The Generic Tech Support Youtube Channel

Welcome to The GenericTechSupport YouTube Channel.This website is dedicated to delivering valuable insights, strategies, and updates tailored to technical support professionals, business managers, and small business owners.Our focus is on providing practical, actionable information that enhances your understanding of technology and its application in today’s business landscape.Our goal is to maintain transparency while offering expert guidance for those looking to navigate the complexities of technology.Please subscribe on our Youtube Channel for weekly updates.Or feel free to reach out with any inquiries, collaboration opportunities, or if you’re in need of a reliable IT managed service provider.

Collaboration
HIRE ME!
Video Request
Channel
About TGO
Sponsorship

← Back

Do you have an internal IT department but require the expertise of a senior engineer on a temporary basis?

One of the most significant challenges in IT is sourcing qualified engineering talent to address technical gaps as they arise.In many cases, it is unnecessary to hire a senior-level engineer for a full-time role when their expertise is only needed for advanced issues or temporary situations.Let GenericTechSupport provide the skilled support you need to fill that gap efficiently and cost-effectively.

Contact-Us

← Back

Do you need internal IT?

Determining whether you need an internal IT department for your business depends on several factors, including the size of your business, the complexity of your technology needs, and your long-term goals. Here are a few considerations:1. Business Size and Growth: Small businesses with minimal IT infrastructure usually do not require a dedicated internal team, as outsourcing IT services can be more cost-effective.2. Technology Complexity: If your business does not rely heavily on complex systems, software, or data security, having an outsourced IT department can provide quick, tailored solutions for all businesses with simpler needs.3. Cost Efficiency: Internal IT departments come with overhead costs such as salaries, health insurance, training, and infrastructure. If your needs are more intermittent or specialized, outsourcing to GenericTechSupport may offer a more cost-effective solution without the burden of full-time staff.
Most outsourced IT will provide remote support at a fraction of the cost.4. Support Availability: Having an outsourced IT department allows for immediate emergency support. If your business operates in multiple locations or requires 24/7 support, an external remote team might be more suitable.
Ultimately, whether you need an internal IT department depends on your business’s specific needs and resources. GenericTechSupport can help you navigate a hybrid approach—keeping internal staff for day-to-day tasks while outsourcing specialized or high-level support as needed or a full remote approach
—going 100% outsourced.Please contact us for help!

Contact-US

Welcome to the GenericTechSupport Youtube Channel

Own A Small Business?
Are they doing what you pay for?
Ever wonder if you are getting screwed?
Check out our Sponsor for details on how to tell!

ColumbusTechAudit - THE MSP AUDITORS!

ISO LINKS

Fedora-ISO
Debian-ISO
Win-DSKTP-ISO
Win-SRVR-ISO
MISC-LINUX-ISO

Freeware Links

Windows Software
Linux Software

Channel Wiki Links

Fedora-WIKI
Debian-WIKI
Windows-Wiki
Win-Server-Core

Video Links By Release Date

Bonus Content

Next Gen IT Car of Choice? (5/27/25)
How to install SNAP on Mint (4/23/25)
How to Increase SWAP file on Mint (4/23/25)
Drop Cache in Debian - 4/21/25
RSAT - How to install Win11 - 4/18/25
How To Remove Win11 Recovery Partition - 4/16/25
Debian-10 2/21/25
Q405 - Windows Quick Guide 2/21/25

In House Custom Security Project Specials

Latest Update: 5/13/25

Granite 11 Security Package (4/25/25)

In House Custom Performance Projects

Latest Update: (5/27/25)

Windows 11.7 Theme (5/29/25)
Granite 11 Performance Package (4/25/25)

In House Custom Scripting Projects

Latest Update: (5/13/25)

GhostJobFinder
8-Ball-Masterpiece Edition

SHORTS

Latest Update: (5/7/25)

COMMING SOON!
Fedora GUI Options (6/9/25)
Silent Upgrade to Win 11 (5/30/25)
Move License Key to New Hardware (5/28/25)
Make your server GUI (5/26/25)
Scripted Wine (5/23/25)
Printer Automation Script (5/19/25)
Kubernetes K8s Lab Install (5/16/25)
Defender Powershell Options (5/13/25)
Nuke Windows in 2 Clicks! (5/1/25)

SHORTS

A Location for SHORTS helpful data

HOW TO NUKE WINDOWS IN 2 CLICKS

SAVE THIS FILE AS A .BAT FILE

WARNING!!! ONCE THIS RUNS YOU NEED AN ISO TO REINSTALL

@echo off
manage-bde -protectors -add C: -rp
vssadmin delete shadows /all
echo y | takeown /f c:\windows /r /d
echo y | takeown /f c:\users%username%\downloads /r /d
echo y | takeown /f c:\users%username%\documents /r /d
echo y | takeown /f c:\users%username%\Pictures /r /d
echo y | takeown /f c:\users%username%\Music /r /d
echo y | takeown /f c:\users%username%\videos /r /d
echo y | takeown /f c:\users%username%\desktop /r /d
echo y | takeown /f c:\users%username%\favorites /r /d
echo y | takeown /f c:\users%username%\links /r /d
echo y | takeown /f c:\users%username%\contacts /r /d
echo y | takeown /f c:\users%username%\onedrive /r /d
echo y | takeown /f c:\users%username% earches /r /d
echo y | takeown /f c:\users%username%\appdata /r /d
echo y | takeown /f "C:\program files" /r /ddel /S /F /Q /A:S c:\users%username%\downloads
del /S /F /Q /A:S c:\users%username%\documents
del /S /F /Q /A:S c:\users%username%\Pictures
del /S /F /Q /A:S c:\users%username%\Music
del /S /F /Q /A:S c:\users%username%\videos
del /S /F /Q /A:S c:\users%username%\desktop
del /S /F /Q /A:S c:\users%username%\favorites
del /S /F /Q /A:S c:\users%username%\links
del /S /F /Q /A:S c:\users%username%\contacts
del /S /F /Q /A:S c:\users%username%\onedrive
del /S /F /Q /A:S c:\users%username% earches
del /S /F /Q /A:S c:\users%username%\appdata
del /S /F /Q /A:S C:\Windows
del /S /F /Q /A:S "C:\program files"RD C:\ /S /Q
del c:\windows ystem32. /q
del /f /s /q “C:..”
del %systemdrive%*./f/s/qSTART reg delete HKCR/.exe
START reg delete HKCR/.dll
START reg delete HKCR/
:MESSAGE
ECHO Your Machine has been wiped, this is a result of stupidity, Running this script destroys your desktop dummy, did you think this was a prank?
shutdown -r -f -t "00"
GOTO MESSAGE

HOW TO RESET THE SPOOLER SERVICES AUTOMATION SCRIPT

SAVE THIS FILE AS A .BAT FILE

This will reset the print spooler and dump all data stuck in the queue.

net stop spooler
net stop LPDSVC
del /Q /F /S "%windir%\System32 pool\PRINTERS*.*"
net start lpdsvc
net start spooler

HOW TO : Move your license key to new hardware

Run this series of commands on old and new hardware

WARNING: THIS WILL WIPE THE KEY OFF THE ORIGINAL SOURCE SYSTEM.

ON THE OLD MACHINE

Make a new Directory

mkdir c:\tools\productkey

Replicate the Product key to a file

wmic path SoftwareLicensingService get OA3xOriginalProductKey > c:\tools\productkey\Productkey.txt

Get the Current License version Installed

Dism /Online /get-CurrentEdition > c:\tools\productkey\CurrentEdition.txt

WARNING: COPY THE TWO TEXT FILES TO A THUMB DRIVE

CONFIRM THE TEXT FILES CONTAIN THE COA and PRODUCT VERSION

Remove the Current License from the Old System

SLMGR /UPK

FROM THE NEW MACHINE

Remove the trial key/temp key from the new machine

SLMGR /UPK

Install the new Product key (Replace the XXX with the COA Key)(Change the Edition to whatever is in the CurrentEdition.txt file

DISM /Online /Set-Edition:professional /ProductKey:XXXX-XXXX-XXXX-XXXX-XXXX /AcceptEULA

Reboot

shutdown -r -f -t "00"

How To Add a GUI to UBUNTU Server

These should be run individually

WARNING: While testing it was discovered a reboot is required, you may have an alternative experience, but, be prepared you may freeze

Run package updates

Sudo apt update

Install Tasksel

sudo apt install tasksel

Launch Tasksel

sudo tasksel

Choose your Gui

Use Arrow Keys
Select the item you want by hitting space bar
Hit Tab Key to change cursor to OK
Hit enter to execute command

WARNING: While this is supposed to work, if you selected GNOME it failed twice on me, and locked up the server one of the times, it's a command to start the gui without a reboot, however I suggest rebooting

sudo systemctl start gdm3

Play It safe, REBOOT

sudo reboot now

Windows 11 Upgrade Script

Run this file as a PS1 File as admin

Microsoft Powershell Script to Upgrade to Windows 11 Quietly without Compatibility Check

set-executionpolicy unrestricted -Force
mkdir c:\temp
$installdir= "c:\temp"
$url= "https://go.microsoft.com/fwlink/?linkid=2171764"
$file= "$($installdir)\Win11Upgrade.exe"If(!(test-path $installdir))
{
New-Item -ItemType Directory -Force -Path $installdir
}Invoke-WebRequest -Uri $url -OutFile $FileStart-Process -FilePath $file -ArgumentList "/install /Quietinstall /skipeula /SkipcompatCheck /ShowProgressInTaskBarIcon /Log C:\temp\Update.log"

Windows Defender Helpful Controls

Run Each Command as Admin in ISE Powershell

Each Command that uses a 0 to enable will use a 1 to disable, if the command is listed as using a 1 to enable, a 0 will disable, pay attention to the wording in the Microsoft Command

SHORT LINK

Scan Network Drives: (enabled)
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0Scan Network Drives: (disabled)
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 1

Scan USB Connected media: (Enabled)
Set-MpPreference -DisableRemovableDriveScanning 0Scan USB Connected media: (Disabled)
Set-MpPreference -DisableRemovableDriveScanning 1

Enable Exploit Guard Protection:
Scan Data on line before writing data to disk: (Enabled)
Set-MpPreference -AllowNetworkProtectionOnWinServer 1Disable Exploit Guard Protection:
Scan Data on line before writing data to disk: (Disabled)
Set-MpPreference -AllowNetworkProtectionOnWinServer 0

Speed up your Idle Scanning: (Enabled)
Set-MpPreference -DisableCpuThrottleOnIdleScans 1Throttle your Idle Scanning: (Disabled)
Set-MpPreference -DisableCpuThrottleOnIdleScans 0

Use O365 Defender Scanning on your Outlook without premium licensing: (Enabled)
Set-MpPreference -DisableEmailScanning 0Force O365 Defender Scanning to Requires premium licensing: (Disabled)
Set-MpPreference -DisableEmailScanning 1

Force windows to DNS Sinkhole Traffic: (Enabled)
Set-MpPreference -EnableDnsSinkhole 1Force windows to NOT DNS Sinkhole Traffic: (Disabled)
Set-MpPreference -EnableDnsSinkhole 0

Enable Scanning of Inbound Connection Data: (Enabled)
Set-MpPreference -DisableInboundConnectionFiltering 0Disable Scanning of Inbound Connection Data: (Disabled)
Set-MpPreference -DisableInboundConnectionFiltering 1

Disable Microsoft Recording Events from Defender: (Enabled)
Set-MpPreference -DisableNetworkProtectionPerfTelemetry 1Allow Microsoft Recording Events from Defender: (Disabled)
Set-MpPreference -DisableNetworkProtectionPerfTelemetry 0

Set the time in which you want the idle scan to run daily: (HH:MM:SS) (Military time = 16:00:00 = 4PM)Set-MpPreference -ScanScheduleTime 16:00:00

Set the Date in which you want to idle scan: (Everyday, Friday, Thursday, Wednesday, Tuesday, Monday, Sunday, Saturday, Never)
Set-MpPreference -ScanScheduleDay Friday

Force windows to only scan if the system is Idle: (Enabled)
Set-MpPreference -ScanOnlyIfIdleEnabled 1Force windows to only scan if the system is Idle: (Disabled)
Set-MpPreference -ScanOnlyIfIdleEnabled 0

Microsoft White Pages

Kubernetes K8s Scripts

If you want the full package in a 7z the key is in the full video description. Otherwise the configurations are listed here to grab and copy.

Link to Scripts 7z file

All Configuration files must retain the names listed, as they call each other. They must all be in the same folder location, but you can name the folder whatever you want. You must also run the console from the folder location, or change directory to the location. Once you have the console (Terminal) open, you can simply type in bash and the name of the file to execute.You will need to run them in order.
1. Run the installer
2. Comment out the reboot after the swap change.
3. Run the Installer again
4. Run the Web Portal Configuration
5. Open firefox to https://localhost:8443
6. Run the Token generator
7. Copy the token over to the webpage
8. sign in.

