윈도우11 시작04

echo 온드라이브 수상한 보안 계정 접근 기본값으로 takeown /F "%localappdata%\Microsoft\OneDrive" /A /r icacls "%localappdata%\Microsoft\OneDrive" /t /q /c /t /reset icacls "%localappdata%\Microsoft\OneDrive" echo 엣지 수상한 보안 계정 접근 기본값으로 takeown /F "%ProgramFiles(x86)%\Microsoft\Edge\Application" /A /r icacls "%ProgramFiles(x86)%\Microsoft\Edge\Application" /t /q /c /t /reset icacls "%ProgramFiles(x86)%\Microsoft\Edge\Application"<hr data-ke-style="style3">echo "Microsoft 네트워크 서버: 서버 SPN 대상 이름 유효성 검사 수준.. 요구로 강화 1이 협상. 2가 요구. 0이 끔" echo "<a href="https://www.stigviewer.com/stig/windows_7/2014-06-27/finding/V-21950" target="_blank" class="ke-link">https://www.stigviewer.com/stig/windows_7/2014-06-27/finding/V-21950</a> "reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "SmbServerNameHardeningLevel" /t REG_DWORD /d 2 /f echo "명시적 암호 구성 어쩌구 하네요 ㅎㅎ" echo "<a href="https://support.microsoft.com/en-gb/topic/kb5021131-how-to-manage-the-kerberos-protocol-changes-related-to-cve-2022-37966-fd837ac3-cdec-4e76-a6ec-86e67501407d" target="_blank" class="ke-link">https://support.microsoft.com/en-gb/topic/kb5021131-how-to-manage-the-kerberos-protocol-changes-related-to-cve-2022-37966-fd837ac3-cdec-4e76-a6ec-86e67501407d</a> " REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc" /v "DefaultDomainSupportedEncTypes" /t REG_DWORD /d "0X27" /f echo "Kerberos 서명을 통해 보안 우회 및 권한 상승 취약성을 해결합니다. 이 보안 업데이트는 공격자가 PAC 서명을 디지털 방식" echo "<a href="https://support.microsoft.com/en-gb/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb" target="_blank" class="ke-link">https://support.microsoft.com/en-gb/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb</a> " REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc" /v "KrbtgtFullPacSignature" /t REG_DWORD /d 3 /f echo "Windows 10에서 공유 경험을 활성화 또는 비활성화하는 방법 휴대폰과 연결 기능 [공유 환경]"echo "<a href="https://www.tenforums.com/tutorials/109989-enable-disable-shared-experiences-windows-10-a.html" target="_blank" class="ke-link">https://www.tenforums.com/tutorials/109989-enable-disable-shared-experiences-windows-10-a.html</a>  "REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableCdp" /t REG_DWORD /d 0 /f echo "이벤트뷰어 보안 로그 덮어 쓰지 않음 계속 저장"REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security" /v "EnableCdp" /t REG_DWORD /d "0xffffffff" /f REM "<a href="https://cafe.daum.net/candan/BLQD/63" target="_blank" class="ke-link">https://cafe.daum.net/candan/BLQD/63</a>  mdm 2545 오류 Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin 학교 계정 관련 수집 하려고 하는 놈이 있나?"REG add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Settings\AllowYourAccount" /v value /t REG_DWORD /d 0 /fREG add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Settings\AllowVPN" /v value /t REG_DWORD /d 0 /f REM " https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.MDM::MDM_JoinMDM_DisplayName " REM "악질적인 MDM 원격" REG add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM" /v DisableRegistration /t REG_DWORD /d 1 /f REG add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM" /v AutoEnrollMDM /t REG_DWORD /d 0 /f REM net share 가 안된다REM Server 서비스는 시작되지 않았습니다. 