<![CDATA[
<p>echo (자격증명 메모리 저장 하지 않음 0) 만약 저장 하려면 1로 하는대. 저장 하면 1은 위험성이 높아진다고.</p><p>echo <a href="https://cafe.daum.net/candan/BLQD/84" target="_blank" class="ke-link">https://cafe.daum.net/candan/BLQD/84</a></p><p>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest" /v UseLogonCredential /t REG_DWORD /d 0 /F</p><p> </p><p>echo 로그인 실패 임계값 BitLocker <br>echo "<a href="https://www.stigviewer.com/stig/windows_8/2013-10-01/finding/V-36772"" target="_blank" class="ke-link">https://www.stigviewer.com/stig/windows_8/2013-10-01/finding/V-36772</a>"<br>echo "<a href="https://learn.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold"" target="_blank" class="ke-link">https://learn.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold</a>"<br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "MaxDevicePasswordFailedAttempts" /t REG_DWORD /d 4 /f</p><p> </p><p>echo 유효성 검사를 통과한 서명된 실행 파일만 권한 상승 <a href="https://blog.naver.com/gigamo/222290509800" target="_blank" class="ke-link">https://blog.naver.com/gigamo/222290509800</a> </p><p>echo "<a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpsb/a9b816e0-075b-4674-a1a9-cecd1d9523e7" target="_blank" class="ke-link">https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpsb/a9b816e0-075b-4674-a1a9-cecd1d9523e7</a>"</p><p>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ValidateAdminCodeSignatures" /t REG_DWORD /d 1 /f</p><p> </p><p>echo 서버에서 참조를 반환했습니다 에러가 날 경우 설치가 안되면 리부팅 해서 원래대로 돌려 놓으면 된다.</p><p>echo "<a href="https://zkim0115.tistory.com/1018" target="_blank" class="ke-link">https://zkim0115.tistory.com/1018</a>"</p><p>echo REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ValidateAdminCodeSignatures" /t REG_DWORD /d 0 /f</p><p> </p><p>echo icmp 스푸핑 관련 "<a href="https://www.stigviewer.com/stig/windows_server_2012_member_server/2014-01-07/finding/V-4111"" target="_blank" class="ke-link">https://www.stigviewer.com/stig/windows_server_2012_member_server/2014-01-07/finding/V-4111</a>"<br>echo ICMP Redict ICMP 리디렉션이 OSPF 생성 경로를 재정의하도록 "사용 안 함"  <br>REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "EnableICMPRedirect" /t REG_DWORD /d 1 /f</p><p> </p><p>echo 터치패드  <br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletInputService" /v "Start" /t REG_DWORD /d 4 /f</p><p> </p><p>echo ipv6 글러벌 관련 사용안함 "<a href="https://www.codeproject.com/Articles/12213/Peer-Name-Resolution-PNRP-netsh"" target="_blank" class="ke-link">https://www.codeproject.com/Articles/12213/Peer-Name-Resolution-PNRP-netsh</a>"<br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerNet\PNRP\IPV6-Global" /v "Disabled" /t REG_DWORD /d 1 /f <br><br>echo upnphost 1900 포트 <br>reg add "HKLM\SYSTEM\CurrentControlSet\Services\upnphost" /v Start /t REG_DWORD /d 4 /f</p><p> </p><p>echo ipv6 사용안함 장치 관리자 <br>pnputil /disable-device "SWD\MSRRAS\MS_NDISWANIPV6"</p><p> </p><p>echo 크롬 SSDP 1900 포트 사용안함 "https://bugs.chromium.org/p/chromium/issues/detail?id=1036659" <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v EnableMediaRouter /t REG_DWORD /d 0 /f</p><p>REM " <a href="https://forbes.tistory.com/1282" target="_top" class="ke-link">크롬 메뉴에서 '조직에서 관리'를 제거하는 방법 (Chrome Policy)</a> 하지만 이런게 나오게 된다 문제 될건 아니다 하나라도 등록 되면 나오는 맨트라고 한다"</p><p> </p><p> </p><p>echo <a href="https://cafe.daum.net/candan/GGFN/351" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/351</a></p><p>echo 사용 하지 않는 소켓 죽이기 "<a href="https://www.nirsoft.net/utils/winsock_service_providers.html" target="_blank" class="ke-link">https://www.nirsoft.net/utils/winsock_service_providers.html</a>" </p><p>echo tcpip만 두고 모두 해제 하면 된다.