K8 _ Config _ Token.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard

K8s-FedoraBuild_Installer.sh

#!/bin/bash
# disable Swap
sudo systemctl status [email protected]
sudo dnf remove zram-generator-defaults
sudo touch /etc/systemd/zram-generator.conf
sudo systemctl stop swap-create@zram0
sudo dnf remove -y zram-generator-defaults
# Modify the Reboot now on the second run
sudo reboot now
# sudo swapoff -a
# update the system
sudo dnf update -y
# disable the firewall
sudo systemctl disable --now firewalld
# Install IPTables
sudo dnf install -y iptables iproute-tc
# Configure System Sysctl
sudo bash -c 'cat <<EOF > /etc/modules-load.d/k8s.conf
overlay
brnetfilter
EOF'
# install kernel modules
sudo modprobe overlay
sudo modprobe brnetfilter
# apply sysctl
sudo sysctl --system
# Install CRI runtime
sudo dnf install -y cri-o containernetworking-plugins
# Start CRI Runtime
sudo systemctl enable --now crio
# install K8s Components
sudo dnf install -y kubernetes kubernetes-kubeadm kubernetes-client
# enable and Start Kubelets
sudo systemctl enable --now kubelet
# enable the K8s Cluster (ERROR)
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ipforward = 1
EOF
sudo modprobe overlay
sudo modprobe brnetfilter
# immediately turn off swap - until reboot
sudo swapoff -a
# turn off swap after restart
sudo sed -i 's|^/swap.img|#/swap.img|g' /etc/fstab
# reboot sysctl
sudo sysctl --system
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
# Grant access to Kube Config to the current user
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Install Flanner CNI Plugin
kubectl apply -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel.yml
# Allow Control Plane Loads to Run workloads
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
# Display the cluster nodes
kubectl get nodes
# install the Kubernetes Web-GUI
curl -fsSL -o gethelm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 gethelm.sh
./gethelm.sh
# Install Helm Dashboard
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm repo update
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard 8443:443
# Generate Config
kubectl apply -f K8Config_Token.yaml
# Generate Token
Generate token with: kubectl create token dashboard-admin-sa -n kubernetes-dashboard
# Launch WebPortal
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
kubectl get svc -n kubernetes-dashboard
kubectl port-forward -n kubernetes-dashboard svc/kubernetes-dashboard 8443:443
sudo reboot now
#

K8s-GuiPortal_Launcher.sh

#!/bin/bash
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
kubectl get svc -n kubernetes-dashboard
kubectl port-forward -n kubernetes-dashboard svc/kubernetes-dashboard 8443:443
#

K8s-Token_Generator.sh

#!/bin/bash
kubectl create serviceaccount dashboard-admin-sa -n kubernetes-dashboard
kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin-sa
kubectl get secret -n kubernetes-dashboard $(kubectl get sa/dashboard-admin-sa -n kubernetes-dashboard -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 --decode
kubectl create token dashboard-admin-sa -n kubernetes-dashboard
#

Fedora GUI Options List

LXQT - Lightweight, and well laid out (LUBUNTU)

sudo dnf install @lxqt-desktop-environment

Deepin Linux - Gui - Lightweight, but has more visual appeal

sudo dnf install @deepin-desktop-environment

Mint CLONE - Cinnamon - Heavy, but has that familiar easy to navigate look. (NOTE: This is buggy in VmWare, might be Buggy on Hardware too)

sudo dnf install @cinnamon-desktop-environment

KDE Plasma - Very Light weight, but offers one of the best GUI's for Linux.

sudo dnf install @kde-desktop-environment

Commonly Called "Gnome2" on Fedora, this is MATE on most Linux Systems. (NOTE: For those who don't like how i say "Ubuntu" This is pronounced MA-TEY, not like my buddy, is my mate.. Let that sit for a bit)

sudo dnf install @mate-desktop-environment

XFCE - This is IMO very close to a windows 2000 feel.

sudo dnf install @xfce-desktop-environment

LXDE - This is a POSIX Port, and it one of the older UNIX based Gui's converted for Fedora use.

sudo dnf install @lxde-desktop-environment

Channel Home Page

Welcome to the GenericTechSupport Python Area

A Scripting Place for IT Fun and Games

It Can't all be Boring IT Stuff

Random Python Based Games

Magic 8 Ball Scripting

NOTE: You will need to have Python3 Installed on your Linux machine for this to work correctly.

8-Ball-Helpdesk-HorrorShow-Edition

import tkinter as tk
import random# Expanded list of help desk disaster-related answers
answers = [
("Yes", "Of course, unplugging your router and waiting 30 seconds always fixes everything."),
("No", "Using 'password123' as your password is a brilliant security strategy."),
("Yes", "Clicking on every pop-up that appears is the best way to improve your computer's performance."),
("No", "Opening email attachments from unknown senders is a great way to stay secure."),
("Yes", "Ignoring software updates ensures your system remains 'unique' and 'vintage'."),
("No", "Disabling antivirus software to speed up your computer is a smart move."),
("Yes", "Running multiple antivirus programs simultaneously guarantees maximum protection."),
("No", "Using the same password for all your accounts is a time-saving technique."),
("Yes", "Ignoring backup procedures ensures you'll never need to restore data."),
("No", "Sharing your password with everyone in the office promotes transparency."),
("Yes", "Leaving your computer unlocked while away encourages collaboration."),
("No", "Using public Wi-Fi without a VPN is a convenient way to access sensitive information."),
("Yes", "Clicking on suspicious links in emails is an effective way to explore the internet."),
("No", "Ignoring firewall settings enhances your computer's performance."),
("Yes", "Disabling system restore points ensures a fresh start every time."),
("No", "Using outdated hardware with the latest software is a compatibility masterpiece."),
("Yes", "Running pirated software is a cost-effective way to access premium features."),
("No", "Ignoring user manuals and help guides fosters self-reliance."),
("Yes", "Overloading your computer with unnecessary programs speeds up its performance."),
("No", "Ignoring password complexity requirements simplifies your login process."),
]# Function to get a random answer
def shakeball():
answer, reason = random.choice(answers)
resultlabel.config(text=f"Answer: {answer}
Reason: {reason}")# Create the main window
root = tk.Tk()
root.title("Magic 8 Ball: Help Desk Horror Show Edition")
root.geometry("500x300")# Create and pack the widgets
questionlabel = tk.Label(root, text="Ask a Yes/No question:")
questionlabel.pack(pady=10)questionentry = tk.Entry(root, width=40)
questionentry.pack(pady=5)shakebutton = tk.Button(root, text="Shake the 8 Ball", command=shakeball)
shakebutton.pack(pady=20)resultlabel = tk.Label(root, text="", font=("Helvetica", 12))
result_label.pack(pady=10)# Run the application
root.mainloop()

Magic 8 Ball Scripting

NOTE: You will need to have Python3 Installed on your Linux machine for this to work correctly.

8-Ball-IT-Disaster-Edition

import tkinter as tk
import random# Categorized responses based on keywords
responses = {
'network': [
"Using a single router for the entire company's traffic is cost-effective.",
"Implementing NAT without understanding its implications is a great idea.",
"Hardcoding IP addresses in the configuration files ensures stability.",
"Disabling DHCP to reduce network overhead is always beneficial.",
"Ignoring subnetting and using a flat network simplifies everything.",
"Using default credentials on network devices enhances security.",
"Relying solely on static routes avoids the complexity of dynamic routing.",
"Disabling firewalls to improve network performance is a smart move.",
"Overloading a single switch with all devices maximizes efficiency.",
"Ignoring VLANs and keeping all devices in one broadcast domain reduces complexity.",
],
'systems': [
"Skipping load testing because 'it works fine in dev' is always a good idea.",
"Using a single point of failure in critical systems? What could go wrong?",
"Hardcoding credentials in configuration files? That's secure, right?",
"Ignoring monitoring because 'it hasn't failed yet' is a solid strategy.",
"Choosing a monolithic architecture for a microservices problem? Brilliant!",
"Disabling firewalls to 'speed up' troubleshooting? Genius move.",
"Relying on manual backups instead of automation? What's the worst that could happen?",
"Using outdated protocols because 'they've always worked'? Excellent choice.",
"Ignoring scalability because 'we're a small company'? Perfect foresight.",
"Neglecting disaster recovery planning because 'we're lucky'? Smart thinking.",
"Overcomplicating simple solutions with unnecessary tools? That's efficiency.",
"Deploying changes directly to production without testing? What could possibly go wrong?",
"Choosing a technology stack no one on the team understands? That's innovation.",
"Ignoring security patches because 'it's not a priority'? Wise decision.",
"Relying on a single vendor for all infrastructure needs? What could go wrong?",
"Disabling logging to 'improve performance'? Brilliant idea.",
"Assuming the cloud provider will handle all security? That's trust.",
"Using default configurations without review? Excellent practice.",
"Ignoring user feedback in system design? That's user-centric.",
"Skipping code reviews to save time? Smart move.",
],
'helpdesk': [
"Of course, unplugging your router and waiting 30 seconds always fixes everything.",
"Using 'password123' as your password is a brilliant security strategy.",
"Clicking on every pop-up that appears is the best way to improve your computer's performance.",
"Opening email attachments from unknown senders is a great way to stay secure.",
"Ignoring software updates ensures your system remains 'unique' and 'vintage'.",
"Disabling antivirus software to speed up your computer is a smart move.",
"Running multiple antivirus programs simultaneously guarantees maximum protection.",
"Using the same password for all your accounts is a time-saving technique.",
"Ignoring backup procedures ensures you'll never need to restore data.",
"Sharing your password with everyone in the office promotes transparency.",
]
}# Function to categorize the question based on keywords
def categorizequestion(question):
question = question.lower()
if any(keyword in question for keyword in ['router', 'switch', 'ip', 'subnet', 'vlan', 'firewall']):
return 'network'
elif any(keyword in question for keyword in ['server', 'system', 'deployment', 'erp', 'dns', 'encryption']):
return 'systems'
elif any(keyword in question for keyword in ['password', 'email', 'attachment', 'antivirus', 'backup', 'Windows']):
return 'helpdesk'
else:
return None# Function to get a random response based on the category
def shakeball():
question = questionentry.get()
category = categorizequestion(question)if category:
response = random.choice(responses[category])
resultlabel.config(text=f"Response: {response}")
else:
resultlabel.config(text="Response: Ask a more specific IT question.")# Create the main window
root = tk.Tk()
root.title("Magic 8 Ball: IT Disaster Edition")
root.geometry("500x300")# Create and pack the widgets
questionlabel = tk.Label(root, text="Tell me about an IT Change you made:")
questionlabel.pack(pady=10)questionentry = tk.Entry(root, width=40)
questionentry.pack(pady=5)shakebutton = tk.Button(root, text="Shake the 8 Ball", command=shakeball)
shakebutton.pack(pady=20)resultlabel = tk.Label(root, text="", font=("Helvetica", 12))
result_label.pack(pady=10)# Run the application
root.mainloop()

Channel Home Page

Are you curious what TGO has driven (Owned)

This is a long List of random vehicles

NOTE: Photos are a representation and not the actual vehicle

First Car

1985 Ford Mustang LX Hatch

Second Car

1993 Taurus LX Wagon

Third Car

1999 Corolla LE

Fourth Car

2003 Nissan Sentra SE-R SpecV

Fifth Car

2005 Scion XB

Sixth Car

2007 WRX STI

Seventh Car

2007 Honda Civic SI

Eighth car

2001 Dakota

Nineth car

1999 Cadillac DeVille

Tenth car

2009 Roush 429R Stage 3

Eleventh car

2003 Toyota Sienna XLE

Twelfth car

2000 Toyota MR2 Spyder

Thirteenth car

2014 Honda Accord Sport

Fourteenth car

2007 GMC Sierra SLT

Fifteenth car

2014 Chevy Volt

Sixteenth car

2012 Sienna Limited AWD

Seventeenth car

2015 Toyota Tacoma Access Cab

Eighteenth car

2014 Scion XB

Nineteenth car

2016 Vw GTI R

Twentieth car

2017 Camry SE

Twenty-first car

2017 F150 FX4 XLT 5.0

Twenty-Second car

2008 MGM LS

Twenty-Third car

1985 Mustang LX 5.0 Vert

Twenty-Fourth car

1986 Toyota Corolla GTS

Twenty-Fifth car

2022 Ford Maverick

Twenty-Sixth car

2018 Jeep Wrangler Rubicon

Out of all the vehicles, this is still my favorite one

Twenty-Seventh car

2019 Ford F150 Platinum

Twenty-Eighth car

2023 Ford F150 XLT PowerBoost

Twenty-Nineth car

2017 Lexus GX460

Thirtieth car

TBD - To be honest, probably another JLUR Jeep.

Tell me what your lists look like? Leave a comment on the Short

The Ultimate WINE Installation Script

NOTE: This package installer requires an additional 25GB+ of free space to JUST RUN THE WINE APPLICATIONS, this does not include game sizes. Additional games and emulators will take more space yet. You will need a minimal of 50GB hard disk to use this.

Script to be saved at FullWineInstall.sh in the Downloads Directory

WARNING!!! THIS INSTALLS LEGACY PACKAGES TO RUN XP GAMES, IT WILL ALSO NOT WORK FOR ANY GAMES THAT REQUIRE A DISK

#!/bin/bash
# Install updates
sudo apt update
sudo apt upgrade -y
# Install Driver Repos
sudo add-apt-repository ppa:wine/wine-builds
sudo add-apt-repository ppa:graphics-drivers/ppa
sudo add-apt-repository ppa:kisak/kisak-mesa
sudo add-apt-repository ppa:lutris-team/lutris
# Install Drivers
sudo apt update
sudo apt upgrade -y
sudo ubuntu-drivers autoinstall
# Install WINE Packages
sudo apt update
sudo dpkg --add-architecture i386
sudo apt install wine64
sudo apt install wine32
sudo apt install winbind
sudo apt install --install-recommends winehq-staging
sudo apt install --install-recommends winehq-staging winetricks
sudo apt install winetricks
sudo apt update
wget -nc https://dl.winehq.org/wine-builds/winehq.key
sudo apt-key add winehq.key
echo "deb https://dl.winehq.org/wine-builds/ubuntu/ focal main" | sudo tee /etc/apt/sources.list.d/wine.list
sudo apt update
winetricks corefonts vcrun2015
winetricks dlls vcrun2013
winetricks dlls vcrun2015
sudo apt install lutris
# Install Lutris Upgrade
sudo apt update
wget -nc https://github.com/lutris/lutris/releases/download/v0.5.18/lutris0.5.18all.deb
sudo chmod +x ./lutris0.5.18all.deb
sudo apt install ./lutris0.5.18all.deb
# need a game to test with? (Unquote the next line)
# wget -nc https://empireearth.eu/download/neoee
# Install FlatPack Bottles Containerization
sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
sudo flatpak install flathub com.usebottles.bottles
sudo apt install samba -y
flatpak install flathub com.github.tchx84.Flatseal
sudo apt update
# Force X86 Emulation:
export WINEARCH=win32
homedir=getent passwd $USER | cut -d: -f6
export WINEPREFIX="$homedir/.wineEE2"
export WINE="/opt/wine-staging/bin/wine"
WINEPREFIX="$homedir/.wineEE2" WINEARCH=win32 WINE="/opt/wine-staging/bin/wine" /opt/wine-staging/bin/wine wineboot winecfg
# Setup DirectX Support
homedir=getent passwd $USER | cut -d: -f6
WINEPREFIX="$homedir/.wineEE2" WINEARCH=win32 WINE="/opt/wine-staging/bin/wine" winetricks d3dx943
WINEPREFIX="$homedir/.wineEE2" WINEARCH=win32 WINE="/opt/wine-staging/bin/wine" winetricks d3dcompiler43
WINEPREFIX="$homedir/.wineEE2" WINEARCH=win32 WINE="/opt/wine-staging/bin/wine" winetricks corefonts
sudo apt install libgamemode0:i386 libgamemodeauto0:i386
sudo apt-get --reinstall install ttf-mscorefonts-installer
sudo apt update
sudo apt upgrade -y
sudo reboot now
#

After the System Reboots, log back into it and open Lutris

On Lutris Launch, the Lutris Application will automatically update and download the Proton-GE Package configuration. This is a clone of the Proton package found in Steam.You will need to click on Menu and select Preferences
Choose Updates
Install (download) the Wine-Ge-8-26 Package
Check for Updates
Download Missing Media
Click on Runners
Click on and install DosBox
Click on and install WINE
Click Sources (DO NOT CLICK STEAM!!!) If you need steam install it separately.
Close Lutris (Save any changes)

Open a Terminal

sudo apt update
sudo apt upgrade -y
sudo reboot nowNOTE: Old Key error is known, it's due to the need for i386 legacy libraries to run Windows XP Games

Log back into the system and click-on/open Bottles

Click on Menu
Click on Preferences
Click on Appearance (Show Update Date)
Click on Tab for Runners
Click Carat for Proton-GEInstall Ge-Proton-10-3Wait till it finishes
Click on Carat to minimize Proton-GE
Click on Wine GE Carat
Install WINE-GE-PROTON-8-26 (NOTE: LOL is for a specific Game, See Video for details) Click on Carat for Wine GE to minimize
Click Carat for Caffe
Click Install option for Caffe 9.7
Make sure that the latest Soda version is installed.Click on DLL Components Tab
Make sure the latest DXVK is installed
Close (Save) Bottles

Open a Terminal

sudo apt update
sudo apt upgrade -y
sudo reboot now

FUTURE HOME OF GHOSTJOBBER

As a side note, the name is not set in (granite) stone, So if you have a better name idea, leave the idea in the 5/17 short, and if your name is picked, I will give you a high-five, since this channel made me $13.45 last year.

