<![CDATA[
<p> </p><p> </p><p>echo 원격 장치 제거 home인대 이놈이 있다</p><p>pnputil /remove-device "SWD\PRINTENUM\PrintQueues" <br>pnputil /remove-device "ROOT\RDPBUS\0000"</p><p> </p><p>REM "수상한 계정이나 모두 삭제 다시 부팅" <br>REM rundll32.exe keymgr.dll, KRShowKeyMgr</p><p>REM "<a href="https://cafe.daum.net/candan/Lrrk/23" target="_blank" class="ke-link">https://cafe.daum.net/candan/Lrrk/23</a> " <br>REM "<a href="https://account.live.com/password/reset" target="_blank" class="ke-link">https://account.live.com/password/reset</a> 비밀 번호 재설정 하라고 하네요. 16자 까지 사용" </p><p> </p><p>REM IE 쿠키 거부 <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones" /v "2500" /t REG_DWORD /d 3 /f <br><br>REM IE 자바 거부 <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1400" /t REG_DWORD /d 3 /f</p><p> </p><hr data-ke-style="style3"><p> </p><p>REM "셰션 다시 시작 후 마지막 대화형 사용자 자동 로그인 및 잠금" <br>REM " <a href="https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsLogon2::AutomaticRestartSignOn&Language=ko-kr" target="_top" class="ke-link">https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsLogon2::AutomaticRestartSignOn&Language=ko-kr</a>" <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableAutomaticRestartSignOn" /t REG_DWORD /d 1 /f <br><br>REM " <a href="https://cafe.daum.net/candan/GGFN/499" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/499</a>로그인 ID 숨기기 보안 셰션 로그인 문제 해결 이걸로 해킹 하는 것 같다" <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "dontdisplaylastusername" /t REG_DWORD /d 3 /f <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "DontDisplayLockedUserId" /t REG_DWORD /d 3 /f</p><p> </p><p> </p><p>echo 업글 안될때. ms에서 제공 하는 방법 ㅎ  <br>REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup" /v "AllowUpgradesWithUnsupportedTPMOrCPU" /t REG_DWORD /d 1 /f</p><p><br>echo "자격 증명 악성코드가 남발 하는거 차단, 자격 증명 신뢰 할수 있는 요구"<br>echo "단점은 이걸 하면 먼가를 설치 할때 alt del ctrl 누르라고 구찮게 한다. 하지만 그래도 자격증명 열거 보단.. 좋다."<br>echo "https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.CredentialsUI::EnableSecureCredentialPrompting&Language=ko-kr "<br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" /v "EnableSecureCredentialPrompting" /t REG_DWORD /d 1 /f  <br><br>echo <a href="https://cafe.daum.net/candan/BLQD/68" target="_blank" class="ke-link">https://cafe.daum.net/candan/BLQD/68</a> 자격 증명 메뉴 강화 <br>echo 로그인 비밀번호 입력 보이게 하기 버튼 숨기기 <a href="https://appuals.com/disable-password-reveal-button-in-windows-10/" target="_blank" class="ke-link">https://appuals.com/disable-password-reveal-button-in-windows-10/</a> <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" /v "DisablePasswordReveal" /t REG_DWORD /d 1 /f  <br>  <br>echo 권한 상승시에 비밀번호 다시 물어 보기 <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" /v "EnumerateAdministrators" /t REG_DWORD /d 1 /f  <br><br>echo 비밀번호 힌트 가리기 <a href="https://www.tenforums.com/tutorials/117755-enable-disable-security-questions-local-accounts-windows-10-a.html" target="_blank" class="ke-link">https://www.tenforums.com/tutorials/117755-enable-disable-security-questions-local-accounts-windows-10-a.html</a> <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" /v "NoLocalPasswordResetQuestions" /t REG_DWORD /d 1 /f  <br><br><br>echo 계정 로그인 감사(어떤 놈이 내 컴퓨터 로그인 하지는지 로그에 남기기) 매우 중요함. <br>REM AuditPol /List /Category /V</p><p><span style="color: #333333; background-color: #ffffff;" data-ke-size="size16">REM </span> auditpol /get /category:* <br><span style="color: #333333; background-color: #ffffff;" data-ke-size="size16">REM </span> auditpol /get /category:* /r  <br><br>echo 계정 로그온                                  {xxxx-xxxx-xxxx-xxxx-xxxx} <br>echo 등록 아래 처럼. <br>auditpol /set /category:"{xxxx-xxxx-xxxx-xxxx-xxxx}" /success:enable /failure:enable</p><p>auditpol /set /category:"" /success:enable /failure:enable</p><p> </p><p>REM "계정 로그인 성공 실패"</p><p>auditpol /set /category:"{69979850-797A-11D9-BED3-505054503030}" /success:enable /failure:enable</p><p> </p><p>REM "계정 로그온  로그온 로그오프"</p><p>auditpol /set /category:"{6997984E-797A-11D9-BED3-505054503030}" /success:enable /failure:enable</p><p>auditpol /set /category:"{69979849-797A-11D9-BED3-505054503030}" /success:enable /failure:enable</p><p> </p><p>auditpol.exe /set /category:"{69979849-797A-11D9-BED3-505054503030}" /success:enable /failure:enable <br>auditpol.exe /set /category:"{69979850-797A-11D9-BED3-505054503030}" /success:enable /failure:enable</p><p> </p><hr data-ke-style="style3"><p><s>REM "모든 이벤트 감사 하기 <a href="https://cafe.daum.net/candan/GGFN/480" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/480</a>"</s></p><p><s>auditpol /set /category:"{6997984F-797A-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /category:"{6997984A-797A-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /category:"{6997984E-797A-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /category:"{69979850-797A-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /category:"{6997984B-797A-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /category:"{69979849-797A-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /category:"{6997984C-797A-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /category:"{69979848-797A-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /category:"{6997984D-797A-11D9-BED3-505054503030}" /success:enable /failure:enable</s></p><p> </p><p><s>REM "<a href="https://cafe.daum.net/candan/GGFN/479" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/479</a>" </s><br><s>auditpol /set /subcategory:"{0CCE9215-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /subcategory:"{0CCE9216-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /subcategory:"{0CCE9217-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /subcategory:"{0CCE921B-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /subcategory:"{0CCE921C-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /subcategory:"{0CCE9243-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable </s><br><s>auditpol /set /subcategory:"{0CCE9220-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable</s></p><hr data-ke-style="style3"><p> </p><p>echo <a href="https://forbes.tistory.com/1265" target="_blank" class="ke-link">https://forbes.tistory.com/1265</a> <br>echo 오프라인 계정 만들기 <br><br>echo 사용자 a <br>echo 암호 a <br><br>echo 에러나도 계속 진행 오프라인 계정이 나온다 휴. <br>(최근에 ms가 오프라인 계정을 방치 하기 때문에 온라인 계정을 강재 사용 해야 해킹을 덜 당하는 것 같습니다 최초 로그인 할때 FIDA2 보안키를 사용 하면 좀더 안전 합니다 ms 계정이 없다고 하여도 오프라인으로 만든다고 하여도 PIN 암호를 사용 하세요 해킹에 덜 당한다고 하네요.) <br><br><br>echo 윈도우 시작이 검은 화면 cmd 인텔 그래픽 카드 관련 지우기 <br>del "%windir%\system32\*.bat" <br><br>echo <a href="https://www.revouninstaller.com/start-freeware-download/" target="_blank" class="ke-link">https://www.revouninstaller.com/start-freeware-download/</a> 앱 삭제(삭제 안되는 앱) <br><br><br>echo 게스트 계정으로 접근 시도가 있었다. CompatTelRunner.exe <br>schtasks /change /tn "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /disable >nul</p><p>REM "0은 진단 데이터 보내지 않기라고 하고 1이 진단 데이터 보내기라고 한다 AllowTelemetry 오타가 났었다."</p><p>REM reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t reg_DWORD /d 0 /f</p><p> </p><p>REM "진단 보내기 하지만 게스트는 접근 차단"<br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 3 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v EveryoneIncludesAnonymous /t REG_DWORD /d 0 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v GuestAccess /t REG_DWORD /d 0 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v GuestsAccess /t REG_DWORD /d 0 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v IIS_IUSRSAccess /t REG_DWORD /d 0 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v RemoteInteractiveLogonAccess /t REG_DWORD /d 0 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v RemoteManagementUsersAccess /t REG_DWORD /d 0 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowGameDvr" /t REG_DWORD /d 0 /f</p><p> </p><p>REM "피드백 보내기 빈도 항상 <a href="https://cafe.daum.net/candan/ASdB/435" target="_blank" class="ke-link">https://cafe.daum.net/candan/ASdB/435</a>" <br>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /t REG_QWORD /d "100000000" /f<br>reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /f</p><p><br>echo 원격실행 안되게 하기 레지스트 <a href="https://www.technipages.com/prevent-users-from-running-certain-programs" target="_blank" class="ke-link">https://www.technipages.com/prevent-users-from-running-certain-programs</a></p><p>echo "헛갈리면 안된다 경로가 두개가 조금 다르고 처음건 REG_DWORD이고 두번째것은 REG_SZ 이다"</p><p>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DisallowRun /t REG_DWORD /d 1 /f <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v 1 /t REG_SZ /d mstsc.exe /f <br><br>  <br>REM 게스트 원격 차단 <br>icacls "%windir%\System32\mstsc.exe"  <br>takeown /F "%windir%\System32\mstsc.exe" /A <br>icacls "%windir%\System32\mstsc.exe" /save d:\mstsc.exe.txt <br>icacls "%windir%\System32\mstsc.exe" /grant Administrators:F <br>icacls "%windir%\System32\mstsc.exe" /setintegritylevel H <br>icacls "%windir%\System32\mstsc.exe" /deny "NETWORK SERVICE":(F) "GUEST":(F) "IIS_IUSRS":(F) "REMOTE INTERACTIVE LOGON":(F) "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F" <br>icacls "%windir%\System32\mstsc.exe" /setowner "NT SERVICE\TrustedInstaller"  <br>icacls "%windir%\System32\mstsc.exe" /grant:r Administrators:RX <br>icacls "%windir%\System32\mstsc.exe"  <br><br>REM "복구 할때" <br>REM icacls /reset "%windir%\System32\mstsc.exe"  <br>REM icacls %windir%\System32\ d:\mstsc.exe.txt<br><br><br>echo https://www.ntlite.com/community/index.php?threads/windows-11.2235/page-12 <br>echo  Remove Chat <br>Reg Add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarMn /t REG_DWORD /d 0 /f <br>Reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Chat" /v ChatIcon /t REG_DWORD /d 3 /f <br><br>  <br>echo 장치간 공유 해제 <a href="https://www.elevenforum.com/t/turn-on-or-off-share-across-devices-for-app-experiences-in-windows-11.3857/" target="_blank" class="ke-link">https://www.elevenforum.com/t/turn-on-or-off-share-across-devices-for-app-experiences-in-windows-11.3857/</a> 앱공유 끄기 <a