Create harden_step1.ps1

ransomewareimmunityproject · Jan 10, 2023 · ac37a1c · ac37a1c
1 parent 4dd6c8e
commit ac37a1c
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/harden_step1.ps1 b/harden_step1.ps1
@@ -0,0 +1,18 @@
+# Disable Remote Desktop
+Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 1
+
+# Send NTLMv2 response only/refuse LM and NTLM
+Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "LMCompatibilityLevel" -Value 5
+
+# Do not allow anonymous enumeration of SAM accounts and shares
+Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "RestrictAnonymous" -Value 1
+
+# Restrict Anonymous Access
+Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "RestrictNullSessAccess" -Value 1
+
+# Disable IE Password Cache
+Set-ItemProperty -Path "HKCU:\Software\Microsoft\Internet Explorer\IntelliForms\Storage2" -Name "Cleanup" -Value 2
+
+# Disable Edge Password Cache
+Set-ItemProperty -Path "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Credential Manager" -Name "Config" -Value 0
+