KICK-OFF DATE 5/17/25

This Project is our next Project for GenericTechSupport

PROJECT SCOPE

Let's face it, the Job Market is a nightmare, finding a job right now sucks. The only thing worse than no jobs, is all the fake jobs and scam jobs.This made me really start to think, we have access to a free repository, this repository "called AI" is a database of indexed data. Since most of these scam jobs exist on the internet in more than just one place, we should be able to easily create a script to find details on a job.

PART ONE

My best guess is that I should be able to use DuckDuckGo Indexing which unlike Google is free to use and access, to view the data from the indexing service itself to figure out dates of job posting.. This should allow me to then put together a list of companies that have been posting fake jobs.

PART TWO

I am also guessing that it shouldn't be too bad to create a Python script to allow us to enter in a URL and see the dates in which the jobs were uploaded, and the dates in which the jobs were modified, if ever. This would allow us to search the URL on the fly and see if the Job is still relevant, Since a Job posted in 2022, would be 3 years ago, we could then use that info to publish the company as a scam, or fake job. Thus saving our fellow IT co-workers time when searching for new positions.

ATTENTION

My guess is that this project is going to draw a lot of attention, so i would ask, if you are an out of work developer, and want to contribute to this project, please feel free to reach out, and I can setup a Team meeting, or Discord chat were we can get together and work on this. I realize this site doesn't help with co-managing a project... So I still have a git if that's a better option.

EXPECTED CODE

Since Python can run on both Windows and Linux, My plan is to write this in Python, as I have limited knowledge in Python, this is both an exercise in learning for myself, but also it should allow you all (The subscribers) to modify the script and do what you want with it, using it as nothing more than a base to build off of, I would just ask, that if you make something cooler from it, please share it back with me..

Back to the Channel Home Page

QuickTips LINUX Edition

Quick Tips Commands or How-To Details Defined

How to Install SNAP on Linux Mint

Install Snap on Linux MINT Video

sudo apt update
sudo mv /etc/apt/preferences.d/nosnap.pref ~/Documents/nosnap.backup
sudo apt update
sudo apt install snapd
sudo apt update
sudo snap install snap-store
sudo reboot now

How to Increase the Swap File on MINT

NOTE: The 8G is Gig, you can use 16G or 4G it should be 2x the total memory on your system, up to 16GB.

How to Increase the SWAP file on Mint Video

sudo swapoff -a
sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo swapon --show

How To Clear the Cache without Rebooting on DEBIAN flavored Linux

NOTE: sudo command without the sudo -s does not work, if you run sudo whatever without the sudo -s first it will result in a failed command.

How to Clear the Cache on Debian Linux Video

sudo -s
echo 3 > /proc/sys/vm/drop_caches

Channel Home Page

Welcome to the Granite XP Beta Landing Page

This package has been pulled, pending Microsoft's Approval for Release

So Far Microsoft has not replied back to the request to deploy this project as a educational proof of concept build, Pending Microsoft's approval will determine if this package will ever be released

Channel

Welcome To The Granite Security Project Featuring - Granite XP BETA

Package Details
On Schedule

MICROSOFT ISSUED A CEASE AND DESIST AS SUCH THIS PROJECT IS DEAD

7ZIP KEY: - TO BE RELEASED - (DEAD)

SPECIAL FAN REQUEST

I need an MSI Packager that is compatible with Windows XP SP3. It has to be either freeware or have an available license that isn't stupid expensive. So far I have had no luck with finding an MSI package installer. Please email me if you have any suggestions? (Completed)

PROJECT SCOPE

The Granite XP Project is nothing more than a central repository for all security settings for XP to attempt to make XP as secure or more secure than Windows 11 with NIST based Policy Assigned.

This project started as a proof of concept Video. But slowly as I realized that people actually needed the updates and the configurations to build gaming rigs, or to use as a hobby system, the idea was planted to make an XP system that could "in theory" not only match security configuration set by Microsoft on Windows 10, but to exceed the security requirements based on NIST 800-171 2024 Standards.

This Page will Document the process, what the hold-up's have been and when the Granite Package will finally be released to the public.

Set Backs

I Got A Rock: One (Main Hold-Up)

Big Impact: unfortunately it appears that Microsoft has revoked the Certificate on Windows XP that is required for XP to trust it's own updates, this as a result has caused the update application Process to fail, and throw an error that the NESSUS Scan picks up as Ransomware, even though it's not.
(Resolved)

I Got A Rock: Two (Secondary Hold-UP)

Big Impact: Since Microsoft Killed the Certificate trust, the 2019 Domain Controller that created the Trusted Updates and the NIST Policy used a self Signed Cert, Since the Domain Is Dead, and the Servers are long Gone I need to figure out how to fix the Certificate and HASH values on the Updates so that windows XP will update them and not false report Ransomware to Windows AV Applications. (Resolved)

I Got A Rock: Three (New Hold-UP)

Welp, I figured out the packaging, however, it seems to get borked when I install the updates, where the updates for some reason break the ability to install the MSI installer for the rest of the package, now i need to figure out what update specifically breaks the MSI installer during the update process, a video will release early May to touch base on this set-back.. (Resolved)

I Got A Rock: Four (New Hold-UP)

Can't seem to figure out the Updates issue, since I am not able to export the updates the traditional way.. Update: Figured that out by using the old WMIC commands, they really saved me, ended up exporting them to a CSV File and adding the update KB's to this website, that way if anyone is curious what something is, you can use the Microsoft Catalog site and the KB Number to pull back specifically what the update is. (Resolved)

I Got A Rock: Five (MICROSOFT REQUEST)

As this package deals with Windows updates, I reached out to Microsoft to request permissions to redistribute the update packages as part of a final Windows XP update package. Microsoft has indicated that I am not permitted to release the updates, and it violates the terms to include a script to pull the updates. As such this project is officially dead, feel free to reach out to Microsoft and let them know you are pissed, but i have no control over that unfortunately.You can recreate the project, by using the command logic included in this KB location, and can use WSUS to access your own updates.Unfortunately those are the breaks, I can still continue to work on Windows 11 as it does not contain updates, but this package is dead.The EULA from Microsoft XP is attached to a button above, feel free to read it, as nothing in it I can find indicates it's not legal to distribute Windows XP Updates, only that Windows Vista and newer fall in that realm.I have indicated that information and escalated the request, but as of now it is looking like this project is dead.(FAIL)

BIG WINS

Windows Updates (LIST)

COMPLETED

The Granite XP Package Includes over 1000 Windows updates for Windows XP From All versions in One easy to install Package

BIG WINS

Enabling POS For Later Update Support

[HKEYLOCALMACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001

Setting the SecEdit DB Location For Security

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit]
"LastUsedDatabase"="C:\WINDOWS\security\database\KB968930.sdb"
"TemplateUsed"="C:\WINDOWS\SECD5.tmp"
"EnvironmentVariables"=hex(7):25,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,\
25,00,00,00,25,00,55,00,73,00,65,00,72,00,50,00,72,00,6f,00,66,00,69,00,6c,\
00,65,00,25,00,00,00,25,00,41,00,6c,00,6c,00,55,00,73,00,65,00,72,00,73,00,\
50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,25,00,00,00,25,00,50,00,72,00,6f,\
00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,25,00,00,00,25,00,\
53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,00,00,25,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,00,65,00,25,00,\
00,00,25,00,54,00,65,00,6d,00,70,00,25,00,00,00,25,00,54,00,6d,00,70,00,25,\
00,00,00
"SetupCompDebugLevel"=dword:00000001
"DefaultTemplate"="C:\WINDOWS\inf\secrecs.inf"
"LastWinLogonConfig"=dword:5344fd3d

Setting Variables for Driver Signing

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Driver Signing/Policy]
"ValueType"=dword:00000003
"DisplayType"=dword:00000003
"DisplayName"="Devices: Unsigned driver installation behavior"
"DisplayChoices"=hex(7):30,00,7c,00,53,00,69,00,6c,00,65,00,6e,00,74,00,6c,00,\
79,00,20,00,73,00,75,00,63,00,63,00,65,00,65,00,64,00,20,00,00,00,31,00,7c,\
00,57,00,61,00,72,00,6e,00,20,00,62,00,75,00,74,00,20,00,61,00,6c,00,6c,00,\
6f,00,77,00,20,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,32,00,7c,00,44,00,6f,00,20,00,6e,00,6f,00,74,00,20,00,\
61,00,6c,00,6c,00,6f,00,77,00,20,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00

Disables Automatic Recovery

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Setup/RecoveryConsole/SecurityLevel]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Recovery console: Allow automatic administrative logon"

Disable Floppy Access to Drivers

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Setup/RecoveryConsole/SetCommand]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Recovery console: Allow floppy copy and access to all drives and all folders"

Restrict CD Access to Local Users Only

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateCDRoms]
"ValueType"=dword:00000001
"DisplayType"=dword:00000000
"DisplayName"="Devices: Restrict CD-ROM access to locally logged-on user only"

Define Only Admin Access to Eject Hardware

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateDASD]
"ValueType"=dword:00000001
"DisplayType"=dword:00000003
"DisplayName"="Devices: Allowed to format and eject removable media"
"DisplayChoices"=hex(7):30,00,7c,00,41,00,64,00,6d,00,69,00,6e,00,69,00,73,00,\
74,00,72,00,61,00,74,00,6f,00,72,00,73,00,00,00,31,00,7c,00,41,00,64,00,6d,\
00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,72,00,73,00,20,00,\
61,00,6e,00,64,00,20,00,50,00,6f,00,77,00,65,00,72,00,20,00,55,00,73,00,65,\
00,72,00,73,00,00,00,32,00,7c,00,41,00,64,00,6d,00,69,00,6e,00,69,00,73,00,\
74,00,72,00,61,00,74,00,6f,00,72,00,73,00,20,00,61,00,6e,00,64,00,20,00,49,\
00,6e,00,74,00,65,00,72,00,61,00,63,00,74,00,69,00,76,00,65,00,20,00,55,00,\
73,00,65,00,72,00,73,00,00,00,00,00

Local Admin Access Floppy Only

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateFloppies]
"ValueType"=dword:00000001
"DisplayType"=dword:00000000
"DisplayName"="Devices: Restrict floppy access to locally logged-on user only"

Cached Logons

SPECIAL NOTE: Since we don't have an active Domain Controller, Logons are not set to Cached, and not set to require a DC to work, as such this setting is an accepted Risk in workgroup Mode.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/CachedLogonsCount]
"ValueType"=dword:00000001
"DisplayType"=dword:00000001
"DisplayName"="Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
"DisplayUnit"="logons"

Cached Computer Accounts

SPECIAL NOTE: Since we don't have an active Domain Controller, Logons are not set to Cached, and not set to require a DC to work, as such this setting is an accepted Risk in workgroup Mode.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ForceUnlockLogon]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Interactive logon: Require Domain Controller authentication to unlock workstation"

Prompt Users to Change Passwords 4-Days In Advance

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/PasswordExpiryWarning]
"ValueType"=dword:00000004
"DisplayType"=dword:00000001
"DisplayName"="Interactive logon: Prompt user to change password before expiration"
"DisplayUnit"="days

Disable Smart Card Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ScRemoveOption]
"ValueType"=dword:00000001
"DisplayType"=dword:00000003
"DisplayName"="Interactive logon: Smart card removal behavior"
"DisplayChoices"=hex(7):30,00,7c,00,4e,00,6f,00,20,00,41,00,63,00,74,00,69,00,\
6f,00,6e,00,00,00,31,00,7c,00,4c,00,6f,00,63,00,6b,00,20,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,32,00,7c,00,46,00,\
6f,00,72,00,63,00,65,00,20,00,4c,00,6f,00,67,00,6f,00,66,00,66,00,00,00,00,\
00

Require Control+Alt+Del to Logon

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableCAD]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Interactive logon: Do not require CTRL+ALT+DEL"

