REGEDIT4 ;------[WELCOME TO WAKING NT REGISTRY]------------------------------------- ;------[WRITTEN BY NTWAK0 1999 ALL RIGHTS RESERVED]------------------------ ;------[This File Will Tight A$$ Your Nt Box :)]--------------------------- ;------[For Microsoft Nt 4.0 With Sp3 And Sp6 And Sp6A]-------------------- ;------[Starting Registry Modification And Restriction]-------------------- ;------[NOTE : TO APPLY REG FROM COMMAND LINE DO THIS:]-------------------- ;------[regedit /S %PathToRegFiles%\FILENAME.REG -------------------------- ;------[regedit /S \\BOXNAME\SHARENAME\FILENAME.REG ----------------------- ;------[The /S switch will make the operation quiet (silent).-------------- ;------[BEFOR YOU CONTINUE REVIEW THE BATCH FILE AND MAKE YOUR OWN CHANGES- ;------[IF NOT STOP THIS BY DOING CTRL AND C THEN AND MAKE YOUR CHANGE ---- ;------[IF YOU LIKE TO TAKE MY DEFAULT VALUES JUST CONTINUE---------------- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "AdditionalBaseNamedObjectsProtectionMode"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\AeDebug] "Auto"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AllocateCDRoms"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon] "AllocateFloppies"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command] @="notepad.exe \"%1\"" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa] "AuditBaseObjects"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoAdminLogon"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "Autorun"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters] "AutoShareServer"=dword:00000000 "AutoShareWks"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "CachedLogonsCount"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management] "ClearPageFileAtShutdown"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "CrashOnAuditFail"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\IPFilterDriver] "DefaultForwardFragments=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPFilterDriver\Parameters] "DefaultForwardFragments=dword:00000000 "EnableFragmentChecking=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] "DisableIPSourceRouting"=dword:0000001 "IPEnableRouter"=dword:0000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman] "DisableSavePassword=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DontDisplayLastUserName"="1" [HKEY_LOCAL_MACHINE\Software\Microsoft\Ole] "EnableDCOM"="N" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters] "EnablePortAttack"=dword:00000000 ;------------------------------------------------------------------------------ ;Enable this only if your network is MS network and your clients ;THIS MUST BE SET ON THE CLIENT ;will communicate only with NT server if they have this Set ;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters] ;"RequireSecuritySignature"=dword:00000001 ;"EnableSecuritySignature"=dword:00000001 ; ;THIS MUST BE ENABLED ON THE SERVER ;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" ;"RequireSecuritySignature"=dword:00000001 ;"EnableSecuritySignature"=dword:00000001 ;------------------------------------------------------------------------------ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "EnablePortLocking"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman] "ForceEncryptedPassword=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman] "ForceEncryptedPassword=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "FullPrivilegeAuditing"=hex:01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters] "CreateProcessAsUser"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "LegalNoticeCaption"="Security Notice From NtWaK0!" "LegalNoticeText"="You Have Used NtWaK0 Registry FIxer On This Computer :), HINT : You Should monitor your network traffic to identify unauthorized attempts to upload or change information or to otherwise cause damage to this Computer." ; Disable Lan Manager authentication, 0 - Send both WinNT and Lan Manager passwd forms. 1 - Send Windows NT and Lan Manager password forms if server requests it. 2 - Only send Windows NT password form [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA] "LMCompatibilityLevel"=dword:00000000 ;------------------------------------------------------------------------------ ;ENABLE THIS ONLY IF ALL YOUR MS CLIENT COMMUNICATION WITH YOUR NT SERVER ONLY ; Disable Lan Manager authentication, 1 - Send both WinNT and Lan Manager passwd forms. 1 - Send Windows NT and Lan Manager password forms if server requests it. 2 - Only send Windows NT password form ;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA] ;"LMCompatibilityLevel"=dword:00000001 ; ; Disable Lan Manager authentication, 2 - Send both WinNT and Lan Manager passwd forms. 1 - Send Windows NT and Lan Manager password forms if server requests it. 2 - Only send Windows NT password form ;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA] ;"LMCompatibilityLevel"=dword:00000002 ;[HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA] ;"LMCompatibilityLevel"=dword:00000004 ;------------------------------------------------------------------------------ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters] "LogErrorRequests"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters] "Logging=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters] "LogSuccessfulRequests"=dword:00000001 ;------------------------------------------------------------------------------ ;ENABLE THIS IF YOU WANT TO DISBALE SOME MENU OPTIONS ;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] ;"NoDriveTypeAutoRun"=dword:00000095 ;"NoFavoritesMenu"=dword:00000001 ;"NoRecentDocsMenu"=dword:00000001 ;"NoSetFolders"=dword:00000001 ;------------------------------------------------------------------------------ ;ENABLE THIS IF YOU DO NOT USE 16 BITS APPLICATIONS ;[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem] ;"NtfsDisable8dot3NameCreation"=dword:00000001 ;------------------------------------------------------------------------------ [HKEY_CLASSES_ROOT\Directory\shell\WakShell\command] @="C:\\WINNT\\System32\\cmd.exe /k cd \"%1\"" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "ProtectionMode"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA] "RestrictAnonymous"=dword:00000001 [HKEY_USERS\.DEFAULT\Control Panel\Desktop] "ScreenSaveActive"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application] "RestrictGuestAccess=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security] "RestrictGuestAccess=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System] "RestrictGuestAccess=dword:00000001 [HKEY_LOCAL_MACHINE\System\CurrentcontrolSet\Control\Print\Providers\LanMan Print Services\Servers] "AddPrintDrivers"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] "Description"="Registry Server" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman] "SecureVPN=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo] "HandlerRequired"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "ShutdownWithoutLogon"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Submit Control"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\DCI] "Timeout"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "RegisterDnsARecords"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman] "UserLmPassword=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Afd\Parameters] "EnableDynamicBacklog"=dword:00000001 "MinimumDynamicBacklog"=dword:00000020 "MaximumDynamicBacklog"=dword:00005000 "DynamicBacklogGrowthDelta"=dword:00000010 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "BacklogIncrement"=dword:00000003 "MaxConnBackLog"=dword:00001000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] "TcpMaxConnectResponseRetransmissions"=dword:00000001 ;Cheers, ;------|oOo-(NtWaK0)(Telco. Eng. InfoSec Senior, Etc..)-oOo|------ ;The only secure computer is one that's unplugged, locked in a ;safe, and buried 20 feet under the ground in a secret location... ;and i'm not even too sure about that one"--Dennis Huges, FBI. ;----------------------------------------------------------------- ;Live Well Do Good, Accept no limitations --:)