</p><p> </p><p>echo 사용안하는 서비스 인터넷 차단</p><p>netsh advfirewall firewall add rule name="CryptSvc"    dir=in action=block  protocol=any service=CryptSvc,CDPUserSvc_21e1a,WpnService,RpcSs,Netlogon,VSS,WSearch,PhoneSvc,DcomLaunch,LanmanWorkstation,hidserv,TapiSrv,Schedule,IKEEXT remoteip=any description="Deniega RDP IN" <br>netsh advfirewall firewall add rule name="CryptSvc"   dir=out action=block protocol=any service=CryptSvc,CDPUserSvc_21e1a,WpnService,RpcSs,Netlogon,VSS,WSearch,PhoneSvc,DcomLaunch,LanmanWorkstation,hidserv,TapiSrv,Schedule,IKEEXT remoteip=any description="Deniega RDP OUT"</p><p> </p><p>netsh advfirewall firewall add rule name="CryptSvc" dir=in action=block service=BITS,LanmanServer description="Deniega RDP IN" <br>netsh advfirewall firewall add rule name="CryptSvc" dir=out action=block service=BITS,LanmanServer description="Deniega RDP OUT"</p><hr data-ke-style="style3"><p> </p><p>echo 악용 프로세스 차단 해보기 <br>netsh advfirewall firewall add rule name="StartMenuExperienceHost" dir=in program="%SystemRoot%\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" action=block <br>netsh advfirewall firewall add rule name="StartMenuExperienceHost" dir=out program="%SystemRoot%\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" action=block</p><p> </p><p>netsh advfirewall firewall add rule name="hackingexe" dir=in program="%SystemRoot%\system32\notepad.exe" action=block <br>netsh advfirewall firewall add rule name="hackingexe" dir=out program="%SystemRoot%\system32\notepad.exe" action=block</p><p> </p><p>netsh advfirewall firewall add rule name="hackingexe" dir=in program="%SystemRoot%\system32\consent.exe" action=block <br>netsh advfirewall firewall add rule name="hackingexe" dir=out program="%SystemRoot%\system32\consent.exe" action=block <br><br>netsh advfirewall firewall add rule name="hackingexe" dir=in program="%SystemRoot%\system32\ntoskrnl.exe" action=block <br>netsh advfirewall firewall add rule name="hackingexe" dir=out program="%SystemRoot%\system32\ntoskrnl.exe" action=block <br><br>netsh advfirewall firewall add rule name="hackingexe" dir=in program="%SystemRoot%\system32\Taskmgr.exe" action=block <br>netsh advfirewall firewall add rule name="hackingexe" dir=out program="%SystemRoot%\system32\Taskmgr.exe" action=block <br><br>netsh advfirewall firewall add rule name="hackingexe" dir=in program="%SystemRoot%\system32\explorer.exe" action=block <br>netsh advfirewall firewall add rule name="hackingexe" dir=out program="%SystemRoot%\system32\explorer.exe" action=block</p><p> </p><p>netsh advfirewall firewall add rule name="hackingexe" dir=in program="%SystemRoot%\system32\rundll32.exe" action=block <br>netsh advfirewall firewall add rule name="hackingexe" dir=out program="%SystemRoot%\system32\rundll32.exe" action=block </p><p> </p><p>netsh advfirewall firewall add rule name="hackingexe" dir=in program="%SystemRoot%\system32\calc.exe" action=block<br>netsh advfirewall firewall add rule name="hackingexe" dir=out program="%SystemRoot%\system32\calc.exe" action=block </p><p> </p><p>netsh advfirewall firewall add rule name="hackingexe" dir=in program="%SystemRoot%\system32\mspaint.exe" action=block<br>netsh advfirewall firewall add rule name="hackingexe" dir=out program="%SystemRoot%\system32\mspaint.exe" action=block </p><p> </p><p>REM 보안 업데이트 관련 같은대.. 