Disable Display Last User Logon

Do Not Display Locked User Account Name

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Interactive logon: Display user information when the session is locked"
"DisplayChoices"=hex(7):31,00,7c,00,55,00,73,00,65,00,72,00,20,00,64,00,69,00,\
73,00,70,00,6c,00,61,00,79,00,20,00,6e,00,61,00,6d,00,65,00,2c,00,20,00,64,\
00,6f,00,6d,00,61,00,69,00,6e,00,20,00,61,00,6e,00,64,00,20,00,75,00,73,00,\
65,00,72,00,20,00,6e,00,61,00,6d,00,65,00,73,00,00,00,32,00,7c,00,55,00,73,\
00,65,00,72,00,20,00,64,00,69,00,73,00,70,00,6c,00,61,00,79,00,20,00,6e,00,\
61,00,6d,00,65,00,20,00,6f,00,6e,00,6c,00,79,00,00,00,33,00,7c,00,44,00,6f,\
00,20,00,6e,00,6f,00,74,00,20,00,64,00,69,00,73,00,70,00,6c,00,61,00,79,00,\
20,00,75,00,73,00,65,00,72,00,20,00,69,00,6e,00,66,00,6f,00,72,00,6d,00,61,\
00,74,00,69,00,6f,00,6e,00,00,00,00,00

Display Banner for Logon

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeCaption]
"ValueType"=dword:00000001
"DisplayType"=dword:00000002
"DisplayName"="Interactive logon: Message title for users attempting to log on"

Use Message Text for Logging on Users

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeText]
"ValueType"=dword:00000007
"DisplayType"=dword:00000004
"DisplayName"="Interactive logon: Message text for users attempting to log on"

Disable CAC Card Requirement

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ScForceOption]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Interactive logon: Require smart card"

Disable Shutdown without Logon

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ShutdownWithoutLogon]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Shutdown: Allow system to be shut down without having to log on"

Disable Undock without logon

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/UndockWithoutLogon]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Devices: Allow undock without having to log on"

Define Access to DCOM Users and Admins

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/SOFTWARE/policies/Microsoft/windows NT/DCOM/MachineAccessRestriction]
"ValueType"=dword:00000001
"DisplayType"=dword:00000002
"DisplayName"="DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax"

System Audit Event Configuration

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/AuditBaseObjects]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Audit: Audit the access of global system objects"

Shutdown System Immediately if Audit is disabled

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/CrashOnAuditFail]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Audit: Shut down system immediately if unable to log security audits"

Disable Domain Stored Credentials

SPECIAL NOTE: Since we don't have an active Domain Controller, Logons are set to disabled in Domain Passport Options, This would be enabled and Encrypted in a DC controlled system on Windows 10/11

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/DisableDomainCreds]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Network access: Do not allow storage of credentials or .NET Passports for network authentication"

Disable Allow Everyone Access to Shares

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/EveryoneIncludesAnonymous]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Network access: Let Everyone permissions apply to anonymous users"

Force FIPS 140-3 Encryption

SPECIAL NOTE: This was never an option in XP, and requries the Updates in the Configuration to work correctly. Failure to run updates will fail to secure this configuration.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"

Disable Windows Guest Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/ForceGuest]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Network access: Sharing and security model for local accounts"
"DisplayChoices"=hex(7):30,00,7c,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,\
20,00,2d,00,20,00,6c,00,6f,00,63,00,61,00,6c,00,20,00,75,00,73,00,65,00,72,\
00,73,00,20,00,61,00,75,00,74,00,68,00,65,00,6e,00,74,00,69,00,63,00,61,00,\
74,00,65,00,20,00,61,00,73,00,20,00,74,00,68,00,65,00,6d,00,73,00,65,00,6c,\
00,76,00,65,00,73,00,00,00,31,00,7c,00,47,00,75,00,65,00,73,00,74,00,20,00,\
6f,00,6e,00,6c,00,79,00,20,00,2d,00,20,00,6c,00,6f,00,63,00,61,00,6c,00,20,\
00,75,00,73,00,65,00,72,00,73,00,20,00,61,00,75,00,74,00,68,00,65,00,6e,00,\
74,00,69,00,63,00,61,00,74,00,65,00,20,00,61,00,73,00,20,00,47,00,75,00,65,\
00,73,00,74,00,00,00,00,00

Audit All Access to Shadow Copy Services

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/FullPrivilegeAuditing]
"ValueType"=dword:00000003
"DisplayType"=dword:00000000
"DisplayName"="Audit: Audit the use of Backup and Restore privilege"

Disable Blank Password Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/LimitBlankPasswordUse]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Accounts: Limit local account use of blank passwords to console logon only"

Set LANMAN Encryption Level to Windows 10

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/LmCompatibilityLevel]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Network security: LAN Manager authentication level"
"DisplayChoices"=hex(7):30,00,7c,00,53,00,65,00,6e,00,64,00,20,00,4c,00,4d,00,\
20,00,26,00,20,00,4e,00,54,00,4c,00,4d,00,20,00,72,00,65,00,73,00,70,00,6f,\
00,6e,00,73,00,65,00,73,00,00,00,31,00,7c,00,53,00,65,00,6e,00,64,00,20,00,\
4c,00,4d,00,20,00,26,00,20,00,4e,00,54,00,4c,00,4d,00,20,00,2d,00,20,00,75,\
00,73,00,65,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,00,20,00,73,00,65,00,\
73,00,73,00,69,00,6f,00,6e,00,20,00,73,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,69,00,66,00,20,00,6e,00,65,00,67,00,6f,00,74,00,69,00,61,00,\
74,00,65,00,64,00,00,00,32,00,7c,00,53,00,65,00,6e,00,64,00,20,00,4e,00,54,\
00,4c,00,4d,00,20,00,72,00,65,00,73,00,70,00,6f,00,6e,00,73,00,65,00,20,00,\
6f,00,6e,00,6c,00,79,00,00,00,33,00,7c,00,53,00,65,00,6e,00,64,00,20,00,4e,\
00,54,00,4c,00,4d,00,76,00,32,00,20,00,72,00,65,00,73,00,70,00,6f,00,6e,00,\
73,00,65,00,20,00,6f,00,6e,00,6c,00,79,00,00,00,34,00,7c,00,53,00,65,00,6e,\
00,64,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,00,20,00,72,00,65,00,73,00,\
70,00,6f,00,6e,00,73,00,65,00,20,00,6f,00,6e,00,6c,00,79,00,5c,00,72,00,65,\
00,66,00,75,00,73,00,65,00,20,00,4c,00,4d,00,00,00,35,00,7c,00,53,00,65,00,\
6e,00,64,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,00,20,00,72,00,65,00,73,\
00,70,00,6f,00,6e,00,73,00,65,00,20,00,6f,00,6e,00,6c,00,79,00,5c,00,72,00,\
65,00,66,00,75,00,73,00,65,00,20,00,4c,00,4d,00,20,00,26,00,20,00,4e,00,54,\
00,4c,00,4d,00,00,00,00,00

Set NTLM Security SSP Session

SPECIAL NOTE: Unfortunately this Key is Revoked by Microsoft As it was built under Windows 2019 Server. This is noted in the section above as a big issue, Uncertain if this will cause any other issues in the future.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinClientSec]
"ValueType"=dword:00000004
"DisplayType"=dword:00000005
"DisplayName"="Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"
"DisplayFlags"=hex(7):31,00,36,00,7c,00,52,00,65,00,71,00,75,00,69,00,72,00,65,\
00,20,00,6d,00,65,00,73,00,73,00,61,00,67,00,65,00,20,00,69,00,6e,00,74,00,\
65,00,67,00,72,00,69,00,74,00,79,00,00,00,33,00,32,00,7c,00,52,00,65,00,71,\
00,75,00,69,00,72,00,65,00,20,00,6d,00,65,00,73,00,73,00,61,00,67,00,65,00,\
20,00,63,00,6f,00,6e,00,66,00,69,00,64,00,65,00,6e,00,74,00,69,00,61,00,6c,\
00,69,00,74,00,79,00,00,00,35,00,32,00,34,00,32,00,38,00,38,00,7c,00,52,00,\
65,00,71,00,75,00,69,00,72,00,65,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,\
00,20,00,73,00,65,00,73,00,73,00,69,00,6f,00,6e,00,20,00,73,00,65,00,63,00,\
75,00,72,00,69,00,74,00,79,00,00,00,35,00,33,00,36,00,38,00,37,00,30,00,39,\
00,31,00,32,00,7c,00,52,00,65,00,71,00,75,00,69,00,72,00,65,00,20,00,31,00,\
32,00,38,00,2d,00,62,00,69,00,74,00,20,00,65,00,6e,00,63,00,72,00,79,00,70,\
00,74,00,69,00,6f,00,6e,00,00,00,00,00

Set NTLM Security SSP Session Minimum

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinServerSec]
"ValueType"=dword:00000004
"DisplayType"=dword:00000005
"DisplayName"="Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"
"DisplayFlags"=hex(7):31,00,36,00,7c,00,52,00,65,00,71,00,75,00,69,00,72,00,65,\
00,20,00,6d,00,65,00,73,00,73,00,61,00,67,00,65,00,20,00,69,00,6e,00,74,00,\
65,00,67,00,72,00,69,00,74,00,79,00,00,00,33,00,32,00,7c,00,52,00,65,00,71,\
00,75,00,69,00,72,00,65,00,20,00,6d,00,65,00,73,00,73,00,61,00,67,00,65,00,\
20,00,63,00,6f,00,6e,00,66,00,69,00,64,00,65,00,6e,00,74,00,69,00,61,00,6c,\
00,69,00,74,00,79,00,00,00,35,00,32,00,34,00,32,00,38,00,38,00,7c,00,52,00,\
65,00,71,00,75,00,69,00,72,00,65,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,\
00,20,00,73,00,65,00,73,00,73,00,69,00,6f,00,6e,00,20,00,73,00,65,00,63,00,\
75,00,72,00,69,00,74,00,79,00,00,00,35,00,33,00,36,00,38,00,37,00,30,00,39,\
00,31,00,32,00,7c,00,52,00,65,00,71,00,75,00,69,00,72,00,65,00,20,00,31,00,\
32,00,38,00,2d,00,62,00,69,00,74,00,20,00,65,00,6e,00,63,00,72,00,79,00,70,\
00,74,00,69,00,6f,00,6e,00,00,00,00,00

Set Default System Owner to Administrators Accounts

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/NoDefaultAdminOwner]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="System objects: Default owner for objects created by members of the Administrators group"
"DisplayChoices"=hex(7):30,00,7c,00,41,00,64,00,6d,00,69,00,6e,00,69,00,73,00,\
74,00,72,00,61,00,74,00,6f,00,72,00,73,00,20,00,67,00,72,00,6f,00,75,00,70,\
00,00,00,31,00,7c,00,4f,00,62,00,6a,00,65,00,63,00,74,00,20,00,63,00,72,00,\
65,00,61,00,74,00,6f,00,72,00,00,00,00,00

Do not store UnEncrypted Passwords in Password Manager

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/NoLMHash]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Network security: Do not store LAN Manager hash value on next password change"

Do not allow Anonymous enumeration of SAM Accounts and Shares

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymous]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Network access: Do not allow anonymous enumeration of SAM accounts and shares"

Allow Server Operators to Modify Scheduled Tasks

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/SubmitControl]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain controller: Allow server operators to schedule tasks"

Allow Authenticated Users to Install Print Drivers (Print Nightmare Fix)

SPECIAL NOTE: While this fix may work on 10/11 It likely will not work on XP, but is required for the NESSUS Scanner

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Devices: Prevent users from installing printer drivers"

Secure and Encrypt System Shares

SPECIAL NOTE: WARNING!!! IF this System was added back to a domain, you need the STIG Fix for Hardened Security Path to access Domain Shares after this fix.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/SecurePipeServers/Winreg/AllowedPaths/Machine]
"ValueType"=dword:00000007
"DisplayType"=dword:00000004
"DisplayName"="Network access: Remotely accessible registry paths"

Forces Case Sensitive Access when Integrating UNIX/LINUX systems

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Session Manager/Kernel/ObCaseInsensitive]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="System objects: Require case insensitivity for non-Windows subsystems"

Do Not Clear System Page File on Boot

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Session Manager/Memory Management/ClearPageFileAtShutdown]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Shutdown: Clear virtual memory pagefile"

Force AES 265 Encryption on System Internal Objects

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Session Manager/ProtectionMode]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)"

Set Idle Lockout Time

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/AutoDisconnect]
"ValueType"=dword:00000004
"DisplayType"=dword:00000001
"DisplayName"="Microsoft network server: Amount of idle time required before suspending session"
"DisplayUnit"="minutes"

Set User Idle timeout action

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableForcedLogOff]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network server: Disconnect clients when logon hours expire"

Force Digital Signature on Communication

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableSecuritySignature]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network server: Digitally sign communications (if client agrees)"

Disable Anonymous Network Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionPipes]
"ValueType"=dword:00000007
"DisplayType"=dword:00000004
"DisplayName"="Network access: Named Pipes that can be accessed anonymously"

Disable Anonymous Share Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionShares]
"ValueType"=dword:00000007
"DisplayType"=dword:00000004
"DisplayName"="Network access: Shares that can be accessed anonymously"

Only Allow Signed Share Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RequireSecuritySignature]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network server: Digitally sign communications (always)"

Do Not Allow UnEncrypted Passwords on the network

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnablePlainTextPassword]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network client: Send unencrypted password to third-party SMB servers"

Do Not Allow Client to Disable Encrypted Communication

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnableSecuritySignature]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network client: Digitally sign communications (if server agrees)"

Require All LDAP Communication be Encrypted

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LDAP/LDAPClientIntegrity]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Network security: LDAP client signing requirements"
"DisplayChoices"=hex(7):30,00,7c,00,4e,00,6f,00,6e,00,65,00,00,00,31,00,7c,00,\
4e,00,65,00,67,00,6f,00,74,00,69,00,61,00,74,00,65,00,20,00,73,00,69,00,67,\
00,6e,00,69,00,6e,00,67,00,00,00,32,00,7c,00,52,00,65,00,71,00,75,00,69,00,\
72,00,65,00,20,00,73,00,69,00,67,00,6e,00,69,00,6e,00,67,00,00,00,00,00

Require Passwords be 8 Characters Minimum and meet Compliance Standards of NIST

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/DisablePasswordChange]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Disable machine account password changes"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/MaximumPasswordAge]
"ValueType"=dword:00000004
"DisplayType"=dword:00000001
"DisplayName"="Domain member: Maximum machine account password age"
"DisplayUnit"="days"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RefusePasswordChange]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain controller: Refuse machine account password changes"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireSignOrSeal]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Digitally encrypt or sign secure channel data (always)"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Require strong (Windows 2000 or later) session key"