href="https://github.com/Thdub/Optimize_NextGen/blob/master/Files/Scripts/RegistryTweaks/Registry%20Tweaks.bat" target="_blank" class="ke-link">https://github.com/Thdub/Optimize_NextGen/blob/master/Files/Scripts/RegistryTweaks/Registry%20Tweaks.bat</a>   <br>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CDP" /v CdpSessionUserAuthzPolicy /t REG_DWORD /d 0 /f <br>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CDP" /v RomeSdkChannelUserAuthzPolicy /t REG_DWORD /d 0 /f <br>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CDP" /v EnableRemoteLaunchToast /t REG_DWORD /d 0 /f <br><br>echo 롤 글자 렉 걸리는 문제 크롬 끝 글자 잘리는 문제 등록 키보드<br>reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\InputMethod\Settings\KOR" /v ConfigureImeVersion /t REG_DWORD /d 1 /f <br><br>echo 앱 <a href="https://winaero.com/enable-or-disable-web-site-access-to-language-list-in-windows-10/" target="_blank" class="ke-link">https://winaero.com/enable-or-disable-web-site-access-to-language-list-in-windows-10/</a> 웹 싸이트에서 내 언어 목록에 엑센스하여 관련 콘텐츠를 로컬로 표시하도록 허용(해제 하기) <br>reg add "HKEY_CURRENT_USER\Control Panel\International\User Profile" /v HttpAcceptLanguageOptOut /t REG_DWORD /d 1 /f <br><br>echo 업데이트 오류 <a href="https://cafe.daum.net/candan/HbCr/125" target="_blank" class="ke-link">https://cafe.daum.net/candan/HbCr/125</a> Windows.SecurityCenter.SecurityAppBroker 부여하지 않았습니다 <br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v "DelayedAutostart" /t REG_DWORD /d 0 /f <br>sc config "wuauserv" start= delayed-auto <br>sc start "wuauserv" <br><br>echo 정체를 알수 없는 스토리지 실행 smphost <br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smphost" /v "Start" /t REG_DWORD /d 4 /f <br>sc config "smphost" start= disabled <br>sc stop "smphost" <br><br>echo 원격 RDCS 구성 SessionEnv <br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SessionEnv" /v "Start" /t REG_DWORD /d 4 /f <br>sc config "SessionEnv" start= disabled <br>sc stop "SessionEnv" <br><br>echo 사용자가 원격 컴퓨터에 대화형 TermService <br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService" /v "Start" /t REG_DWORD /d 4 /f <br>sc config "TermService" start= disabled <br>sc stop "TermService" <br><br>echo 프린터/드라이버/RDP UmRdpService <br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmRdpService" /v "Start" /t REG_DWORD /d 4 /f <br>sc config "UmRdpService" start= disabled <br>sc stop "UmRdpService" <br><br><br>echo netplwiz <br>echo IIS 실행 금지 <br>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v 3 /t REG_SZ /d w3wp.exe /f  <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v 3 /t REG_SZ /d w3wp.exe /f <br><br>echo IIS 공유 관련 SMSvcHost W3wp.exe 켜는 아이  <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v 5 /t REG_SZ /d smsvchost.exe /f <br><br><br>echo 기업용 앱들  <br>echo <a href="https://pureinfotech.com/view-installed-apps-powershell-windows-10/" target="_blank" class="ke-link">https://pureinfotech.com/view-installed-apps-powershell-windows-10/</a> <br>Get-AppxPackage Microsoft.PowerAutomateDesktop -AllUsers | Remove-AppxPackage  <br>Get-AppxPackage MicrosoftTeams -AllUsers | Remove-AppxPackage <br><br>echo <a href="https://www.minitool.com/news/ms-gaming-overlay-popup.html" target="_blank" class="ke-link">https://www.minitool.com/news/ms-gaming-overlay-popup.html</a> <br>echo 게임 런처 삭제 해킹에 악용 되는듯 자격증명을 받고 계심  <br>Get-AppxPackage Microsoft.XboxGamingOverlay | Remove-AppxPackage <br>REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GameDVR" /v "AppCaptureEnabled" /t REG_DWORD /d 0 /f <br>REG ADD "HKEY_CURRENT_USER\System\GameConfigStore" /v "GameDVR_Enabled" /t REG_DWORD /d 0 /f <br><br>echo net3.5 설치 안되는 문제 usb 꼽고 X부분을 자신의 usb에 맞게 수정 예를 들자면 E? 나 F? <br>DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:X:\sources\sxs <br><br>echo 넷 바이오스 사용안함 NetBIOS over TCP/IP <a href="https://cafe.daum.net/candan/GGFN/271" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/271</a> <br>$regkey = "HKLM:SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces" <br>Get-ChildItem $regkey |foreach { Set-ItemProperty -Path "$regkey\$($_.pschildname)" -Name NetbiosOptions -Value 2 -Verbose} <br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v EnableLMHOSTS /t REG_DWORD /d "0" /f <br><br>echo Global.Accounts 관련 <a href="https://cafe.daum.net/candan/I45j/78" target="_blank" class="ke-link">https://cafe.daum.net/candan/I45j/78</a>  잠금 화면 추천 별걸로 해킹을 다하는 느낌. <br>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-Enabled" /t REG_DWORD /d "0" /f <br>reg add "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsSpotlightFeatures" /t REG_DWORD /d "1" /f <br><br>echo backgroundTaskHost.exe 수상함 Global.Accounts <br>reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Search /v BingSearchEnabled /t REG_DWORD /d 0 /f <br>reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Search /v CortanaConsent /t REG_DWORD /d 0 /f <br>reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search” /v AllowCortana /t REG_DWORD /d 0 /f <br><br>echo 심하면 잠금 하고 써야 할듯 수상함 ㅎ(모르는 사람 장치 관리자 등록 했더니) <br>echo 이렇게 해도 안되더라. 