수상하다</p><p>netsh advfirewall firewall add rule name="hackingexe" dir=in action=block enable=yes program="%SystemRoot%\System32\rundll32.exe" <br>netsh advfirewall firewall add rule name="hackingexe" dir=out action=block enable=yes program="%SystemRoot%\System32\rundll32.exe"</p><p> </p><p>netsh advfirewall firewall add rule name="hackingexe" dir=in action=block enable=yes program="%SystemRoot%\System32\apphostregistrationverifier.exe" <br>netsh advfirewall firewall add rule name="hackingexe" dir=out action=block enable=yes program="%SystemRoot%\System32\apphostregistrationverifier.exe"</p><p> </p><p> </p><p>echo 오페라 1900 udp 차단 <br>netsh advfirewall firewall add rule name="hackingexe" dir=in program=%localappdata%\Programs\Opera\opera.exe remoteport=1900 protocol=UDP action=block <br>netsh advfirewall firewall add rule name="hackingexe" dir=out program=%localappdata%\Programs\Opera\opera.exe remoteport=1900 protocol=UDP action=block</p><p> </p><p>echo "<a href="https://cafe.daum.net/candan/GGFN/380?svc=cafeapi" target="_top" class="ke-link">https://cafe.daum.net/candan/GGFN/380?svc=cafeapi</a> 등록 방법"</p><p>echo "많이 수상한 위젯 차단 하기 난 위젯 안쓰니깐 머스크 ㅎ" <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%ProgramFiles(x86)%\Microsoft\EdgeWebView\Application\msedgewebview2.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=in program="%a" action=block) <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%ProgramFiles(x86)%\Microsoft\EdgeWebView\Application\msedgewebview2.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=out program="%a" action=block) <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%ProgramFiles%\WindowsApps\msteams.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=in program="%a" action=block) <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%ProgramFiles%\WindowsApps\msteams.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=out program="%a" action=block) <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%ProgramFiles%\WindowsApps\onenoteim.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=in program="%a" action=block) <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%ProgramFiles%\WindowsApps\onenoteim.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=out program="%a" action=block)</p><p> </p><p>echo 스카이프 꺼져 ㅋ 차단 </p><p>for /f "delims=" %a in ('dir /a-d /b /o /s "%ProgramFiles%\WindowsApps\Skype*.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=in program="%a" action=block) <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%ProgramFiles%\WindowsApps\Skype*.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=out program="%a" action=block)</p><p> </p><p>echo 온드라이브 공동작업 해킹 꺼져</p><p>for /f "delims=" %a in ('dir /a-d /b /o /s "%localappdata%\Microsoft\OneDrive\Microsoft.SharePoint.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=in program="%a" action=block) <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%localappdata%\Microsoft\OneDrive\Microsoft.SharePoint.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=out program="%a" action=block)</p><p> </p><p>echo "그래픽 접속 업데이트 확인 꺼져" <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%windir%\System32\DriverStore\FileRepository\nvdisplay.container.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=in program="%a" action=block) <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%windir%\System32\DriverStore\FileRepository\nvdisplay.container.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=out program="%a" action=block)</p><p> </p><p>REM "Search 서치 검색 꺼져" <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%windir%\SystemApps\SearchApp.