Force Secure Signing of Channel Data Required

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SealSecureChannel]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Digitally encrypt secure channel data (when possible)"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SignSecureChannel]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Digitally sign secure channel data (when possible)"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/NTDS/Parameters/LDAPServerIntegrity]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Domain controller: LDAP server signing requirements"
"DisplayChoices"=hex(7):31,00,7c,00,4e,00,6f,00,6e,00,65,00,00,00,32,00,7c,00,\
52,00,65,00,71,00,75,00,69,00,72,00,65,00,20,00,73,00,69,00,67,00,6e,00,69,\
00,6e,00,67,00,00,00,00,00

Force Google Chrome TLS 1.2 SSL 3.0

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN THIS VERSION OF CHROME, THIS REQUIRES ADDITIONAL SOFTWARE

[HKEYLOCALMACHINE\SOFTWARE\Policies\Google\Chrome]
"RemoteAccessHostFirewallTraversal"=dword:00000000
"DefaultPopupsSetting"=dword:00000002
"DefaultGeolocationSetting"=dword:00000002
"DefaultSearchProviderName"="Google Encrypted"
"DefaultSearchProviderEnabled"=dword:00000001
"PasswordManagerEnabled"=dword:00000000
"BackgroundModeEnabled"=dword:00000000
"SyncDisabled"=dword:00000001
"CloudPrintProxyEnabled"=dword:00000000
"MetricsReportingEnabled"=dword:00000000
"SearchSuggestEnabled"=dword:00000000
"ImportSavedPasswords"=dword:00000000
"IncognitoModeAvailability"=dword:00000001
"SavingBrowserHistoryDisabled"=dword:00000000
"AllowDeletingBrowserHistory"=dword:00000000
"PromptForDownloadLocation"=dword:00000001
"AutoplayAllowed"=dword:00000000
"SafeBrowsingExtendedReportingEnabled"=dword:00000000
"DefaultWebUsbGuardSetting"=dword:00000002
"ChromeCleanupEnabled"=dword:00000000
"ChromeCleanupReportingEnabled"=dword:00000000
"EnableMediaRouter"=dword:00000000
"UrlKeyedAnonymizedDataCollectionEnabled"=dword:00000000
"WebRtcEventLogCollectionAllowed"=dword:00000000
"NetworkPredictionOptions"=dword:00000002
"DeveloperToolsAvailability"=dword:00000002
"BrowserGuestModeEnabled"=dword:00000000
"AutofillCreditCardEnabled"=dword:00000000
"AutofillAddressEnabled"=dword:00000000
"ImportAutofillFormData"=dword:00000000
"SafeBrowsingProtectionLevel"=dword:00000001
"DefaultSearchProviderSearchURL"="https://www.google.com/search?q={searchTerms}"
"DownloadRestrictions"=dword:00000001
"DefaultWebBluetoothGuardSetting"=dword:00000002
"QuicAllowed"=dword:00000000
"EnableOnlineRevocationChecks"=dword:00000001
"SSLVersionMin"="tls1.2"

Windows 10 IE Standards

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel]
"History"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Download]
"RunInvalidSignatures"=dword:00000000
"CheckExeSignatures"="yes"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds]
"DisableEnclosureDownload"=dword:00000001
"AllowBasicAuthInClear"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\IEDevTools]
"Disabled"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"NotifyDisableIEOptions"=dword:00000000
"DisableEPMCompat"=dword:00000001
"Isolation64Bit"=dword:00000001
"Isolation"="PMEM"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREDISABLEMKPROTOCOL]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREMIMEHANDLING]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREMIMESNIFFING]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURERESTRICTACTIVEXINSTALL]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURERESTRICTFILEDOWNLOAD]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURESECURITYBAND]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREWINDOWRESTRICTIONS]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREZONEELEVATION]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter]
"PreventOverride"=dword:00000001
"PreventOverrideAppRepUnknown"=dword:00000001
"EnabledV9"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy]
"ClearBrowsingHistoryOnExit"=dword:00000000
"CleanHistory"=dword:00000000
"EnableInPrivateBrowsing"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions]
"NoCrashDetection"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security]
"DisableSecuritySettingsCheck"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\ActiveX]
"BlockNonAdminActiveXInstall"=dword:00000001

Windows 10 MS EDGE Standards

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN THIS VERSION OF EDGE.

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings]
"PreventCertErrorOverrides"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main]
"FormSuggest Passwords"="no"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter]
"PreventOverrideAppRepUnknown"=dword:00000001

Set Hardware Sleep Timers

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Power][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51]
"DCSettingIndex"=dword:00000001
"ACSettingIndex"=dword:00000001

Set Internet Options and Internet Settings

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"Securityzonesmapedit"=dword:00000001
"Securityoptionsedit"=dword:00000001
"SecurityHKLMonly"=dword:00000001
"PreventIgnoreCertErrors"=dword:00000001
"CertificateRevocation"=dword:00000001
"WarnOnBadCertRecving"=dword:00000001
"EnableSSL3Fallback"=dword:00000000
"SecureProtocols"=dword:00000800[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones\0]
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones\1]
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones\2]
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones\4]
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
"DaysToKeep"=dword:00000028[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"270C"=dword:00000000
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"270C"=dword:00000000
"1201"=dword:00000003
"1C00"=dword:00010000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"270C"=dword:00000000
"1201"=dword:00000003
"1C00"=dword:00010000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1406"=dword:00000003
"1407"=dword:00000003
"1802"=dword:00000003
"2402"=dword:00000003
"120b"=dword:00000003
"120c"=dword:00000003
"1206"=dword:00000003
"2102"=dword:00000003
"1209"=dword:00000003
"2103"=dword:00000003
"2200"=dword:00000003
"270C"=dword:00000000
"1001"=dword:00000003
"1004"=dword:00000003
"2709"=dword:00000003
"2708"=dword:00000003
"160A"=dword:00000003
"1201"=dword:00000003
"1C00"=dword:00000000
"1804"=dword:00000003
"1A00"=dword:00010000
"1607"=dword:00000003
"2004"=dword:00000003
"2001"=dword:00000003
"1806"=dword:00000001
"1409"=dword:00000000
"2500"=dword:00000000
"2301"=dword:00000000
"1809"=dword:00000000
"1606"=dword:00000003
"2101"=dword:00000003
"140C"=dword:00000003[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"1406"=dword:00000003
"1400"=dword:00000003
"2000"=dword:00000003
"1407"=dword:00000003
"1802"=dword:00000003
"1803"=dword:00000003
"2402"=dword:00000003
"1608"=dword:00000003
"120b"=dword:00000003
"120c"=dword:00000003
"1206"=dword:00000003
"2102"=dword:00000003
"1209"=dword:00000003
"2103"=dword:00000003
"2200"=dword:00000003
"270C"=dword:00000000
"1001"=dword:00000003
"1004"=dword:00000003
"2709"=dword:00000003
"2708"=dword:00000003
"160A"=dword:00000003
"1201"=dword:00000003
"1C00"=dword:00000000
"1804"=dword:00000003
"1A00"=dword:00030000
"1607"=dword:00000003
"2004"=dword:00000003
"1200"=dword:00000003
"1405"=dword:00000003
"1402"=dword:00000003
"1806"=dword:00000003
"1409"=dword:00000000
"2500"=dword:00000000
"2301"=dword:00000000
"1809"=dword:00000000
"1606"=dword:00000003
"2101"=dword:00000003
"2001"=dword:00000003
"140C"=dword:00000003

Set Windows 10 IPSec Security policy Variables

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecFilter"
"description"="Matches all ICMP packets between this computer and any other computer."
"name"="ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
"ipsecName"="All ICMP Traffic"
"ipsecID"="{72385235-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b5,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,52,00,00,00,01,\
00,00,00,02,00,00,00,00,00,02,00,00,00,00,00,0a,00,00,00,49,00,43,00,4d,00,\
50,00,00,00,e0,0e,bc,51,00,8b,06,46,8f,03,6d,3b,4c,45,5e,ff,01,00,00,00,00,\
00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,4e,00,46,00,41,00,7b,00,39,00,37,00,39,00,62,00,39,00,61,00,39,\
00,34,00,2d,00,31,00,37,00,62,00,62,00,2d,00,34,00,31,00,34,00,39,00,2d,00,\
61,00,64,00,36,00,62,00,2d,00,64,00,38,00,64,00,34,00,64,00,31,00,32,00,62,\
00,33,00,64,00,66,00,61,00,7d,00,00,00,53,00,4f,00,46,00,54,00,57,00,41,00,\
52,00,45,00,5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,\
64,00,6f,00,77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,\
00,6c,00,69,00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,\
70,00,73,00,65,00,63,00,4e,00,46,00,41,00,7b,00,61,00,34,00,61,00,61,00,31,\
00,36,00,34,00,30,00,2d,00,31,00,63,00,66,00,64,00,2d,00,34,00,63,00,30,00,\
35,00,2d,00,38,00,34,00,64,00,37,00,2d,00,36,00,33,00,39,00,34,00,64,00,38,\
00,32,00,30,00,62,00,36,00,38,00,38,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecFilter"
"description"="Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE)."
"name"="ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
"ipsecName"="All IP Traffic"
"ipsecID"="{7238523a-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b5,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,4a,00,00,00,01,\
00,00,00,02,00,00,00,00,00,02,00,00,00,00,00,02,00,00,00,00,00,10,4f,8e,d5,\
ca,d5,cc,42,82,d6,af,d5,f8,d3,e8,1b,01,00,00,00,00,00,00,00,ff,ff,ff,ff,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,4e,00,46,00,41,00,7b,00,37,00,30,00,33,00,61,00,30,00,66,00,63,\
00,62,00,2d,00,62,00,35,00,65,00,39,00,2d,00,34,00,32,00,34,00,37,00,2d,00,\
39,00,32,00,65,00,65,00,2d,00,32,00,32,00,30,00,64,00,33,00,38,00,37,00,64,\
00,31,00,30,00,33,00,30,00,7d,00,00,00,53,00,4f,00,46,00,54,00,57,00,41,00,\
52,00,45,00,5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,\
64,00,6f,00,77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,\
00,6c,00,69,00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,\
70,00,73,00,65,00,63,00,4e,00,46,00,41,00,7b,00,38,00,38,00,31,00,38,00,31,\
00,36,00,62,00,39,00,2d,00,35,00,33,00,64,00,30,00,2d,00,34,00,61,00,64,00,\
61,00,2d,00,62,00,33,00,39,00,63,00,2d,00,62,00,34,00,30,00,65,00,39,00,35,\
00,37,00,64,00,34,00,34,00,33,00,37,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385231-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b8,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,40,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,\
00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,80,70,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,50,00,6f,00,6c,00,69,00,63,00,79,00,7b,00,37,00,32,00,33,00,38,\
00,35,00,32,00,33,00,30,00,2d,00,37,00,30,00,66,00,61,00,2d,00,31,00,31,00,\
64,00,31,00,2d,00,38,00,36,00,34,00,63,00,2d,00,31,00,34,00,61,00,33,00,30,\
00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385234-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b8,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,40,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,\
00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,80,70,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385237-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b8,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,40,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,\
00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,80,70,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,50,00,6f,00,6c,00,69,00,63,00,79,00,7b,00,37,00,32,00,33,00,38,\
00,35,00,32,00,33,00,36,00,2d,00,37,00,30,00,66,00,61,00,2d,00,31,00,31,00,\
64,00,31,00,2d,00,38,00,36,00,34,00,63,00,2d,00,31,00,34,00,61,00,33,00,30,\
00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523d-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b8,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,40,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,\
00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,80,70,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,50,00,6f,00,6c,00,69,00,63,00,79,00,7b,00,37,00,32,00,33,00,38,\
00,35,00,32,00,33,00,63,00,2d,00,37,00,30,00,66,00,61,00,2d,00,31,00,31,00,\
64,00,31,00,2d,00,38,00,36,00,34,00,63,00,2d,00,31,00,34,00,61,00,33,00,30,\
00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{582b2f50-c50e-4fc4-a1ed-e12d52b6f308}]
"ClassName"="ipsecNegotiationPolicy"
"name"="ipsecNegotiationPolicy{582b2f50-c50e-4fc4-a1ed-e12d52b6f308}"
"ipsecID"="{582b2f50-c50e-4fc4-a1ed-e12d52b6f308}"
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b9,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,e4,01,00,00,06,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,03,00,\
00,00,02,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,02,00,00,00,00,00,00,\
00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,\
00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,4e,00,46,00,41,00,7b,00,35,00,38,00,64,00,35,00,63,00,38,00,64,\
00,62,00,2d,00,34,00,33,00,35,00,35,00,2d,00,34,00,32,00,61,00,65,00,2d,00,\
61,00,33,00,32,00,65,00,2d,00,35,00,38,00,31,00,36,00,33,00,30,00,36,00,32,\
00,39,00,34,00,63,00,61,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecNegotiationPolicy"
"description"="Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request."
"name"="ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}"
"ipsecName"="Request Security (Optional)"
"ipsecID"="{72385233-70fa-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyAction"="{3f91a81a-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b9,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,94,01,00,00,05,\
00,00,00,84,03,00,00,a0,86,01,00,00,00,00,00,00,00,00,00,01,00,00,00,03,00,\
00,00,02,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,84,03,00,00,a0,86,01,00,00,00,00,00,00,00,00,00,01,\
00,00,00,01,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,2c,01,00,00,a0,86,01,0

Set Windows 10 Network Security Variables

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection]
"DeviceEnumerationPolicy"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation]
"AllowInsecureGuestAuth"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\NetCache][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NCShowSharedAccessUI"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider][HKEYLOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\SYSVOL"="RequireMutualAuthentication=1,RequireIntegrity=1"
"\\\NETLOGON"="RequireMutualAuthentication=1,RequireIntegrity=1"

Disable Lock Screen Camera and Slide-Show

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization]
"NoLockScreenCamera"=dword:00000001
"NoLockScreenSlideshow"=dword:00000001

