" /v "PreventAutoRun" /t REG_DWORD /d 1 /f
# 온드라이브 찌꺼기 제거
Remove-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\*" -Recurse -Force
REM "https://admx.help/?Category=InternetExplorer&Policy=Microsoft.Policies.InternetExplorer::IZ_Policy_TurnOnProtectedMode_1&Language=ko-kr"
REM IE 쿠키 거부
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones" /v "2500" /t REG_DWORD /d 3 /f
REM IE ActiveX 컨트롤 및 플러그 인 실행안함
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1400" /t REG_DWORD /d 3 /f
REM IE 자바 거부
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1400" /t REG_DWORD /d 3 /f
REM 보호 모드 켜기
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 " /v "2500" /t REG_DWORD /d 0 /f
REM "로컬 컴퓨터 영역 잠금 템플릿 https://admx.help/?Category=InternetExplorer&Policy=Microsoft.Policies.InternetExplorer::IZ_PolicyLocalMachineZoneLockdownTemplate&Language=ko-kr "
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies" /v "LocalMachineZoneLockdownTemplate" /t REG_DWORD /d 1 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies" /v "Locked-Down Local Machine Zone" /t REG_DWORD /d 4 /f
REM "로컬 컴퓨터 영역 템플릿 https://learn.microsoft.com/en-us/troubleshoot/developer/browsers/security-privacy/ie-security-zones-registry-entries"
REM " https://admx.help/?Category=InternetExplorer&Policy=Microsoft.Policies.InternetExplorer::IZ_PolicyLocalMachineZoneTemplate&Language=ko-kr "
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\Template Policies" /v "LocalMachineZoneTemplate" /t REG_DWORD /d 1 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\Template Policies" /v "Local Machine Zone" /t REG_DWORD /d 4 /f
REM 모든 프로세스 차단
REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" /v "*" /t REG_SZ /d 1 /f
REM 1A06 타사 쿠키
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "1A06" /t REG_DWORD /d 3 /f
REM "자바 차단 중국 https://zhuanlan.zhihu.com/p/130767818"
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "1605" /t REG_DWORD /d 3 /f
REM IE 로그인 차단
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "1A00" /t REG_DWORD /d 3 /f
REM 세이프 브라우징 보호 수준
REM "크롬 세이프 브라우징 / 향상된 보호 모드 https://admx.help/?Category=Chrome&Policy=Google.Policies.Chrome::SafeBrowsingProtectionLevel&Language=ko-kr "
REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome" /v "SafeBrowsingProtectionLevel" /t REG_SZ /d 2 /f
REM 크롬 원격 연결 허용안함
REM " https://admx.help/?Category=Chrome&Policy=Google.Policies.Chrome::RemoteAccessHostAllowRemoteAccessConnections&Language=ko-kr "
REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome" /v "RemoteAccessHostAllowRemoteAccessConnections" /t REG_SZ /d 0 /f
REM "원격 액세스 사용자가 호스트와 파일 전송을 할 수 있게 허용 안함"
REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome" /v "RemoteAccessHostAllowFileTransfer" /t REG_SZ /d 0 /f
REM 중국 해커 차단
netsh advfirewall firewall add rule name="Block IPv6 Range" dir=in action=block enable=yes remoteip=240e:300::/24
netsh advfirewall firewall add rule name="Block IPv6 Range" dir=out action=block enable=yes remoteip=240e:300::/24
netsh advfirewall firewall add rule name="Block IPv6 Range" dir=in action=block enable=yes remoteip=2a07:db80::/29
netsh advfirewall firewall add rule name="Block IPv6 Range" dir=out action=block enable=yes remoteip=2a07:db80::/29
REM "러시아 해커"
netsh advfirewall firewall add rule name="Block IPv6 Range" dir=in action=block enable=yes remoteip="2a07:db80::-2a07:db87:ffff:ffff:ffff:ffff:ffff:ffff"
netsh advfirewall firewall add rule name="Block IPv6 Range" dir=out action=block enable=yes remoteip="2a07:db80::-2a07:db87:ffff:ffff:ffff:ffff:ffff:ffff"
REM " https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.VolumeEncryption::ConfigureAdvancedStartup_Name&Language=ko-kr "
REM "시작 시 추가 인증 요구 TPM"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v "UseAdvancedStartup" /t REG_DWORD /d 1 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v "UseTPM" /t REG_DWORD /d 1 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v "UseTPMPIN" /t REG_DWORD /d 1 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v "UseTPMKey" /t REG_DWORD /d 1 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v "UseTPMKeyPIN" /t REG_DWORD /d 1 /f
REM "SMB 사용안함"
REM "https://silicophilic.com/disable-smbv1-in-windows-10/"
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\FsctlAllowlist" /v "SMB1" /t REG_DWORD /d 0 /f
REM "SMBv1 관련 비활성"
REM "https://www.stigviewer.com/stig/windows_7/2017-02-21/finding/V-73523"
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb" /v "Start" /t REG_DWORD /d 4 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb20" /v "Start" /t REG_DWORD /d 4 /f
REM "LanmanWorkstation 서비스는 다음 오류 때문에 시작하지 못한 mrxsmb20 서비스에 종속됩니다. 에러가 발생 할수 있다. 기본값은 3"
REM "프린터 공유 흔적 제거 레지스트 비우기"
powershell -command "Remove-Item -Path 'Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\TriggerInfo\*' -Recurse -Force"
첫댓글 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer DependOnService 비우기?
SamSS
Srv2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
Bowser
MRxSmb20
NSI