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=in program="%a" action=block) <br>for /f "delims=" %a in ('dir /a-d /b /o /s "%windir%\SystemApps\SearchApp.exe"') do (netsh advfirewall firewall add rule name="EdgeWebView_Blockit" dir=out program="%a" action=block)</p><p> </p><hr data-ke-style="style3"><p>echo Windows NetMeeting v3.0 이상 공유금지 응용프로그램 공유금지 <br>echo "https://admx.help/?Category=Windows_8.1_2012R2&Policy=Microsoft.Policies.NetMeeting::PreventSharing&Language=ko-kr" <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing" /v "NoSharing" /t REG_DWORD /d 1 /f <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing" /v "NoSharingDosWindows" /t REG_DWORD /d 1 /f <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing" /v "NoSharingDesktop" /t REG_DWORD /d 1 /f <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing" /v "NoAppSharing" /t REG_DWORD /d 1 /f <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing" /v "NoSharingExplorer" /t REG_DWORD /d 1 /f <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing" /v "NoTrueColorSharing" /t REG_DWORD /d 1 /f <br><br>echo 복구 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing" /f</p><p> </p><p>echo "https://social.technet.microsoft.com/Forums/ie/en-US/39e1ddfd-6958-4eca-acc3-4336174c2c07/how-to-disable-sharing-folder-to-all-userscomputers?forum=winserverGP "</p><p>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInPlaceSharing" /t REG_DWORD /d 1 /f</p><p>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInPlaceSharing" /t REG_DWORD /d 1 /f</p><hr data-ke-style="style3"><p>echo 온드라이브 OneDrive Office 공동 작업 해제</p><p>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\OneDrive" /v "EnableHoldTheFile" /t REG_DWORD /d 0 /f<br>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\OneDrive" /v "SilentAccountConfig" /t REG_DWORD /d 0 /f</p><p>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\OneDrive" /v "EnableAllOcsiClients" /t REG_DWORD /d 0 /f <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive" /v "EnableHoldTheFile" /t REG_DWORD /d 0 /f <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive" /v "SilentAccountConfig" /t REG_DWORD /d 0 /f</p><p>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive" /v "EnableAllOcsiClients" /t REG_DWORD /d 0 /f <br><br>echo 온드라이브 공동 작성 및 공유 아예 삭제 하기 ㅎㅎ  <br>echo "https://admx.help/?Category=OneDrive&Policy=Microsoft.Policies.OneDriveNGSC::EnableAllOcsiClients" <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive" /v "EnableAllOcsiClients" /t REG_DWORD /d 0 /f</p><p> </p><p>echo "공동 작업 동기화 해제 해도 안되어 다른거 시도"</p><p>echo "<a href="https://learn.microsoft.com/ko-kr/sharepoint/lists-sync-policies" target="_blank" class="ke-link">https://learn.microsoft.com/ko-kr/sharepoint/lists-sync-policies</a> "</p><p> </p><p>echo "디바이스 목록에서 동기화 해제 요즘 해킹을 이쪽으로 하는 느낌이다" <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive" /v "DisableNucleusSync" /t REG_DWORD /d 1 /f <br><br>echo "다른 조직 동기화" <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive" /v "BlockExternalListSync" /t REG_DWORD /d 1 /f <br><br>echo "자격증명 로그인 동기화 차단" <br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive" /v "DisableNucleusSilentConfig" /t REG_DWORD /d 1 /f</p><p> </p><p>echo "디바이스 목록에서 동기화 해제" <br>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\OneDrive" /v "DisableNucleusSync" /t REG_DWORD /d 1 /f <br><br>echo "다른 조직 동기화" <br>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\OneDrive" /v "BlockExternalListSync" /t REG_DWORD /d 1 /f <br><br>echo "자격증명 로그인 동기화 차단" <br>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\OneDrive" /v "DisableNucleusSilentConfig" /t REG_DWORD /d 1 /f</p><p><br><br>echo 다른 조직놈이 온드라이브 건들지 못하게 하기 <br>echo "<a href="https://learn.microsoft.com/en-us/sharepoint/use-group-policy#prevent-users-from-syncing-libraries-and-folders-shared-from-other-organizations"" target="_blank" class="ke-link">https://learn.microsoft.com/en-us/sharepoint/use-group-policy#prevent-users-from-syncing-libraries-and-folders-shared-from-other-organizations</a>"<br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive" /v "BlockExternalSync" /t REG_DWORD /d 1 /f</p><p> </p><p>echo 온드라이브 자격증명 자동로그인 방지 <br>echo "<a href="https://learn.microsoft.com/ko-kr/sharepoint/lists-sync-policies"" target="_blank" class="ke-link">https://learn.microsoft.com/ko-kr/sharepoint/lists-sync-policies</a>"<br>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive" /v "DisableNucleusSilentConfig" /t REG_DWORD /d 1 /f</p><hr data-ke-style="style3"><p>echo 쓸때 없는 앱 삭제</p><p>PowerShell -Command "& {Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0}" <br>PowerShell -Command "& {Remove-WindowsCapability -Online -Name Browser.InternetExplorer~~~~0.0.11.0}" <br>PowerShell -Command "& {Remove-WindowsCapability -Online -Name App.Support.QuickAssist~~~~0.0.1.0}" <br>PowerShell -Command "& {Remove-WindowsCapability -Online -Name Print.Fax.Scan~~~~0.0.1.0}"</p><p> </p><p>echo "<a href="https://hummingbird.tistory.com/6795"" target="_blank" class="ke-link">https://hummingbird.tistory.com/6795</a>" atmfd.dll 없는 파일 등록된거 삭제</p><p>echo "<a href="https://learn.microsoft.com/ko-kr/security-updates/securitybulletins/2015/ms15-077" target="_blank" class="ke-link">https://learn.microsoft.com/ko-kr/security-updates/securitybulletins/2015/ms15-077</a>"</p><p>echo "<a href="https://gist.github.com/x4x/112b36591c562bc7fbf1f6c91efeb56a" target="_blank" class="ke-link">https://gist.github.com/x4x/112b36591c562bc7fbf1f6c91efeb56a</a>"</p><p>reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" /v "Adobe Type Manager" /f</p><p>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v DisableATMFD /t REG_DWORD /d 1 /F</p><p> </p><p>echo 자격증명 정검</p><p>schtasks /change /tn "Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck" /ENABLE</p><p> </p><p>echo 워크 스테이션 캐쉬 로그인 관련 그리고 잠금. 이게 자꾸 해제 된다. 스크린세이버 관련</p><p>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "ForceUnlockLogon" /t REG_DWORD /d 1 /f</p><p> </p><p>echo 워크 스테이션 기능 장금 0</p><p>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableLockWorkstation" /t REG_DWORD /d 0 /f</p><p> </p><p>echo NTLMv2 NTLM SSP 네트워크 암호화 필요 (쓰지 마라 오지게 느려진다)</p><p><a href="https://www.stigviewer.com/stig/windows_server_2016/2019-03-13/finding/V-73695" target="_top" class="ke-link">https://www.stigviewer.com/stig/windows_server_2016/2019-03-13/finding/V-73695</a><br>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v NtlmMinClientSec /t REG_DWORD /d 0x20080000 /f</p><p>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v NtlmMinServerSec /t REG_DWORD /d 0x20080000 /f</p><p>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v Auth132 /t REG_SZ /d 2 /f</p><p> </p><p>echo vba 차단 "https://admx.help/?Category=Office2016&Policy=ppt16.Office.Microsoft.Policies.Windows::L_BlockMacroExecutionFromInternet&Language=ko-kr "</p><p>echo "<a href="https://gist.github.com/sjas/2d7a9b9c976bb2aa410757044d4282c9" target="_blank" class="ke-link">https://gist.github.com/sjas/2d7a9b9c976bb2aa410757044d4282c9</a> "</p><div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/1a85ca3370482dfd7ca24ea772e7cc2c5ed27632?download" data-file-name="windows_hardening.cmd.txt" data-file-size="9821" data-mimetype="text/plain" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DASdB%26dataid%3D431%26fileid%3D1%26regdt%3D20220926040946&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2F1a85ca3370482dfd7ca24ea772e7cc2c5ed27632')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">windows_hardening.cmd</span><span class="type">.txt</span></div><div