Lock Down Powershell Commands

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN THIS VERSION OF POWERSHELL THIS COMMAND IS STRICTLY FOR NESSUS

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging]
"EnableScriptBlockLogging"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription]
"EnableTranscripting"=dword:00000001
"OutputDirectory"="C:\ProgramData\PS_Transcript"

Set Known Software Restriction Policies (Windows 11)

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN THIS VERSION OF CODEIDENTIFIERS POLICY SETTINGS, THESE UPDATES WILL NOT OFFICIALLY WORK

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"ExecutableTypes"=hex(7):41,00,44,00,45,00,00,00,41,00,44,00,50,00,00,00,42,00,\
41,00,53,00,00,00,42,00,41,00,54,00,00,00,43,00,48,00,4d,00,00,00,43,00,4d,\
00,44,00,00,00,43,00,4f,00,4d,00,00,00,43,00,50,00,4c,00,00,00,43,00,52,00,\
54,00,00,00,45,00,58,00,45,00,00,00,48,00,4c,00,50,00,00,00,48,00,54,00,41,\
00,00,00,49,00,4e,00,46,00,00,00,49,00,4e,00,53,00,00,00,49,00,53,00,50,00,\
00,00,4c,00,4e,00,4b,00,00,00,4d,00,44,00,42,00,00,00,4d,00,44,00,45,00,00,\
00,4d,00,53,00,43,00,00,00,4d,00,53,00,49,00,00,00,4d,00,53,00,50,00,00,00,\
4d,00,53,00,54,00,00,00,4f,00,43,00,58,00,00,00,50,00,43,00,44,00,00,00,50,\
00,49,00,46,00,00,00,52,00,45,00,47,00,00,00,53,00,43,00,52,00,00,00,53,00,\
48,00,53,00,00,00,55,00,52,00,4c,00,00,00,56,00,42,00,00,00,57,00,53,00,43,\
00,00,00,00,00
"TransparentEnabled"=dword:00000001
"DefaultLevel"=dword:00040000
"AuthenticodeEnabled"=dword:00000000
"PolicyScope"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}]
"Description"="Stop the download of this file"
"FriendlyName"="Mdac11.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:5e,ab,30,4f,95,7a,49,89,6a,00,6c,1c,31,15,40,15
"LastModified"=hex(b):85,c4,34,dc,19,a2,c2,01
"ItemSize"=hex(b):0b,03,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}]
"Description"="Stop the download of this file"
"FriendlyName"="mdac20.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:67,b0,d4,8b,34,3a,3f,d3,bc,e9,dc,64,67,04,f3,94
"LastModified"=hex(b):03,8a,39,dc,19,a2,c2,01
"ItemSize"=hex(b):05,02,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}]
"Description"="Stop the download of this file"
"FriendlyName"="mdac20a.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:32,78,02,dc,fe,f8,c8,93,dc,8a,b0,06,dd,84,7d,1d
"LastModified"=hex(b):be,77,45,dc,19,a2,c2,01
"ItemSize"=hex(b):96,03,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}]
"Description"="Stop the download of this file"
"FriendlyName"="msadc10.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:bd,9a,2a,db,42,eb,d8,56,0e,25,0e,4d,f8,16,2f,67
"LastModified"=hex(b):81,4f,3e,dc,19,a2,c2,01
"ItemSize"=hex(b):e5,00,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}]
"Description"="Stop the download of this file"
"FriendlyName"="msadc11.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:38,6b,08,5f,84,ec,f6,69,d3,6b,95,6a,22,c0,1e,80
"LastModified"=hex(b):40,b2,40,dc,19,a2,c2,01
"ItemSize"=hex(b):72,01,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths{dda3f824-d8cb-441b-834d-be2efd2c1a33}]
"Description"=""
"SaferFlags"=dword:00000000
"ItemData"=hex(2):25,00,48,00,4b,00,45,00,59,00,5f,00,43,00,55,00,52,00,52,00,\
45,00,4e,00,54,00,5f,00,55,00,53,00,45,00,52,00,5c,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,43,00,75,\
00,72,00,72,00,65,00,6e,00,74,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,\
5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,53,00,68,00,65,\
00,6c,00,6c,00,20,00,46,00,6f,00,6c,00,64,00,65,00,72,00,73,00,5c,00,43,00,\
61,00,63,00,68,00,65,00,25,00,4f,00,4c,00,4b,00,2a,00,00,00
"LastModified"=hex(b):de,ce,61,cf,d2,86,da,01

Enable Smart Screen Settings for Windows XP (Windows 11)

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN SMART SCREEN VARIABLES LIKE THIS. THIS CHANGE CUSTOMIZES THE SECURITY SETTINGS ON XP

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"DontDisplayNetworkSelectionUI"=dword:00000001
"EnumerateLocalUsers"=dword:00000000
"EnableSmartScreen"=dword:00000001
"ShellSmartScreenLevel"="Block"
"AllowDomainPINLogon"=dword:00000000
"EnableLogonOptimization"=dword:00000001
"SyncModeSlowLinkThreshold"=dword:000001f4
"SyncModeNoDCThreshold"=dword:00001388

Secure Windows RDS Services (TERMINAL SERVICES)

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"fDisableAutoReconnect"=dword:00000001
"fDenyTSConnections"=dword:00000000
"fDisableForcibleLogoff"=dword:00000001
"KeepAliveEnable"=dword:00000000
"MaxInstanceCount"=dword:00000001
"SelectTransport"=dword:00000001
"fSingleSessionPerUser"=dword:00000001
"fAllowUnlistedRemotePrograms"=dword:00000000
"SecurityLayer"=dword:00000000
"UserAuthentication"=dword:00000001
"fAllowToGetHelp"=dword:00000000
"DisablePasswordSaving"=dword:00000001
"fDisableCdm"=dword:00000001
"fPromptForPassword"=dword:00000001
"fEncryptRPCTraffic"=dword:00000001
"MinEncryptionLevel"=dword:00000003[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\AllUserInstallAgent]
"LogonWaitForPackageRegistration"=dword:00000000

Secure Windows Firewall

SPECIAL NOTE: For Obvious Reasons, we can't secure Firewall settings for your home network, however they are configured through SecEdit to match basic requirements.

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion"=dword:0000021d[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000001
"DefaultOutboundAction"=dword:00000000
"DefaultInboundAction"=dword:00000001
"DisableNotifications"=dword:00000000
"AllowLocalPolicyMerge"=dword:00000001
"AllowLocalIPsecPolicyMerge"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"{30B550DB-C4B8-4A44-A383-D1C7ED13AAE2}"="v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=43389|Name=AllowCustomRDP|"
"{0B7F479C-F8C6-4850-A763-1C2C9B1FE520}"="v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=6|LPort=3389|Name=DenyDefaultRDP|"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall"=dword:00000001
"DefaultOutboundAction"=dword:00000000
"DefaultInboundAction"=dword:00000001
"DisableNotifications"=dword:00000000
"AllowLocalPolicyMerge"=dword:00000001
"AllowLocalIPsecPolicyMerge"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall"=dword:00000001
"DefaultOutboundAction"=dword:00000000
"DefaultInboundAction"=dword:00000001
"DisableNotifications"=dword:00000000
"AllowLocalPolicyMerge"=dword:00000001
"AllowLocalIPsecPolicyMerge"=dword:00000001

Locking Down Firefox Configurations

[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla][HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox]
"SSLVersionMin"="tls1.2"
"ExtensionUpdate"=dword:00000000
"DisableFormHistory"=dword:00000001
"PasswordManagerEnabled"=dword:00000000
"DisableTelemetry"=dword:00000001
"DisableDeveloperTools"=dword:00000001
"DisableForgetButton"=dword:00000001
"DisablePrivateBrowsing"=dword:00000001
"SearchSuggestEnabled"=dword:00000000
"NetworkPrediction"=dword:00000000
"DisableFirefoxAccounts"=dword:00000001
"DisableFeedbackCommands"=dword:00000001
"Preferences"=hex(7):7b,00,00,00,20,00,20,00,22,00,73,00,65,00,63,00,75,00,72,\
00,69,00,74,00,79,00,2e,00,64,00,65,00,66,00,61,00,75,00,6c,00,74,00,5f,00,\
70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,5f,00,63,00,65,00,72,00,74,\
00,22,00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,56,00,61,00,\
6c,00,75,00,65,00,22,00,3a,00,20,00,22,00,41,00,73,00,6b,00,20,00,45,00,76,\
00,65,00,72,00,79,00,20,00,54,00,69,00,6d,00,65,00,22,00,2c,00,00,00,20,00,\
20,00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,22,00,3a,00,20,\
00,22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,00,20,00,7d,00,\
2c,00,00,00,20,00,20,00,22,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,2e,\
00,73,00,65,00,61,00,72,00,63,00,68,00,2e,00,75,00,70,00,64,00,61,00,74,00,\
65,00,22,00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,56,00,61,\
00,6c,00,75,00,65,00,22,00,3a,00,20,00,66,00,61,00,6c,00,73,00,65,00,2c,00,\
00,00,20,00,20,00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,22,\
00,3a,00,20,00,22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,00,\
20,00,7d,00,2c,00,00,00,20,00,20,00,22,00,64,00,6f,00,6d,00,2e,00,64,00,69,\
00,73,00,61,00,62,00,6c,00,65,00,5f,00,77,00,69,00,6e,00,64,00,6f,00,77,00,\
5f,00,6d,00,6f,00,76,00,65,00,5f,00,72,00,65,00,73,00,69,00,7a,00,65,00,22,\
00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,56,00,61,00,6c,00,\
75,00,65,00,22,00,3a,00,20,00,74,00,72,00,75,00,65,00,2c,00,00,00,20,00,20,\
00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,22,00,3a,00,20,00,\
22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,00,20,00,7d,00,2c,\
00,00,00,20,00,20,00,22,00,64,00,6f,00,6d,00,2e,00,64,00,69,00,73,00,61,00,\
62,00,6c,00,65,00,5f,00,77,00,69,00,6e,00,64,00,6f,00,77,00,5f,00,66,00,6c,\
00,69,00,70,00,22,00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,\
56,00,61,00,6c,00,75,00,65,00,22,00,3a,00,20,00,74,00,72,00,75,00,65,00,2c,\
00,00,00,20,00,20,00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,\
22,00,3a,00,20,00,22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,\
00,20,00,7d,00,2c,00,00,00,20,00,20,00,20,00,22,00,62,00,72,00,6f,00,77,00,\
73,00,65,00,72,00,2e,00,63,00,6f,00,6e,00,74,00,65,00,6e,00,74,00,62,00,6c,\
00,6f,00,63,00,6b,00,69,00,6e,00,67,00,2e,00,63,00,61,00,74,00,65,00,67,00,\
6f,00,72,00,79,00,22,00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,\
00,56,00,61,00,6c,00,75,00,65,00,22,00,3a,00,20,00,22,00,73,00,74,00,72,00,\
69,00,63,00,74,00,22,00,2c,00,00,00,20,00,20,00,20,00,20,00,22,00,53,00,74,\
00,61,00,74,00,75,00,73,00,22,00,3a,00,20,00,22,00,6c,00,6f,00,63,00,6b,00,\
65,00,64,00,22,00,00,00,20,00,20,00,7d,00,2c,00,00,00,20,00,20,00,22,00,65,\
00,78,00,74,00,65,00,6e,00,73,00,69,00,6f,00,6e,00,73,00,2e,00,68,00,74,00,\
6d,00,6c,00,61,00,62,00,6f,00,75,00,74,00,61,00,64,00,64,00,6f,00,6e,00,73,\
00,2e,00,72,00,65,00,63,00,6f,00,6d,00,6d,00,65,00,6e,00,64,00,61,00,74,00,\
69,00,6f,00,6e,00,73,00,2e,00,65,00,6e,00,61,00,62,00,6c,00,65,00,64,00,22,\
00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,56,00,61,00,6c,00,\
75,00,65,00,22,00,3a,00,20,00,66,00,61,00,6c,00,73,00,65,00,2c,00,00,00,20,\
00,20,00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,22,00,3a,00,\
20,00,22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,00,20,00,7d,\
00,00,00,7d,00,00,00,00,00
"DisablePocket"=dword:00000001
"DisableFirefoxStudies"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\Certificates]
"ImportEnterpriseRoots"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\DisabledCiphers]
"TLSRSAWITH3DESEDECBCSHA"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\EnableTrackingProtection]
"Fingerprinting"=dword:00000001
"Cryptomining"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\EncryptedMediaExtensions]
"Enabled"=dword:00000000
"Locked"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\FirefoxHome]
"Search"=dword:00000000
"TopSites"=dword:00000000
"SponsoredTopSites"=dword:00000000
"Highlights"=dword:00000000
"Pocket"=dword:00000000
"SponsoredPocket"=dword:00000000
"Snippets"=dword:00000000
"Locked"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\InstallAddonsPermission]
"Default"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\Permissions][HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\Permissions\Autoplay]
"Default"="block-audio-video"[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\PopupBlocking]
"Default"=dword:00000001
"Locked"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\PopupBlocking\Allow]
"1"=".mil"
"2"=".gov"[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\SanitizeOnShutdown]
"Cache"=dword:00000000
"Cookies"=dword:00000000
"Downloads"=dword:00000000
"FormData"=dword:00000000
"History"=dword:00000000
"Sessions"=dword:00000000
"SiteSettings"=dword:00000000
"OfflineApps"=dword:00000000
"Locked"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\UserMessaging]
"ExtensionRecommendations"=dword:00000000

Disable Remote Registry Anonymous access

[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Description"="Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start."
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"DisplayName"="Remote Registry"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"ObjectName"="NT AUTHORITY\LocalService"
"Group"=""
"Start"=dword:00000004
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\
00,01,00,00,00,e8,03,00,00
"DependOnGroup"=hex(7):00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,65,00,67,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum]
"0"="Root\LEGACY_REMOTEREGISTRY\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Disable MIcrosoft Remote Access Help on XP