코어에 이상한 장치가 설치 된 경우 수동으로 제거 해야 한다 <br>echo <a href="https://cafe.daum.net/candan/HbCr/123" target="_blank" class="ke-link">https://cafe.daum.net/candan/HbCr/123</a>    <br>pnputil /delete-driver oem5.inf /uninstall <br><br>echo <a href="https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-deviceguard-unattend" target="_blank" class="ke-link">https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-deviceguard-unattend</a>  무결성이 겹쳐서 비활성화 된듯 하다. 이렇게 하니 문제 없이 잘 작동 하였다. 코어 격리 <br>REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f <br>REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LsaCfgFlags" /t REG_DWORD /d 1 /f <br>REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "HypervisorEnforcedCodeIntegrity" /t REG_DWORD /d 1 /f <br><br>echo <a href="https://docs.microsoft.com/ko-kr/windows/security/identity-protection/remote-credential-guard" target="_blank" class="ke-link">https://docs.microsoft.com/ko-kr/windows/security/identity-protection/remote-credential-guard</a> 원격에게 자격증명 제한 하기 <br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v "DisableRestrictedAdmin" /t REG_DWORD /d 0 /f <br><br>  <br>REM hello 모든 계정 강재 하기 1로 하면 비지니스 켜지니 그냥 0으로 해야 한다 <a href="https://cafe.daum.net/candan/Lrrk/10" target="_blank" class="ke-link">https://cafe.daum.net/candan/Lrrk/10</a><br>REM reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /t REG_DWORD /d 0 /f <br><br>echo <a href="https://cafe.daum.net/candan/AurF/106" target="_blank" class="ke-link">https://cafe.daum.net/candan/AurF/106</a> 감사실패 관련 알수 없는 로그인 하는 경우.  <br>echo 내보내기  <br>md d:\secedit  <br>secedit /export /cfg d:\secedit\cfg.ini > nul <br><br>tar -cvzf d:\secedit.zip d:\secedit <br>echo 만약을 위해 압축 하기 <br><br>notepad d:\secedit\cfg.ini <br>echo 수정하기 <br><br>MinimumPasswordAge = 0 (기본값) 최소 하루 <br>MinimumPasswordAge = 1 <br><br>MinimumPasswordLength = 0 암호 최소 길이 <br>MinimumPasswordLength = 14 <br><br>PasswordComplexity = 0 암호 복잡성 기본값 사용안함 아래 1은 사용  <br>PasswordComplexity = 1 <br><br>LockoutBadCount = 0 : (기본값) 계정 정책 > 계정 잠금 정책 > 계정 잠금 임계값 <a href="https://cafe.daum.net/candan/BLQD/81" target="_blank" class="ke-link">https://cafe.daum.net/candan/BLQD/81</a> <br>LockoutBadCount = 5 <br><br>AllowAdministratorLockout = 0  (기본값) 아니요  <a href="https://cafe.daum.net/candan/BLQD/86" target="_blank" class="ke-link">https://cafe.daum.net/candan/BLQD/86</a> 1로 하는 것이 보안에 좋다고. <br>AllowAdministratorLockout = 1</p><p> </p><p>ForceLogoffWhenHourExpire = 0 <a href="https://ikcoo.tistory.com/222" target="_blank" class="ke-link">https://ikcoo.tistory.com/222</a> 네트워크 보안: 로그온 시간이 만료되면 강제로 로그오프됨</p><p>ForceLogoffWhenHourExpire = 1</p><p> </p><p>CachedLogonsCount=1,"10"  수상한 캐쉬 로그인 0으로 해도 자꾸 풀린다.</p><p>CachedLogonsCount=1,"0"</p><p><br>echo 14 이상 하면 오류 난다. <br>SeDenyNetworkLogonRight = Guest</p><p>SeDenyInteractiveLogonRight = Guest <br><br>echo 로컬 로그인 차단 SeDenyInteractiveLogonRight <br>SeDenyBatchLogonRight = Guest <br>SeDenyServiceLogonRight = Guest <br>SeDenyRemoteInteractiveLogonRight = Guest <br>echo 없다면 삽입 해주기</p><p> </p><p>REM 프린터 차단 인쇄 차단<br>SeDenyServiceLogonRight = *S-1-5-32-550 <br>SeDenyNetworkLogonRight = *S-1-5-32-550 <br>SeDenyRemoteInteractiveLogonRight = *S-1-5-32-550</p><p> </p><p>REM 서버 차단 할 경우 ,*S-1-5-13,*S-1-5-32-549<br>SeDenyServiceLogonRight = Guest,,*S-1-5-13,*S-1-5-32-549</p><p> </p><p>REM *S-1-5-32-558은 모니터링이다 AI가 미쳐서 이상한걸 서버라고 알려 줌</p><p>REM 기존거 1.txt </p><div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/b5a92a5ab57fa8f208abe5aa2a697d97660a5c20?download" data-file-name="1.txt" data-file-size="917" data-mimetype="text/plain" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DASdB%26dataid%3D429%26fileid%3D5%26regdt%3D20220925050813&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2Fb5a92a5ab57fa8f208abe5aa2a697d97660a5c20')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">1</span><span class="type">.txt</span></div><div class="size">917B</div></div></a></div><p>SeDenyNetworkLogonRight = *S-1-0-0,*S-1-5-113,*S-1-5-14,*S-1-5-17,Guest,*S-1-5-32-546,*S-1-5-32-555,*S-1-5-32-568,*S-1-5-32-575,*S-1-5-32-576,*S-1-5-32-577,*S-1-5-7,*S-1-5-80-0,*S-1-5-9,*S-1-5-32-553,*S-1-5-32-571,*S-1-5-32-580,*S-1-5-32-549,*S-1-5-32-547,*S-1-5-1,*S-1-5-32-550<br>SeDenyBatchLogonRight = *S-1-0-0,*S-1-5-14,*S-1-5-17,Guest,*S-1-5-32-546,*S-1-5-32-555,*S-1-5-32-568,*S-1-5-32-575,*S-1-5-32-576,*S-1-5-32-577,*S-1-5-7,*S-1-5-9,*S-1-5-32-553,*S-1-5-32-571,*S-1-5-32-580,*S-1-5-32-549,*S-1-5-32-547,*S-1-5-32-547,*S-1-5-1 <br>SeDenyServiceLogonRight = *S-1-0-0,*S-1-5-14,*S-1-5-17,Guest,*S-1-5-32-546,*S-1-5-32-555,*S-1-5-32-568,*S-1-5-32-575,*S-1-5-32-576,*S-1-5-32-577,*S-1-5-7,*S-1-5-9,*S-1-5-32-553,*S-1-5-32-571,*S-1-5-32-580,*S-1-5-32-549,*S-1-5-32-547,*S-1-5-1,*S-1-5-13,*S-1-5-32-549,*S-1-5-32-550<br>SeDenyInteractiveLogonRight = *S-1-0-0,*S-1-5-14,*S-1-5-17,Guest,*S-1-5-32-546,*S-1-5-32-555,*S-1-5-32-568,*S-1-5-32-575,*S-1-5-32-576,*S-1-5-32-577,*S-1-5-7,*S-1-5-9,*S-1-5-32-553,*S-1-5-32-571,*S-1-5-32-580,*S-1-5-32-549,*S-1-5-32-547,*S-1-5-1</p><p>SeDenyRemoteInteractiveLogonRight = *S-1-0-0,*S-1-1-0,*S-1-2-0,*S-1-2-1,*S-1-5-113,*S-1-5-14,*S-1-5-17,Guest,*S-1-5-32-544,*S-1-5-32-546,*S-1-5-32-555,*S-1-5-32-568,*S-1-5-32-575,*S-1-5-32-576,*S-1-5-32-577,*S-1-5-7,*S-1-5-80-0,*S-1-5-9,*S-1-5-32-553,*S-1-5-32-571,*S-1-5-32-580,*S-1-5-32-549,*S-1-5-32-547,*S-1-5-1,*S-1-5-32-550</p><p> </p><p>REM 요즘거</p><p>REM 구차니즘 2개 지우면서 5개 등록 하기.