시작하시겠습니까? (Y/N) [Y]: 오류가 생긴다 시작 해도 시작이 안됨REM IPC$ <s>차단 2가 가장 높은 거라고 함</s> 0이 기본값 AI가 1로 되어 있어야 차단이라고 한다REM https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?curPage=81&seq=11818 reg.exe add hkey_local_machine\system\currentcontrolset\control\lsa\ /v RestrictAnonymous /t reg_dword /d 1 /fREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v RestrictAnonymousSAM /t reg_dword /d 1 /f  REM 안철수에서 v3 REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "SynAttackProtect" /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "TcpMaxHalfOpen" /t REG_DWORD /d 100 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "TcpMaxHalfOpenRetried" /t REG_DWORD /d 80 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "EnablePMTUDiscovery" /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "NoNameReleaseOnDemand" /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "EnableDeadGWDetect" /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "KeepAliveTime" /t REG_DWORD /d "300000" /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "PerformRouterDiscovery" /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "EnableICMPRedirects" /t REG_DWORD /d 0 /f REM 파이어 폭스 default-browser-agent.exe 문제 <a href="https://www.askvg.com/tip-disable-default-browser-agent-after-installing-mozilla-firefox/" target="_blank" class="ke-link">https://www.askvg.com/tip-disable-default-browser-agent-after-installing-mozilla-firefox/</a>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox" /v "DisableDefaultBrowserAgent" /t REG_DWORD /d 1 /f <hr data-ke-style="style3">   echo 자동로그인 해제 해보기 <a href="https://cafe.daum.net/candan/BLQD/91" target="_blank" class="ke-link">https://cafe.daum.net/candan/BLQD/91</a> schtasks /create /tn NoAutoAdminLogon /tr "reg.exe add  \"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\" /v AutoAdminLogon /d 0 /t REG_DWORD /f" /sc ONLOGON /rl HIGHEST /np echo "삭제"  echo schtasks /delete /tn AutoAdminLogonREG delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonSID /freg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /f REM "보안에 오히려 취악해짐 아래 넣으면"REM <s>REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultPassword" /t REG_SZ /f</s> REM <a href="https://blog.alyac.co.kr/2512" target="_blank" class="ke-link">https://blog.alyac.co.kr/2512</a> 악성코드 은밀하게 BITS 사용하여 데이터 전송 sc stop "BITS" & sc config "BITS" start= disabled REM 이벤트 뷰어 용량 늘리기 <a href="https://cafe.daum.net/candan/GGFN/409" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/409</a>REM  wevtutil sl security /maxsize:"5205909376"REM  wevtutil sl security /rt:true REM  wevtutil sl security /ab:true  REM "아주 고급지게 AI가 알려줌 ㅎㅎ <a href="https://cafe.daum.net/candan/GGFN/517" target="_blank" class="ke-link">https://cafe.daum.net/candan/GGFN/517</a> " REM 파워쉘에서는 %windir% 경로도 다르게 써주어야 한다 REM "    echo. && dir %windir%\System32\winevt\Logs\Archive-Security*.evtx /s /b && echo. && powershell.exe -Command "& {$answer = Read-Host '파일을 삭제하시겠습니까? (Yes/No): '; if ('Yes', 'Y' -contains $answer.ToUpper()) {Remove-Item -Recurse $env:windir\System32\winevt\Logs\Archive-Security*.evtx} else {echo '삭제를 취소합니다.'}}"     "  REM MDM "원격 어쩌구 해킹 의심 사용안함 1, 자동등록 안함 0"REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MDM" /v "DisableRegistration" /t REG_DWORD /d 1 /fREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MDM" /v "AutoEnrollMDM" /t REG_DWORD /d 0 /f  <div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/a98eccd703531b51ccaa8b4c74489b4137c35dcb?download" data-file-name="github TairikuOokami Windows blob main Windows Tweaks.txt" data-file-size="219036" data-mimetype="text/plain" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DASdB%26dataid%3D433%26fileid%3D1%26regdt%3D20221115221650&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2Fa98eccd703531b51ccaa8b4c74489b4137c35dcb')"><div class="image"></div><div class="desc"><div class="filename">github TairikuOokami Windows blob main