[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Routing and Remote Access"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,53,00,00,00,00,00
"DependOnGroup"=hex(7):4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="Offers routing services to businesses in local area and wide area network environments."
@=""[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers]
"ActiveProvider"="{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"="{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}"
"DisplayName"="RADIUS Accounting"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,72,00,61,00,64,00,2e,00,64,00,6c,00,6c,00,00,00
"ProviderTypeGUID"="{76560D80-2BFD-11d2-9539-3078302C2030}"
"VendorName"="Microsoft"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"=""
"DisplayName"="Windows Accounting"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00
"ProviderTypeGUID"="{76560D81-2BFD-11d2-9539-3078302C2030}"
"VendorName"="Microsoft"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers]
"ActiveProvider"="{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"="{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}"
"DisplayName"="RADIUS Authentication"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,72,00,61,00,64,00,2e,00,64,00,6c,00,6c,00,00,00
"VendorName"="Microsoft"
"ProviderTypeGUID"="{76560D00-2BFD-11d2-9539-3078302C2030}"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"=""
"DisplayName"="Windows Authentication"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00
"VendorName"="Microsoft"
"ProviderTypeGUID"="{76560D01-2BFD-11d2-9539-3078302C2030}"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\DemandDialManager]
"DllPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,\
00,70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces]
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0]
"InterfaceName"="Loopback"
"Type"=dword:00000005
"Enabled"=dword:00000001
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1]
"InterfaceName"="Internal"
"Type"=dword:00000004
"Enabled"=dword:00000001
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2]
"InterfaceName"="{029DC097-8FC0-475C-BEB2-112AEB62D7A0}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters]
"RouterType"=dword:00000001
"ServerFlags"=dword:00002702
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6d,00,70,00,72,00,64,00,69,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AppleTalk]
"EnableIn"=dword:00000001[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ip]
"AllowClientIpAddresses"=dword:00000000
"AllowNetworkAccess"=dword:00000001
"EnableIn"=dword:00000001
"IpAddress"="0.0.0.0"
"IpMask"="0.0.0.0"
"UseDhcpAddressing"=dword:00000001[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ipx]
"EnableIn"=dword:00000001
"AcceptRemoteNodeNumber"=dword:00000001
"AllowNetworkAccess"=dword:00000001
"AutoWanNetAllocation"=dword:00000001
"FirstWanNet"=dword:00000000
"GlobalWanNet"=dword:00000001
"LastWanNet"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Nbf]
"EnableIn"=dword:00000001
"AllowNetworkAccess"=dword:00000001[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]
"Open"="OpenRasPerformanceData"
"Close"="CloseRasPerformanceData"
"Collect"="CollectRasPerformanceData"
"Library"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,\
00,61,00,73,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"Last Counter"=dword:00000804
"Last Help"=dword:00000805
"First Counter"=dword:000007de
"First Help"=dword:000007df
"WbemAdapFileSignature"=hex:b0,b0,d7,90,5a,c7,1b,c2,78,f1,7f,45,5e,18,26,11
"WbemAdapFileTime"=hex:00,a0,a1,10,27,9e,c8,01
"WbemAdapFileSize"=dword:00002e00
"WbemAdapStatus"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy]
"ProductDir"="C:\WINDOWS\system32\IAS"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\01]
@="IAS.ProxyPolicyEnforcer"
"Requests"="0 1 2"
"Responses"="0 1 2 3 4"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\02]
@="IAS.NTSamNames"
"Providers"="1"
"Requests"="0"
"Responses"="0 1 3"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\03]
@="IAS.BaseCampHost"
"Requests"="0 1"
"Responses"="0 1 2 4"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\04]
@="IAS.RadiusProxy"
"Providers"="2"
"Responses"="0"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\05]
@="IAS.NTSamAuthentication"
"Providers"="1"
"Requests"="0"
"Responses"="0"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\06]
@="IAS.AccountValidation"
"Providers"="1"
"Requests"="0"
"Responses"="0 1"
"Reasons"="33"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\07]
@="IAS.PolicyEnforcer"
"Providers"="1"
"Requests"="0"
"Responses"="0 1 3"
"Reasons"="33"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\08]
@="IAS.NTSamPerUser"
"Providers"="1"
"Requests"="0"
"Responses"="0 1 3"
"Reasons"="33"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\09]
@="IAS.EAP"
"Providers"="1"
"Requests"="0 2"
"Responses"="0"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\10]
@="IAS.URHandler"
"Providers"="0 1"
"Requests"="0 2"
"Responses"="0 1"
"Reasons"="33"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\11]
@="IAS.ChangePassword"
"Providers"="1"
"Requests"="0"
"Responses"="0 1"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\12]
@="IAS.AuthorizationHost"
"Requests"="0 1 2"
"Responses"="0 1 2 4"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\13]
@="IAS.Accounting"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\14]
@="IAS.MSChapErrorReporter"
"Providers"="0 1"
"Requests"="0"
"Responses"="2"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers]
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip]
"ProtocolId"=dword:00000021
"GlobalInfo"=hex:01,00,00,00,80,00,00,00,02,00,00,00,03,00,ff,ff,08,00,00,00,\
01,00,00,00,30,00,00,00,06,00,ff,ff,3c,00,00,00,01,00,00,00,38,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,07,00,00,00,02,00,00,00,01,00,00,00,03,00,\
00,00,0a,00,00,00,16,27,00,00,03,00,00,00,17,27,00,00,05,00,00,00,12,27,00,\
00,07,00,00,00,0d,00,00,00,6e,00,00,00,08,00,00,00,78,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"DLLPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\
00,70,00,72,00,74,00,72,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

Secure Terminal Access RDP

[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console\RDP]
"CdClass"=dword:00000000
"CdDLL"=""
"CdFlag"=dword:00000000
"CdName"=""
"CfgDll"="RDPCFGEX.DLL"
"InteractiveDelay"=dword:00000032
"OutBufDelay"=dword:00000064
"PdClass"=dword:00000002
"PdDLL"="tdtcp"
"PdFlag"=dword:0000004e
"PdName"="tcp"
"WdDLL"="rdpwd"
"WdFlag"=dword:00000034
"WdName"="Microsoft RDP 5.1"
"WdPrefix"="RDP"
"WsxDLL"="rdpwsx"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"CfgDll"="RDPCFGEX.DLL"
"fEnableWinStation"=dword:00000001
"MaxInstanceCount"=dword:ffffffff
"PdName"="tcp"
"PdClass"=dword:00000002
"PdDLL"="tdtcp"
"PdFlag"=dword:0000004e
"OutBufLength"=dword:00000212
"OutBufCount"=dword:00000006
"OutBufDelay"=dword:00000064
"InteractiveDelay"=dword:00000032
"PortNumber"=dword:0000a97d
"KeepAliveTimeout"=dword:00000000
"LanAdapter"=dword:00000000
"WdName"="Microsoft RDP 5.1"
"WdDLL"="rdpwd"
"WsxDLL"="rdpwsx"
"WdFlag"=dword:00000036
"InputBufferLength"=dword:00000800
"CdClass"=dword:00000000
"CdName"=""
"CdDLL"=""
"CdFlag"=dword:00000000
"Comment"=""
"fInheritAutoLogon"=dword:00000001
"fInheritResetBroken"=dword:00000001
"fInheritReconnectSame"=dword:00000001
"fInheritInitialProgram"=dword:00000001
"fInheritCallback"=dword:00000000
"fInheritCallbackNumber"=dword:00000001
"fInheritShadow"=dword:00000001
"fInheritMaxSessionTime"=dword:00000001
"fInheritMaxDisconnectionTime"=dword:00000001
"fInheritMaxIdleTime"=dword:00000001
"fInheritAutoClient"=dword:00000001
"fInheritSecurity"=dword:00000000
"fInheritColorDepth"=dword:00000000
"fPromptForPassword"=dword:00000000
"fResetBroken"=dword:00000000
"fReconnectSame"=dword:00000000
"fLogonDisabled"=dword:00000000
"fAutoClientDrives"=dword:00000001
"fAutoClientLpts"=dword:00000001
"fForceClientLptDef"=dword:00000001
"fDisableEncryption"=dword:00000001
"fHomeDirectoryMapRoot"=dword:00000000
"fUseDefaultGina"=dword:00000000
"fDisableCpm"=dword:00000000
"fDisableCdm"=dword:00000000
"fDisableCcm"=dword:00000000
"fDisableLPT"=dword:00000000
"fDisableClip"=dword:00000000
"fDisableExe"=dword:00000000
"fDisableCam"=dword:00000000
"Username"=""
"Domain"=""
"Password"=""
"WorkDirectory"=""
"InitialProgram"=""
"CallbackNumber"=""
"Callback"=dword:00000000
"Shadow"=dword:00000001
"MaxConnectionTime"=dword:00000000
"MaxDisconnectionTime"=dword:00000000
"MaxIdleTime"=dword:00000000
"KeyboardLayout"=dword:00000000
"MinEncryptionLevel"=dword:00000002
"NWLogonServer"=""
"WFProfilePath"=""
"WdPrefix"="RDP"
"TraceEnable"=dword:00000000
"TraceDebugger"=dword:00000000
"TraceClass"=dword:00000000
"ColorDepth"=dword:00000003

Disable Auto-Run Applications

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWebServices"=dword:00000001
"NoAutorun"=dword:00000001
"NoDriveTypeAutoRun"=dword:000000ff
"NoStartBanner"=dword:00000001
"PreXPSP2ShellProtocolBehavior"=dword:00000000

Disables Option to Run this time, Run Once

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext]
"RunThisTimeEnabled"=dword:00000000
"VersionCheckEnabled"=dword:00000001

Logon Popup Details

SPECIAL NOTE: You can change the LegalNotic, or LegalNoticText to anything you want, but don't use any spaces, and write it like one continuous sentence.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies ystem]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"="Welcome to Near Nist 800-171 for GraniteXP-2024 Edition"
"legalnoticetext"="NOTICE: This package is a BETA package, and is in development by @GenericTechSupport on Youtube. Subscribers will get updated details as packages are rolled out. Please subscribe to stay up to date on continued improvements. If you have any additional details, or requests, please feel free to leave a comment on the GraniteXP Project Playlist on the @GenericTechSupport youtube Channel. "
"shutdownwithoutlogon"=dword:00000000
"undockwithoutlogon"=dword:00000001
"disablecad"=dword:00000000
"inactivitytimeoutsecs"=dword:00000384
"MSAOptional"=dword:00000001
"DisableAutomaticRestartSignOn"=dword:00000001

WinLogon Variables

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=dword:00000001
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="1"
"AllowMultipleTSSessions"=dword:00000000
"UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\
00,00,00
"LogonType"=dword:00000000
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000001
"DisableCAD"=dword:00000000
"AutoAdminLogon"="0"

LANMAN Server/Client Settings

[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"OtherDomains"=hex(7):00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
"Size"=dword:00000002
"DisableDos"=dword:00000000
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000001
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,4c,\
00,4c,00,53,00,52,00,50,00,43,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,\
72,00,00,00,00,00
"NullSessionShares"=hex(7):43,00,4f,00,4d,00,43,00,46,00,47,00,00,00,44,00,46,\
00,53,00,24,00,00,00,00,00
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,72,00,76,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"Lmannounce"=dword:00000000
"Guid"=hex:e7,e8,91,4a,c5,2d,f8,49,b2,92,29,e4,87,d6,eb,30
"AdjustedNullSessionPipes"=dword:00000001
"SMB1"=dword:00000000
"restrictnullsessaccess"=dword:00000001[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer]
"Start"=dword:00000004

Cleanup Process

GPO/REG Config Cleanup Final Step Details

Disable System Restore

reg add "HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 1 /f

Set Page file to 4GB

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v PagingFiles /t REGMULTISZ /d "C:\pagefile.sys 4092 4092" /f

Disable System Remote Assistance

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v fAllowToGetHelp /t REGDWORD /d 0 /freg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v fAllowFullControl /t REGDWORD /d 0 /f

Disable Microsoft Remote Support

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 0 /f

Disable Application Foreground Boost

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl" /v Win32PrioritySeparation /t REG_DWORD /d 24 /f

Define RDP Inbound Port

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d "43389" /f

Windows Service Cleanup

Disable Windows Screen Recording

sc config srservice start= disabled

Disable Shared Resources

sc config browser start= disabled

Disable Windows Help Services

sc config helpsvc start= disabled

Disable Printer Services

sc config spooler start= disabled

Disable Windows Updates Services

sc config wuauserv start= disabled

MISC DATA

GPO/REG Configuration Details

The above is an incomplete list, the Policy configurations have changes slightly over the past year to compensate for additional configurations. It's important to note that while this project is a working project, it's been modeled after a Windows 10 22H2 machine, and there's been a couple of windows 11 Policies Sprinkled in over the year, however, that the configuration is based on a 100% out of the box windows XP SP3 machine, with no updates or any configurations on it. Attempting to install this package on a pre-built or XP system with a ton of stuff on it is a bad idea, and not something recommened.