class="size">9.59KB</div></div></a></div><p><br><br></p><p> </p><p>echo 자격증명 강화</p><p>reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe" /v AuditLevel /t REG_DWORD /d 00000008 /f <br>reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v RunAsPPL /t REG_DWORD /d 00000001 /f <br>reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest" /v UseLogonCredential /t REG_DWORD /d 0 /f</p><p> </p><p> </p><p>echo 모든 프린터 해제 하기 <a href="https://cafe.daum.net/candan/GGFN/371" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/371</a></p><p>Get-WindowsOptionalFeature -Online | Where-Object {$_.State -like "Enabled" -and $_.FeatureName -like "MediaPlayback"} | % {disable-windowsoptionalfeature -online -featureName $_.FeatureName -NoRestart} <br>Get-WindowsOptionalFeature -Online | Where-Object {$_.State -like "Enabled" -and $_.FeatureName -like "WindowsMediaPlayer"} | % {disable-windowsoptionalfeature -online -featureName $_.FeatureName -NoRestart} <br>Get-WindowsOptionalFeature -Online | Where-Object {$_.State -like "Enabled" -and $_.FeatureName -like "*Printing*"} | % {disable-windowsoptionalfeature -online -featureName $_.FeatureName -NoRestart} <br>Get-WindowsOptionalFeature -Online | Where-Object {$_.State -like "Enabled" -and $_.FeatureName -like "*SMB1*"} | % {disable-windowsoptionalfeature -online -featureName $_.FeatureName -NoRestart} <br>Get-WindowsOptionalFeature -Online | Where-Object {$_.State -like "Enabled" -and $_.FeatureName -like "*Internet-Explorer*"} | % {disable-windowsoptionalfeature -online -featureName $_.FeatureName -NoRestart} <br>Get-WindowsOptionalFeature -Online | Where-Object {$_.State -like "Enabled" -and $_.FeatureName -like "*MSRDC*"} | % {disable-windowsoptionalfeature -online -featureName $_.FeatureName -NoRestart} <br>Get-WindowsOptionalFeature -Online | Where-Object {$_.State -like "Enabled" -and $_.FeatureName -like "*WorkFolders*"} | % {disable-windowsoptionalfeature -online -featureName $_.FeatureName -NoRestart}</p><p>Get-WindowsOptionalFeature -Online | Where-Object {$_.State -like "Enabled" -and $_.FeatureName -like "*WCF*"} | % {disable-windowsoptionalfeature -online -featureName $_.FeatureName -NoRestart}</p><p> </p><p> </p><p> </p><p>echo svchost.exe 완화 옵션 사용 보안 강화라고 하는대 잘 모르겠다. </p><p>echo "https://admx.help/?Category=Windows_11_2022&Policy=Microsoft.Policies.ServiceControlManager::SvchostProcessMitigationEnable "</p><p>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SCMConfig" /v EnableSvchostMitigationPolicy /t REG_DWORD /d 00000001 /f</p><p> </p><p> </p><p>echo 네트워크 및 로컬 보안 <a href="https://cafe.daum.net/candan/ASdB/432" target="_blank" class="ke-link">https://cafe.daum.net/candan/ASdB/432</a>  NTLM LocalSystem NULL</p><p>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v "allownullsessionfallback" /t REG_DWORD /d 0 /f </p><p>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v UseMachineId /t REG_DWORD /d 1 /F</p><p>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\pku2u" /v AllowOnlineID /t REG_DWORD /d 0 /F</p><p> </p><p> </p><p>echo 계정 보호 알림 regedit<br>echo "<a href="https://www.elevenforum.com/t/enable-or-disable-windows-security-account-protection-notifications.10189/" target="_top" class="ke-link">https://www.elevenforum.com/t/enable-or-disable-windows-security-account-protection-notifications.10189/</a> "<br>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Defender Security Center\Account protection" /v "DisableNotifications" /t REG_DWORD /d 0 /f<br>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Defender Security Center\Account protection" /v "DisableWindowsHelloNotifications" /t REG_DWORD /d 