</p><hr data-ke-style="style3"><div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/62b0914c5c94e0d812a69c7e5b4e0d11fde56824?download" data-file-name="cfg5555.ini" data-file-size="20550" data-mimetype="" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DASdB%26dataid%3D429%26fileid%3D2%26regdt%3D20220925050813&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2F62b0914c5c94e0d812a69c7e5b4e0d11fde56824')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">cfg5555</span><span class="type">.ini</span></div><div class="size">20.07KB</div></div></a></div><div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/d0a071b0b82c4af0af0e205f35793010873aa4e8?download" data-file-name="v4.bat" data-file-size="9519" data-mimetype="" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DASdB%26dataid%3D429%26fileid%3D4%26regdt%3D20220925050813&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2Fd0a071b0b82c4af0af0e205f35793010873aa4e8')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">v4</span><span class="type">.bat</span></div><div class="size">9.30KB</div></div></a></div><div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/04d54de2ca05a4a31696b5ac636da6d48fa9f22d?download" data-file-name="v4_01.bat" data-file-size="9612" data-mimetype="" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DASdB%26dataid%3D429%26fileid%3D6%26regdt%3D20220925050813&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2F04d54de2ca05a4a31696b5ac636da6d48fa9f22d')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">v4_01</span><span class="type">.bat</span></div><div class="size">9.39KB</div></div></a></div><div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/ad2980718de6bd9a0cddc16fc2e6e7fe97ea0508?download" data-file-name="v4_02.bat" data-file-size="9817" data-mimetype="" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DASdB%26dataid%3D429%26fileid%3D7%26regdt%3D20220925050813&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2Fad2980718de6bd9a0cddc16fc2e6e7fe97ea0508')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">v4_02</span><span class="type">.bat</span></div><div class="size">9.59KB</div></div></a></div><div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/bc022222d87e1017df619c11d9a68de2687c5580?download" data-file-name="v4_01printban.bat" data-file-size="9654" data-mimetype="" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DASdB%26dataid%3D429%26fileid%3D8%26regdt%3D20220925050813&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2Fbc022222d87e1017df619c11d9a68de2687c5580')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">v4_01printban</span><span class="type">.bat</span></div><div class="size">9.43KB</div></div></a></div><p>REM "네트워크 거부 추가 버전 캐쉬 로그인 잡은 듯? v4.bat 배치 파일 "</p><p>REM "v4_01.bat 서버 차단, v4_02.bat 동일 하고 ctrl atl del 널 누르는 버전"</p><p>secedit /configure /db %windir%\security\local.sdb /cfg d:\cfgout.ini /overwrite /verbose</p><hr data-ke-style="style3"><p><br>SeServiceLogonRight = *S-1-5-80-0 <br>echo 원본 서비스 로그인 모든 프로세스 허용 <a href="https://cafe.daum.net/candan/GGFN/302" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/302</a>   시스템이 자꾸 5 유형으로 로그인 하는  <br><br>SeServiceLogonRight = *S-1-5-20 <br>echo 수정 네트워크 서비스로 제한 하기</p><p><br><br>SeNetworkLogonRight = *S-1-1-0,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 <br>echo 원본 네트워크 로그인 모든 사용자 읽기</p><p><br><br>SeNetworkLogonRight = *S-1-5-32-544,*S-1-5-32-545 <br>echo 사용자 관리자로 제한 <br><br>SeChangeNotifyPrivilege = *S-1-1-0,*S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 <br>echo 원본 트래버스 무시 모든 사용자 문제 보완 <br><br>SeChangeNotifyPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 <br>echo 모든 사용자를 제거 해야 한다고 한다 <a href="https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking" target="_blank" class="ke-link">https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking</a> <br><br>echo (ms 계정이 없는 오프라인 경우에만 사용 하세요) 신뢰할수 있는 자격증명 추가 해주기 자격증명 열거방어 500이 어드민이다  <br><br>SeInteractiveLogonRight = Guest,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 <br>SeInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 <br>echo 로컬 로그인 허용에서 게스트 제거 Guest *S-1-5-32-546 게스트를 의미함 <br><br>SeInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 <br>echo *S-1-5-32-546 게스트 계정 있으면 삭제</p><p> </p><p>SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555  원격 로그인 허용 사용자</p><p>SeRemoteInteractiveLogonRight = Administrator</p><p><br>SeCreateTokenPrivilege = *S-1-2-0 <br>echo 토큰 관련 로컬로 하기 <br><br>SeRelabelPrivilege = Administrator <br>echo 레이블 관련 관리자로 한정하기 <br><br>echo 적용하기 <br>secedit /configure /db test.sdb /cfg d:\secedit\cfg.ini <br>echo 입력 하기는 안됨 -_-;; 아쉽게.. 이건 됨. db는 그냥 아무거나 적으면 된다. 