This regedit registry patch will tighten down security on a Microsoft NT v4.0 (sp3 and sp6 or 6a) machine. Changes about 55 registry entries.
17ecace1825394820a936146cb0eebe1dd734581c3df84d03e1c809bf5376982
REGEDIT4
;------[WELCOME TO WAKING NT REGISTRY]-------------------------------------
;------[WRITTEN BY NTWAK0 1999 ALL RIGHTS RESERVED]------------------------
;------[This File Will Tight A$$ Your Nt Box :)]---------------------------
;------[For Microsoft Nt 4.0 With Sp3 And Sp6 And Sp6A]--------------------
;------[Starting Registry Modification And Restriction]--------------------
;------[NOTE : TO APPLY REG FROM COMMAND LINE DO THIS:]--------------------
;------[regedit /S %PathToRegFiles%\FILENAME.REG --------------------------
;------[regedit /S \\BOXNAME\SHARENAME\FILENAME.REG -----------------------
;------[The /S switch will make the operation quiet (silent).--------------
;------[BEFOR YOU CONTINUE REVIEW THE BATCH FILE AND MAKE YOUR OWN CHANGES-
;------[IF NOT STOP THIS BY DOING CTRL AND C THEN AND MAKE YOUR CHANGE ----
;------[IF YOU LIKE TO TAKE MY DEFAULT VALUES JUST CONTINUE----------------
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"AdditionalBaseNamedObjectsProtectionMode"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\AeDebug]
"Auto"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AllocateCDRoms"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon]
"AllocateFloppies"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command]
@="notepad.exe \"%1\""
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"AuditBaseObjects"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"Autorun"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
"AutoShareServer"=dword:00000000
"AutoShareWks"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"CachedLogonsCount"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"CrashOnAuditFail"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\IPFilterDriver]
"DefaultForwardFragments=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPFilterDriver\Parameters]
"DefaultForwardFragments=dword:00000000
"EnableFragmentChecking=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableIPSourceRouting"=dword:0000001
"IPEnableRouter"=dword:0000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman]
"DisableSavePassword=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DontDisplayLastUserName"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Ole]
"EnableDCOM"="N"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters]
"EnablePortAttack"=dword:00000000
;------------------------------------------------------------------------------
;Enable this only if your network is MS network and your clients
;THIS MUST BE SET ON THE CLIENT
;will communicate only with NT server if they have this Set
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters]
;"RequireSecuritySignature"=dword:00000001
;"EnableSecuritySignature"=dword:00000001
;
;THIS MUST BE ENABLED ON THE SERVER
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
;"RequireSecuritySignature"=dword:00000001
;"EnableSecuritySignature"=dword:00000001
;------------------------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"EnablePortLocking"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman]
"ForceEncryptedPassword=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman]
"ForceEncryptedPassword=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"FullPrivilegeAuditing"=hex:01
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters]
"CreateProcessAsUser"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"LegalNoticeCaption"="Security Notice From NtWaK0!"
"LegalNoticeText"="You Have Used NtWaK0 Registry FIxer On This Computer :), HINT : You Should monitor your network traffic to identify unauthorized attempts to upload or change information or to otherwise cause damage to this Computer."
; Disable Lan Manager authentication, 0 - Send both WinNT and Lan Manager passwd forms. 1 - Send Windows NT and Lan Manager password forms if server requests it. 2 - Only send Windows NT password form
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
"LMCompatibilityLevel"=dword:00000000
;------------------------------------------------------------------------------
;ENABLE THIS ONLY IF ALL YOUR MS CLIENT COMMUNICATION WITH YOUR NT SERVER ONLY
; Disable Lan Manager authentication, 1 - Send both WinNT and Lan Manager passwd forms. 1 - Send Windows NT and Lan Manager password forms if server requests it. 2 - Only send Windows NT password form
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
;"LMCompatibilityLevel"=dword:00000001
;
; Disable Lan Manager authentication, 2 - Send both WinNT and Lan Manager passwd forms. 1 - Send Windows NT and Lan Manager password forms if server requests it. 2 - Only send Windows NT password form
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
;"LMCompatibilityLevel"=dword:00000002
;[HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA]
;"LMCompatibilityLevel"=dword:00000004
;------------------------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters]
"LogErrorRequests"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters]
"Logging=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters]
"LogSuccessfulRequests"=dword:00000001
;------------------------------------------------------------------------------
;ENABLE THIS IF YOU WANT TO DISBALE SOME MENU OPTIONS
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoDriveTypeAutoRun"=dword:00000095
;"NoFavoritesMenu"=dword:00000001
;"NoRecentDocsMenu"=dword:00000001
;"NoSetFolders"=dword:00000001
;------------------------------------------------------------------------------
;ENABLE THIS IF YOU DO NOT USE 16 BITS APPLICATIONS
;[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem]
;"NtfsDisable8dot3NameCreation"=dword:00000001
;------------------------------------------------------------------------------
[HKEY_CLASSES_ROOT\Directory\shell\WakShell\command]
@="C:\\WINNT\\System32\\cmd.exe /k cd \"%1\""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"ProtectionMode"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
"RestrictAnonymous"=dword:00000001
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaveActive"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application]
"RestrictGuestAccess=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security]
"RestrictGuestAccess=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System]
"RestrictGuestAccess=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentcontrolSet\Control\Print\Providers\LanMan Print Services\Servers]
"AddPrintDrivers"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg]
"Description"="Registry Server"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman]
"SecureVPN=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo]
"HandlerRequired"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ShutdownWithoutLogon"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Submit Control"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\DCI]
"Timeout"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"RegisterDnsARecords"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman]
"UserLmPassword=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Afd\Parameters]
"EnableDynamicBacklog"=dword:00000001
"MinimumDynamicBacklog"=dword:00000020
"MaximumDynamicBacklog"=dword:00005000
"DynamicBacklogGrowthDelta"=dword:00000010
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"BacklogIncrement"=dword:00000003
"MaxConnBackLog"=dword:00001000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"TcpMaxConnectResponseRetransmissions"=dword:00000001
;Cheers,
;------|oOo-(NtWaK0)(Telco. Eng. InfoSec Senior, Etc..)-oOo|------
;The only secure computer is one that's unplugged, locked in a
;safe, and buried 20 feet under the ground in a secret location...
;and i'm not even too sure about that one"--Dennis Huges, FBI.
;-----------------------------------------------------------------
;Live Well Do Good, Accept no limitations --:)