Windows Tweaks.txt</div><div class="size">213.90KB</div></div></a></div>REM "<a href="https://learn.microsoft.com/ko-kr/deployedge/microsoft-edge-policies" target="_blank" class="ke-link">https://learn.microsoft.com/ko-kr/deployedge/microsoft-edge-policies</a> 엣지 설정 한글"REM "<a href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies" target="_blank" class="ke-link">https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies</a> 엣지 설정 영문"REM "비활성 Microsoft Edge에서 링크가 개인이나 회사 링크임을 감지하면 Microsoft Edge가 적절한 프로필로 전환하라는 메시지를 사용자에게 표시하도록 허용합니다."REM "<a href="https://github.com/TairikuOokami/Windows/blob/main/Windows%20Tweaks.bat" target="_blank" class="ke-link">https://github.com/TairikuOokami/Windows/blob/main/Windows%20Tweaks.bat</a>"reg add "HKLM\Software\Policies\Microsoft\Edge" /v "GuidedSwitchEnabled" /t REG_DWORD /d "0" /f REM "이 프로필을 사용하여 직장 또는 학교 사이트에 Single Sign-On 허용"reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AADWebSiteSSOUsingThisProfileEnabled" /t REG_DWORD /d "0" /f REM "다른 Windows 기능과 검색 데이터 공유 이 기능을 켜면 Microsoft Edge가 이 프로필의 로컬 검색 데이터를 나머지 Windows와 연결합니다."reg add "HKLM\Software\Policies\Microsoft\Edge" /v "LocalBrowserDataShareEnabled" /t REG_DWORD /d "0" /f rem "DNS 암호화 Use secure DNS (DoH) <a href="https://www.quad9.net/service/service-addresses-and-features/" target="_blank" class="ke-link">https://www.quad9.net/service/service-addresses-and-features/</a>" reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BuiltInDnsClieDnsClientEnabled" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DnsOverHttpsMode" /t REG_SZ /d "secure" /f reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DnsOverHttpsTemplates" /t REG_SZ /d "<a href="https://dns11.quad9.net/dns-query" target="_blank" class="ke-link">https://dns11.quad9.net/dns-query</a>" /f REM "크롬 dns 보안 하기 비활성 해방" reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v "BuiltInDnsClieDnsClientEnabled" /t REG_DWORD /d "1" /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v "DnsOverHttpsMode" /t REG_SZ /d "secure" /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v "DnsOverHttpsTemplates" /t REG_SZ /d /f "<a href="https://dns11.quad9.net/dns-query" target="_blank" class="ke-link">https://dns11.quad9.net/dns-query</a>"    REM "Internet Explorer 모드(IE 모드)에서 사이트를 다시 로드하도록 허용 비활성" reg add "HKLM\Software\Policies\Microsoft\Edge" /v "InternetExplorerIntegrationReloadInIEModeAllowed" /t REG_DWORD /d "0" /f REM "비활성 Internet Explorer를 사용하여 Microsoft Edge에서 사이트를 열어 보세요."REM "<a href="https://learn.microsoft.com/ko-kr/deployedge/edge-learnmore-neededge" target="_blank" class="ke-link">https://learn.microsoft.com/ko-kr/deployedge/edge-learnmore-neededge</a>"reg add "HKLM\Software\Policies\Microsoft\Edge" /v "RedirectSitesFromInternetExplorerRedirectMode" /t REG_DWORD /d "0" /f REM "빈 암호로 로그인 차단 User Account Management 4797 Guest  4625 C:\Windows\explorer.exe 해킹 시도"REM "<a href="https://bitcoder.tistory.com/134" target="_blank" class="ke-link">https://bitcoder.tistory.com/134</a> An attempt was made to query the existence of a blank password for an account."REM "<a href="https://www.stigviewer.com/stig/windows_8/2013-02-15/finding/V-3344" target="_blank" class="ke-link">https://www.stigviewer.com/stig/windows_8/2013-02-15/finding/V-3344</a>"REM "<a href="https://m.blog.naver.com/comboybox/80210973509" target="_blank" class="ke-link">https://m.blog.naver.com/comboybox/80210973509</a>"reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v "LimitBlankPasswordUse" /t REG_DWORD /d "1" /f