없다면 <br><br>echo 손상여부 확인 즉 내가 만든 것과 시스템에 적용 된 것과 같은지 비교 <br>secedit /validate d:\secedit\cfg.ini  <br><br>echo 다시 두번째 압축 <br>tar -cvzf d:\secedit_22.zip d:\secedit <br><br>echo <a href="https://womenssafetyhackathon.com/how-do-i-disable-tabtip-exe/" target="_blank" class="ke-link">https://womenssafetyhackathon.com/how-do-i-disable-tabtip-exe/</a> 해킹 당하는 것 같은 터치 패널 사용안함 TabTip.exe <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wisp\Touch" /v "TouchGate" /t REG_DWORD /d "0" /f <br><br>echo <a href="https://www.droidwin.com/how-to-remove-recommended-section-from-windows-11-start-menu/" target="_blank" class="ke-link">https://www.droidwin.com/how-to-remove-recommended-section-from-windows-11-start-menu/</a> <br>echo 맞춤 항목 숨기기 비활성 개인정보 노출   <br>reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /v "HideRecommendedSection" /t REG_DWORD /d "1" /f <br><br>echo <a href="https://www.tenforums.com/tutorials/100629-remove-link-state-power-management-power-options-windows-10-a.html" target="_blank" class="ke-link">https://www.tenforums.com/tutorials/100629-remove-link-state-power-management-power-options-windows-10-a.html</a>   <br>echo nvlddmkm 13 그래픽 카드 오류 문제 그래픽 카드가 절전 모드 하는 현상 버그 같다. <br>REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\501a4d13-42af-4429-9fd1-a8218c268e20\ee12f906-d277-404b-b6da-e5fa1a576df5" /v Attributes /t REG_DWORD /d 2 /f <br>powercfg -attributes SUB_PCIEXPRESS ee12f906-d277-404b-b6da-e5fa1a576df5 -ATTRIB_HIDE <br><br>echo ID 5379 관련 <a href="https://winaero.com/add-ahci-link-power-management-to-power-options-in-windows/#:~:text=AHCI%20Link%20Power%20Management%20configures,of%20the%20classic%20Control%20Panel." target="_blank" class="ke-link">https://winaero.com/add-ahci-link-power-management-to-power-options-in-windows/#:~:text=AHCI%20Link%20Power%20Management%20configures,of%20the%20classic%20Control%20Panel.</a> <br>echo <a href="https://answers.microsoft.com/en-us/windows/forum/all/excessive-security-log-events-event-id-5379/8eb0c350-ce2f-4521-9cfd-f7b816d54715" target="_blank" class="ke-link">https://answers.microsoft.com/en-us/windows/forum/all/excessive-security-log-events-event-id-5379/8eb0c350-ce2f-4521-9cfd-f7b816d54715</a> <br>powercfg -attributes SUB_DISK 0b2d69d7-a2a1-449c-9680-f91c70521c60 -ATTRIB_HIDE <br>REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\0b2d69d7-a2a1-449c-9680-f91c70521c60" /v "Attributes" /t REG_DWORD /d 2 /f <br><br>echo How to disable permanently Microsoft Edge Webview2 Runtime? | Windows 11 Forum (elevenforum.com) <br>echo gpedit.msc 설치 <br>FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")  <br>FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F") <br>echo . <br>  <br>echo obs 백업 복구  <a href="https://cafe.daum.net/candan/I45w/52" target="_blank" class="ke-link">https://cafe.daum.net/candan/I45w/52</a></p><p>echo obs 백업 <br>cd %appdata% && tar -cvzf "%USERPROFILE%\Desktop\obs-studio.zip" "obs-studio" <br><br>echo obs 백업 OneDrive 사용자  <br>cd %appdata% && tar -cvzf "%USERPROFILE%\OneDrive\Desktop\obs-studio.zip" "obs-studio" <br><br><br>echo obs 복구 <br>rd /s /q %appdata%\obs-studio <br>cd %appdata% && tar -zxvf "%USERPROFILE%\Desktop\obs-studio.zip" -C "." <br><br>echo obs 복구 OneDrive 사용자  <br>rd /s /q %appdata%\obs-studio <br>cd %appdata% && tar -zxvf "%USERPROFILE%\OneDrive\Desktop\obs-studio.zip" -C "."</p><p>REM 바뀜 바탕 화면으로</p><p>cd %appdata% && tar -zxvf "%USERPROFILE%\OneDrive\바탕 화면\obs-studio.zip" -C "."</p><p> </p><p> </p><p>echo C++ 2015를 설치 하거나 교채 해도 실행이 안되고 오직 C++ 2019를 설치 해야 된다. <br>echo 윈도우를 복구 하면 obs가 맛이 가는대. 바이러스 검사 해도 나오지 않음. <br>echo <a href="https://aka.ms/vs/16/release/VC_redist.x64.exe" target="_blank" class="ke-link">https://aka.ms/vs/16/release/VC_redist.x64.exe</a> <br>echo <a href="https://aka.ms/vs/16/release/VC_redist.x86.exe" target="_blank" class="ke-link">https://aka.ms/vs/16/release/VC_redist.x86.exe</a>    <br><br>echo <a href="https://dotnet.microsoft.com/en-us/download/dotnet/7.0" target="_blank" class="ke-link">https://dotnet.microsoft.com/en-us/download/dotnet/7.0</a>   <br>echo NET 7.0 <br><br><br>echo <a href="https://cafe.daum.net/candan/AurF/95" target="_blank" class="ke-link">https://cafe.daum.net/candan/AurF/95</a> <a href="https://www.thewindowsclub.com/enable-enhanced-anti-spoofing-feature-windows-10" target="_blank" class="ke-link">https://www.thewindowsclub.com/enable-enhanced-anti-spoofing-feature-windows-10</a> <br>echo 스푸핑 관련 <br>reg add "HKLM\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures" /v EnhancedAntiSpoofing /t REG_DWORD /d 1 /f <br><br>echo "https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.EventLogs::Channel_Log_Retention_1&Language=ko-kr "<br>echo "실시간 세션 "NT Kernel Logger"에 대한 백업 파일이 최대 크기에 도달했습니다."<br>Reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application" /v Retention /t REG_SZ /d 1 /f <br><br>echo "https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.UserProfiles::CleanupProfiles&Language=ko-kr "<br>echo 오래된 사용 하지 않는 사용자 프로필 삭제. 1일 <br>Reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v CleanupProfiles /t REG_DWORD /d 1 /f  <br><br>echo 프록시 비활성화 <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoDetect" /t REG_DWORD /d "0" /f <br>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoDetect" /t REG_DWORD /d "0" /f <br><br>echo 비활성 안되는 규칙 삭제. 