0 /f<br>REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Defender Security Center\Account protection" /v "DisableDynamiclockNotifications" /t REG_DWORD /d 0 /f</p><p> </p><p> </p><p>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "FilterAdministratorToken" /t REG_DWORD /d 1 /f</p><p> </p><p> </p><p> </p><hr data-ke-style="style3"><p>echo 계정 암호 관련 <a href="https://cafe.daum.net/candan/GGFN/377" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/377</a></p><p>net user guest /passwordreq:yes</p><p> </p><p>echo 게스트 암호 걸기</p><p>powershell -command "-join ((35..38) + (48..57) + (65..90) + (97..122)|get-random -count 124| % {[char]$_})"</p><p>net user guest "홍길동"</p><p> </p><p>echo 게스트 접속 시간 정하기</p><p>net user Guest /times:F,4AM-5AM</p><p> </p><p>echo 게스트 워크 스테이션 제한하기</p><p>powershell -command "-join ((48..57) + (65..90) + (97..122)|get-random -count 15| % {[char]$_})"</p><p>net user Guest /workstations:홍길동</p><p> </p><p>net user guest</p><p>상태 확인</p><p> </p><p> </p><p> </p><p>echo 빈암호 사용못하게 하기</p><p>echo "<a href="https://coconuts.tistory.com/679" target="_blank" class="ke-link">https://coconuts.tistory.com/679</a> 사용안함으로 하면 위험 하다고 한다 1로 사용함으로 수정 해야 안전 하다고."</p><p>REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa" /V LimitBlankPasswordUse /T REG_DWORD /D 1 /F</p><p> </p><p>echo 사용하지 않는 공동 작업 해킹 차단 <br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v 2 /t REG_SZ /d microsoft.sharepoint.exe /f</p><p> </p><p>echo "기타 차단 사용자 경로"</p><p>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "ForceActiveDesktopOn" /t REG_DWORD /d "0" /f <br>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoActiveDesktop" /t REG_DWORD /d "1" /f <br>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoActiveDesktopChanges" /t REG_DWORD /d "1" /f <br>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoRecentDocsHistory" /t REG_DWORD /d "0" /f <br>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f <br>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutorun" /t REG_DWORD /d "0xff" /f <br>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "mstsc.exe" /f <br>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "5" /t REG_SZ /d "smsvchost.exe" /f <br>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "microsoft.sharepoint.exe" /f</p><p> </p><p>echo 파워쉘 IE 열지 못하는 에러 IE 차단 하기 <a href="https://cafe.daum.net/candan/GGFN/383" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/383</a></p><p><span data-ke-size="size16">REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /v "DisableFirstRunCustomize" /t REG_DWORD /d 1 /f</span></p><p> </p><p><span data-ke-size="size16">echo "파일 jse 실행 금지 스크립트"</span></p><p><span data-ke-size="size16">echo <a href="https://cafe.daum.net/candan/GGFN/385" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/385</a><br>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d 0 /f</span></p><p>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings" /v "IgnoreUserSettings" /t REG_DWORD /d 1 /f</p><p><span data-ke-size="size16">reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d 0 /f</span></p><p style="text-align: start;">reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings" /v "IgnoreUserSettings" /t REG_DWORD /d 1 /f</p><p><span data-ke-size="size16">echo "비활성 Enabled, IgnoreUserSettings제거"</span></p>
<!-- -->
]]>
카페 게시글
윈도우off
윈도우11 시작03 방어벽 프로세스 차단
동우
추천 0
조회 248
22.09.26 04:09
댓글 1
북마크 번역하기 공유하기 기능 더보기
다음검색
첫댓글 https://winaero.com/disable-service-windows-10/
sc stop LanmanServer
sc config LanmanServer start= disabled
net share
n
https://www.windows-commandline.com/disable-file-sharing/
공유 폴더 완전 해제 서비스 이름
Server