파워쉘  <br>remove-netfirewallrule -DisplayName "mDNS(Udp-in)" <br>remove-netfirewallrule -DisplayName "시작" <br>remove-netfirewallrule -DisplayName "Microsoft Teams" <br><br>echo "<a href="https://appuals.com/kernel-event-tracing-error-0xc0000035-windows/" target="_blank" class="ke-link">https://appuals.com/kernel-event-tracing-error-0xc0000035-windows/</a> "<br>echo <a href="https://www.windowsphoneinfo.com/threads/errors-microsoft-windows-remediation-event-2-error-0xc0000035.574393/" target="_blank" class="ke-link">https://www.windowsphoneinfo.com/threads/errors-microsoft-windows-remediation-event-2-error-0xc0000035.574393/</a> "<br>echo "0xc0000035 kernel-eventtracing 2 오류 백신 때문에? 메모리 관련 오류 perfmon 윈도우 R 이벤트 뷰어 xml 켜기 echo SessionName 살펴보기 데이터 수집> 이벤트 추적 세션"<br>Reg Add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System\{b675ec37-bdb6-4648-bc92-f3fdc74d3ca2}" /v Enabled /t REG_DWORD /d 0 /f <br><br>  <br>echo "<a href="https://cafe.daum.net/candan/GGFN/291" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/291</a> "설치 하는 방법 기초 <br>echo [winget 없는 사용자 설치 안되는 사용자 읽어야 할 부분 입니다] <br>echo <a href="https://www.lainyzine.com/ko/article/how-to-install-winget-on-windows-10/" target="_blank" class="ke-link">https://www.lainyzine.com/ko/article/how-to-install-winget-on-windows-10/</a> " <br>echo 윈도우11은 먼가를 설치 하지 않아도 되지만 윈도우10 사용자의 경우 수동으로 설치 해야 한다. <br>echo ms 스토어에서 `앱 설치 관리자`를 설치 해야 한다. <br>echo <a href="https://www.microsoft.com/store/productId/9NBLGGH4NNS1" target="_blank" class="ke-link">https://www.microsoft.com/store/productId/9NBLGGH4NNS1</a> "  매우 웃긴건 다운로드가 안된다.(이걸로 설치 해야 한다) <br>echo <a href="https://www.microsoft.com/store/productId/9NBLGGH4NNS1?ocid=pdpshare" target="_blank" class="ke-link">https://www.microsoft.com/store/productId/9NBLGGH4NNS1?ocid=pdpshare</a> </p><p> </p><p>echo 그리고 되게 하는 방법은 피드백 허브를 켜고 안된다고 작성 대충 하고 기록 하기를 누른 상태에서 다운로드 버튼을 누르면 안되는게 다운로드가 진행 된다 -_-;;</p><p> </p><p>echo "<a href="https://github.com/microsoft/winget-cli/releases/" target="_blank" class="ke-link">https://github.com/microsoft/winget-cli/releases/</a> " 여기서 받을수 있다고 하네요 ㅎㅎ</p><p>echo "<a href="https://github.com/microsoft/winget-cli/releases/download/v1.3.2691/Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle" target="_blank" class="ke-link">https://github.com/microsoft/winget-cli/releases/download/v1.3.2691/Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle</a> "<br><br>echo 프로그램 자동 설치  <br><br><br></p><p>winget install "MKVToolNix" --id "MoritzBunkus.MKVToolNix" -s "winget" --accept-package-agreements<br>winget install "Sandboxie-Plus" --id "Sandboxie.Plus" -s "winget" --accept-package-agreements<br>echo .</p><p><br>REM "winget install "Microsoft Visual C++ 2015-2022 Redistributable (x86)" --id "Microsoft.VCRedist.2015+.x86" -s "winget" --accept-package-agreements"<br>winget install "Microsoft Visual C++ 2015-2022 Redistributable (x64)" --id "Microsoft.VCRedist.2015+.x64" -s "winget" --accept-package-agreements</p><p>winget install "PotPlayer" --id "Daum.PotPlayer" -s "winget" --accept-package-agreements</p><p>echo .</p><p>winget install "FastStone Image Viewer" --id "FastStone.Viewer" -s "winget" --accept-package-agreements<br>winget install "WinMerge" --id "WinMerge.WinMerge" -s "winget" --accept-package-agreements <br><br>echo 에러가 있음 설치가 안됨 <br>winget install "VLC media player" --id "VideoLAN.VLC" -s "winget" --accept-package-agreements <br>echo <a href="https://www.videolan.org/vlc/index.ko.html" target="_blank" class="ke-link">https://www.videolan.org/vlc/index.ko.html</a> 수동 설치 하라고 함 -_-;; 말이야 방구야. <br>winget install -e --id Daum.PotPlayer <br>winget install "Brave" --id "BraveSoftware.BraveBrowser" -s "winget" --accept-package-agreements <br><br>winget install "simplewall" --id "Henry++.simplewall" -s "winget" --accept-package-agreements <br><br>winget upgrade "MKVToolNix" <br><br>winget upgrade --all <br>echo 모든 배키지 최신 버전으로 <br><br>winget install "" --id "" -s "winget" --accept-package-agreements <br>winget install "" --id "" -s "winget" --accept-package-agreements <br>winget install "" --id "" -s "winget" --accept-package-agreements <br>winget install "" --id "" -s "winget" --accept-package-agreements <br><br>winget search "" <br><br><br><br><br>echo D 드라이브 보안 처리 <br><br>icacls "d:"  <br>takeown /F "d:" /A <br>icacls "d:" /grant Administrators:F <br>icacls "d:" /deny "NETWORK SERVICE":(F) "GUEST":(F) "IIS_IUSRS":(F) "REMOTE INTERACTIVE LOGON":(F) "*S-1-5-32-546:F" "*S-1-0-0:F" "*S-1-5-7:F" "*S-1-5-13:F" <br>icacls "d:" /setowner "NT AUTHORITY\SYSTEM"  <br>icacls "d:" /grant:r Administrators:RX <br>icacls "d:"   <br>echo icacls "d:" /setintegritylevel M <br><br> "복구 할때" <br>REM icacls /reset "d:" </p><p><br>  <br>echo netplwiz <br>echo 개인정보 한번에 수정 하기 <a href="https://cafe.daum.net/candan/ASdB/424" target="_blank" class="ke-link">https://cafe.daum.net/candan/ASdB/424</a> deny 사용안하는 것들 백그라운드 해제  <br>echo HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore <br>echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore <br><br>echo ipv6 해제 <a href="https://cafe.daum.net/candan/I45j/77" target="_blank" class="ke-link">https://cafe.daum.net/candan/I45j/77</a> <br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6" /v "Start" /t REG_DWORD /d 4 /f <br><br>netsh interface teredo set state disabled <br>netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled <br>netsh interface ipv6 6to4 set interface disabled <br>netsh interface ipv6 6to4 set state state=disabled <br>netsh interface ipv6 6to4 set relay state=disabled <br>netsh interface ipv6 6to4 set routing routing=disabled sitelocals=disabled <br>netsh interface ipv6 6to4 set interface "이더넷" disabled <br>netsh interface ipv6 isatap set state state=disabled <br><br>netsh interface ipv6 set global mldlevel=none <br>netsh interface IPV6 set global randomizeidentifier=disabled <br>netsh interface IPV6 set privacy state=disable <br>netsh interface ipv6 6to4 set state state=disabled <br>netsh interface ipv6 set teredo disable <br><br>netsh interface ipv6 set global /? <br><br>netsh interface ipv6 show global <br><br>netsh interface ipv6 set global icmpredirects=disabled <br>netsh interface ipv6 set global taskoffload=disabled <br>netsh interface ipv6 set global dhcpmediasense=disabled <br>netsh interface ipv6 set global randomizeidentifiers=disabled <br>netsh interface ipv6 set global loopbacklargemtu=disabled <br>netsh interface ipv6 set global sourcebasedecmp=disabled <br>netsh interface ipv6 set global flowlabel=disabled <br>netsh interface ipv6 set global =disabled <br>netsh interface ipv6 set global =disabled <br>netsh interface ipv6 set global =disabled <br>netsh interface ipv6 set global =disabled <br>netsh interface ipv6 set global =disabled  <br><br> netsh interface ipv6 set global neighborcachelimit=1 <br>netsh interface ipv6 set global routecachelimit=1 <br>netsh interface ipv6 set global reassemblylimit=1 <br>netsh interface ipv6 set global reassemblyoutoforderlimit=1 <br><br>echo ipv6 무식 하게 차단 하기  <br>netsh advfirewall firewall add rule name="block from ipv6" dir=in action=block protocol=ANY remoteip=0000::/1 <br>netsh advfirewall firewall add rule name="block from ipv6" dir=in action=block protocol=ANY remoteip=0000::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff <br>netsh advfirewall firewall add rule name="block from ipv6" dir=out action=block protocol=ANY remoteip=0000::/1 <br>netsh advfirewall firewall add rule name="block from ipv6" dir=out action=block protocol=ANY remoteip=0000::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff <br><br>echo 랜덤 하게 문자 15자 만들기  <br>powershell -command "-join ((65..90) + (97..122)|get-random -count 15| % {[char]$_})" <br>echo 문자가 만들어 지면 홍길동 부분에 붙쳐 넣으면 된다</p><p> </p><p><br>echo WORKGROUP 구릅 변경 <a href="https://www.top-password.com/blog/change-workgroup-name-in-windows-10/" target="_blank" class="ke-link">https://www.top-password.com/blog/change-workgroup-name-in-windows-10/</a> <br>wmic computersystem where name="%computername%" call joindomainorworkgroup name="홍길동" <br>echo 리부팅을 해야 한다 반드시</p><p> </p><p>REM 다시 시작하기</p><p style="text-align: start;">REM shutdown /r /t 0</p><p style="text-align: start;"> </p><p><br>echo 확인 윈도우키+R  <br>sysdm.cpl <br>echo 드래그 엔터가 복사 입니다. 붙처 넣기는 마우스 우클릭 입니다. <br><br><br>echo secedit 두번째 로그인 이후 수정 하기 <br>md d:\secedit  <br>secedit /export /cfg d:\secedit\cfg2.ini > nul <br><br>tar -cvzf secedit2.zip d:\secedit <br>echo 만약을 위해 압축 하기 <br><br>notepad d:\secedit\cfg2.ini <br>echo 수정하기 <br><br><br>echo 적용하기 <br>secedit /configure /db test.sdb /cfg d:\secedit\cfg2.ini <br>echo 입력 하기는 안됨 -_-;; 아쉽게.. 이건 됨. db는 그냥 아무거나 적으면 된다. 없다면 <br><br>echo 손상여부 확인 즉 내가 만든 것과 시스템에 적용 된 것과 같은지 비교 <br>secedit /validate d:\secedit\cfg2.ini  <br><br><br>echo RDS 원격 연결 안함 다시 켜지곤 한다 <a href="https://docs.vmware.com/kr/VMware-Horizon-7/7.13/horizon-published-desktops-applications/GUID-89EDB3EE-06A6-400C-B5CF-D9D82E009EA6.html" target="_blank" class="ke-link">https://docs.vmware.com/kr/VMware-Horizon-7/7.13/horizon-published-desktops-applications/GUID-89EDB3EE-06A6-400C-B5CF-D9D82E009EA6.html</a> <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "WinStationsDisabled" /t REG_SZ /d 1 /f <br><br>echo 제한된 파워쉘 <a href="https://4sysops.com/archives/mitigating-powershell-risks-with-constrained-language-mode/" target="_blank" class="ke-link">https://4sysops.com/archives/mitigating-powershell-risks-with-constrained-language-mode/</a> <a href="https://cafe.daum.net/candan/ASdB/426" target="_blank" class="ke-link">https://cafe.daum.net/candan/ASdB/426</a> <br>setx /m __PSLockDownPolicy 4 <br><br>echo 보호 안함 기본값으로 하기 파워쉘 명령어 주어야 할때.    파워쉘이 실행 안되고 에러가 나면 이걸 해제 해야 한다. <br>setx /m __PSLockDownPolicy 0</p>
<!-- -->
]]>
카페 게시글
윈도우off
윈도우11 시작01
동우
추천 0
조회 556
22.09.25 05:08
댓글 4
다음검색
첫댓글 https://cafe.daum.net/candan/ASdB/421 이전 내용
wbemtest
root\cimv2
https://4sysops.com/archives/wbemtest-part-3-tips-and-tricks/
https://www.nirsoft.net/utils/simple_wmi_view.html