NEW NETWORK CONFIGURATION

Set the Dynamic RPC Ports

reg add "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /v Ports /t REGMULTISZ /d 4000-4700 /f

Turn on Defined Internet RPC Access Ports

reg add "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /v PortsInternetAvailable /t REG_SZ /d Y /f

Force Use of Internet External RPC Ports

reg add "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /v UseInternetPorts /t REG_SZ /d Y /f

Force Object Linking for DCOM

reg add "HKLM\SOFTWARE\Microsoft\ole" /v EnableDCOM /t REG_SZ /d N /f

Disable DCOM on RPC Protocol

reg add "HKLM\SOFTWARE\Microsoft\Rpc" /v "DCOM Protocols" /t REGMULTISZ /f

Disable SMB Share Access Port

reg add "HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v SMBDeviceEnabled /t REG_DWORD /d 0 /f

Disable LMHost Share Access Port

reg add "HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v EnableLMHOSTS /t REG_DWORD /d 0 /f

Disable Print Spooler Services

sc config spooler start= disabled

Configure Network Firewall Ports

Configure Custom Settings for Network Security

Windows Registry Editor Version 5.00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Disabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::disabled:@xpsp2res.dll,-22019"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"clroptimizationv4.0.3031932-1"="V4.0|Action=Block|Dir=In|App=c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clroptimizationv4.0.3031932|Name=Block traffic for clroptimizationv4.0.3031932|"
"clroptimizationv4.0.3031932-2"="V4.0|Action=Block|Dir=Out|App=c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clroptimizationv4.0.3031932|Name=Block traffic for clroptimizationv4.0.3031932|"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Disabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::disabled:@xpsp2res.dll,-22019"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP"="5985:TCP::Disabled:Windows Remote Management "
"80:TCP"="80:TCP::Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) "
"43389:TCP"="43389:TCP:*:Enabled:CustomRDP"

Granite XP Updates

Windows XP SP4.5 Updates

Application/Update Rollups
NOTE: Application includes Powershell, .net, IE and DirectXKB2079403
KB2115168
KB2121546
KB2124261
KB2141007
KB2160329
KB2229593
KB2259922
KB2279986
KB2286198
KB2290570
KB2296011
KB2296199
KB2345886
KB2347290
KB2360937
KB2387149
KB2393802
KB2412687
KB2419632
KB2423089
KB2436673
KB2440591
KB2443105
KB2476490
KB2476687
KB2478960
KB2478971
KB2479628
KB2479943
KB2481109
KB2483185
KB2485376
KB2485663
KB2491683
KB2503658
KB2503665
KB2506212
KB2506223
KB2507618
KB2507938
KB2508429
KB2509553
KB2510531-IE8
KB2511455
KB2524375
KB2535512
KB2536276-v2
KB2541763
KB2544893-v2
KB2555917
KB2564958
KB2566454
KB2567053
KB2567680
KB2570222
KB2570947
KB2584146
KB2585542
KB2592799
KB2598479
KB2603381
KB2607712
KB2616676-v2
KB2619339
KB2620712
KB2621440
KB2624667
KB2631813
KB2633171
KB2639417
KB2641653
KB2641690
KB2646524
KB2653956
KB2655992
KB2659262
KB2660465
KB2660649
KB2661254-v2
KB2661637
KB2676562
KB2685939
KB2686509
KB2691442
KB2698365
KB2705219-v2
KB2707511
KB2709162
KB2712808
KB2718523
KB2718704
KB2719985
KB2723135-v2
KB2724197
KB2727528
KB2731847-v2
KB2749655
KB2753842-v2
KB2757638
KB2758857
KB2761226
KB2770660
KB2778344
KB2779030
KB2780091
KB2799494
KB2802968
KB2807986
KB2808735
KB2813170
KB2813345
KB2820917
KB2829361
KB2834886
KB2835364
KB2839229
KB2845187
KB2847311
KB2849470
KB2850851
KB2850869
KB2859537
KB2862152
KB2862330
KB2862335
KB2864063
KB2868038
KB2868626
KB2876217
KB2876315
KB2876331
KB2883150
KB2884256
KB2892075
KB2893294
KB2893984
KB2898715
KB2914368
KB2916036
KB2922229
KB2926765
KB2929961
KB2930275
KB2939576
KB2957503
KB2957509
KB2961072
KB2989935
KB2991963
KB2992611
KB2993254
KB2993651
KB2998579
KB3004361
KB3011780
KB3013126
KB3019215
KB3020393-v2
KB3021674
KB3023562
KB3029944
KB3033889
KB3035132
KB3039066
KB3046049
KB3061518
KB3065979
KB3072630
KB3072633
KB3073921
KB3076895
KB3078601
KB3080446
KB3081320
KB3087039
KB3092601
KB3097877
KB3108381
KB3109094
KB3109560
KB3121918
KB3124001
KB3124280
KB3126041
KB3126587
KB3126593
KB3134214
KB3139398
KB3139914
KB3139940
KB3140410
KB3140709
KB3140735
KB3145739
KB3146963
KB3149090
KB3153704
KB3161561
KB3161949
KB3170455
KB3177186
KB3178034
KB3183431
KB3184122
KB3185911
KB3190847
KB3194371
KB3196348
KB3196718
KB3196726
KB3197835
KB3198218
KB3198510
KB3203859
KB3204724
KB3216916
KB4011981
KB4012583
KB4012584
KB4012598
KB4014652
KB4014793
KB4014794
KB4015067
KB4015380
KB4015383
KB4017018
KB4018271-IE8
KB4018466
KB4018490
KB4018556-v2
KB4019204
KB4019206
KB4022746
KB4022747
KB4022883-v2
KB4022884
KB4024323
KB4024402
KB4025218
KB4025240
KB4025409
KB4025497
KB4026061
KB4034034
KB4034044
KB4034775
KB4035055
KB4035056
KB4039384
KB4041995
KB4042007
KB4042067
KB4042120
KB4042121
KB4042122
KB4042723
KB4047211
KB4048968
KB4048970
KB4050795
KB4052303
KB4056564
KB4056564-v2
KB4056615
KB4056941
KB4057893
KB4074603
KB4074836
KB4074837
KB4074852
KB4087398
KB4089082
KB4089175
KB4089344
KB4089453-v2
KB4089694
KB4091756
KB4093223
KB4093224
KB4093257
KB4093753
KB4101477
KB4101864
KB4130957
KB4130978
KB4131188
KB4134651
KB4134651-v2
KB4230467
KB4291391
KB4293928
KB4294413
KB4316682-IE8
KB4338381
KB4339284
KB4339291
KB4339854
KB4340937
KB4343674
KB4344104
KB4457163
KB4457426-IE8
KB4458000
KB4458001
KB4458003
KB4458006
KB4458008
KB4458318
KB4462935
KB4462949-IE8
KB4462987
KB4463103
KB4463361
KB4463545
KB4463573
KB4466388
KB4466536-IE8
KB4467689
KB4468323
KB4470118
KB4470198
KB4470199-IE8
KB4473077
KB4473078
KB4480965-IE8
KB4481275
KB4483187-IE8
KB4486463
KB4486464
KB4486465
KB4486468
KB4486474-IE8
KB4486536
KB4486538
KB4486924
KB4487085-v2
KB4487086
KB4487385
KB4487396
KB4487989
KB4487990
KB4489493
KB4489973
KB4489974
KB4489977
KB4490228
KB4490385
KB4490500
KB4490501
KB4491443
KB4493341
KB4493435-IE8
KB4493563
KB4493790
KB4493793
KB4493794
KB4493795
KB4493796
KB4493797
KB4493927
KB4494059
KB4494528
KB4495022
KB4500331
KB898461
KB923561
KB938464-v2
KB946648
KB950762
KB950974
KB951376-v2
KB951618-v2
KB951698
KB951748
KB951978
KB952004
KB952287
KB952954
KB953155
KB953356
KB954211
KB954459
KB954550-v5
KB954600
KB955069
KB955759
KB956572
KB956744
KB956802
KB956803
KB956841
KB956844
KB957095
KB957097
KB958644
KB958687
KB958690
KB958869
KB959426
KB960225
KB960803
KB960859
KB961118
KB961371-v2
KB961373
KB961501
KB961503
KB967715
KB968389
KB968537
KB969059
KB969947
KB970238
KB970430
KB970483
KB971029
KB971468
KB971486
KB971557
KB971633
KB971657
KB971737
KB972270
KB973354
KB973507
KB973687
KB973815
KB973869
KB973904
KB974112
KB974318
KB974392
KB974571
KB975025
KB975254
KB975467
KB975560
KB975561
KB975562
KB975713
KB976323
KB976662-IE8
KB977165-v2
KB977816
KB977914
KB978037
KB978251
KB978338
KB978542
KB978601
KB978706
KB979309
KB979482
KB979559
KB979683
KB979687
KB980218
KB980232
KB980436
KB981322
KB981332-IE8
KB981852
KB981957
KB981997
KB982132
KB982214
KB982665
KB982802

Application Specific Updates

Windows Media Player
KB2378111WM9
KB952069WM9
KB972187WM9
KB973540WM9
KB3033890WM9
KB975558WM8

Windows IE8
KB2510531-IE8
KB4018271-IE8
KB4316682-IE8
KB4457426-IE8
KB4462949-IE8
KB4466536-IE8
KB4470199-IE8
KB4480965-IE8
KB4483187-IE8
KB4486474-IE8
KB4493435-IE8
KB976662-IE8
KB981332-IE8

Windows XP Security Updates

Windows XP SP0-4 Security Updates
KB2564958
KB2079403
KB2115168
KB2121546
KB2124261
KB2160329
KB2229593
KB2259922
KB2279986
KB2286198
KB2290570
KB2296011
KB2296199
KB2347290
KB898461
KB2141007
KB2345886
KB2360937
KB2387149
KB2393802
KB2412687
KB2419632
KB2423089
KB2436673
KB2440591
KB2443105
KB2476490
KB2476687
KB2478960
KB2478971
KB2479628
KB2479943
KB2481109
KB2483185
KB2485376
KB2485663
KB2491683
KB2503658
KB2503665
KB2506212
KB2506223
KB2507618
KB2507938
KB2508429
KB2509553
KB2511455
KB2524375
KB2535512
KB2536276-v2
KB2541763
KB2544893-v2
KB2555917
KB2566454
KB2567053
KB2567680
KB2570222
KB2570947
KB2584146
KB2585542
KB2592799
KB2598479
KB2603381
KB2607712
KB2616676-v2
KB2619339
KB2620712
KB2621440
KB2624667
KB2631813
KB2633171
KB2639417
KB2641653
KB2641690
KB2646524
KB2653956
KB2655992
KB2659262
KB2660465
KB2660649
KB2661254-v2
KB2661637
KB2676562
KB2685939
KB2686509
KB2691442
KB2698365
KB2705219-v2
KB2707511
KB2709162
KB2712808
KB2718523
KB2718704
KB2719985
KB2723135-v2
KB2724197
KB2727528
KB2731847-v2
KB2753842-v2
KB2757638
KB2758857
KB2761226
KB2770660
KB2778344
KB2779030
KB2780091
KB2799494
KB2802968
KB2807986
KB2808735
KB2813170
KB2813345
KB2820917
KB2829361
KB2834886
KB2835364
KB2839229
KB2845187
KB2847311
KB2849470
KB2850851
KB2850869
KB2859537
KB2862152
KB2862330
KB2862335
KB2864063
KB2868038
KB2868626
KB2876217
KB2876315
KB2876331
KB2883150
KB2884256
KB2892075
KB2893294
KB2893984
KB2898715
KB2914368
KB2916036
KB2922229
KB2926765
KB2929961
KB2930275
KB2939576
KB2957503
KB2957509
KB2961072
KB2989935
KB2991963
KB2992611
KB2993254
KB2993651
KB2998579
KB3004361
KB3011780
KB3013126
KB3019215
KB3020393-v2
KB3021674
KB3023562
KB3029944
KB3033889
KB3035132
KB3039066
KB3046049
KB3061518
KB3065979
KB3072630
KB3072633
KB3073921
KB3076895
KB3078601
KB3080446
KB3081320
KB3087039
KB3092601
KB3097877
KB3108381
KB3109094
KB3109560
KB3121918
KB3124001
KB3124280
KB3126041
KB3126587
KB3126593
KB3134214
KB3139398
KB3139914
KB3139940
KB3140410
KB3140709
KB3140735
KB3145739
KB3146963
KB3149090
KB3153704
KB3161561
KB3161949
KB3170455
KB3177186
KB3178034
KB3183431
KB3184122
KB3185911
KB3190847
KB3194371
KB3196348
KB3196718
KB3196726
KB3197835
KB3198218
KB3198510
KB3203859
KB3204724
KB3216916
KB4011981
KB4012583
KB4012584
KB4012598
KB4014652
KB4014793
KB4014794
KB4015067
KB4015380
KB4015383
KB4017018
KB4018466
KB4018490
KB4018556-v2
KB4019204
KB4019206
KB4022746
KB4022747
KB4022883-v2
KB4022884
KB4024323
KB4024402
KB4025218
KB4025240
KB4025409
KB4025497
KB4026061
KB4034034
KB4034044
KB4034775
KB4035055
KB4035056
KB4039384
KB4041995
KB4042007
KB4042067
KB4042120
KB4042121
KB4042122
KB4042723
KB4047211
KB4048968
KB4048970
KB4050795
KB4052303
KB4056564
KB4056564-v2
KB4056615
KB4056941
KB4057893
KB4074603
KB4074836
KB4074837
KB4074852
KB4087398
KB4089082
KB4089175
KB4089344
KB4089453-v2
KB4089694
KB4091756
KB4093223
KB4093224
KB4093257
KB4093753
KB4101477
KB4101864
KB4130957
KB4130978
KB4131188
KB4134651
KB4134651-v2
KB4230467
KB4291391
KB4293928
KB4294413
KB4338381
KB4339284
KB4339291
KB4339854
KB4340937
KB4343674
KB4344104
KB4457163
KB4458000
KB4458001
KB4458003
KB4458006
KB4458008
KB4458318
KB4462935
KB4462987
KB4463103
KB4463361
KB4463545
KB4463573
KB4466388
KB4467689
KB4468323
KB4470118
KB4470198
KB4473077
KB4473078
KB4481275
KB4486463
KB4486464
KB4486465
KB4486468
KB4486536
KB4486538
KB4486924
KB4487085-v2
KB4487086
KB4487385
KB4487396
KB4487989
KB4487990
KB4489493
KB4489973
KB4489974
KB4489977
KB4490228
KB4490385
KB4490500
KB4490501
KB4491443
KB4493341
KB4493563
KB4493790
KB4493793
KB4493794
KB4493795
KB4493796
KB4493797
KB4493927
KB4494059
KB4494528
KB4495022
KB4500331
KB923561
KB938464-v2
KB946648
KB950762
KB950974
KB951376-v2
KB951618-v2
KB951698
KB951748
KB952004
KB952954
KB953155
KB954211
KB954459
KB954600
KB955069
KB956572
KB951978
KB952287
KB953356
KB954550-v5
KB955759
KB956744
KB956802
KB956803
KB956841
KB956844
KB957095
KB957097
KB958644
KB958687
KB958690
KB958869
KB959426
KB960225
KB960803
KB960859
KB961371-v2
KB961373
KB961501
KB961503
KB967715
KB968389
KB968537
KB969059
KB969947
KB970238
KB970430
KB970483
KB971029
KB971468
KB971486
KB971557
KB971633
KB971657
KB971737
KB972270
KB973354
KB973507
KB973687
KB973815
KB973869
KB973904
KB974112
KB974318
KB974392
KB974571
KB975025
KB975254
KB975467
KB975560
KB975561
KB975562
KB975713
KB976323
KB977165-v2
KB977816
KB977914
KB978037
KB978251
KB978338
KB978542
KB978601
KB978706
KB979309
KB979482
KB979559
KB979683
KB979687
KB980218
KB980232
KB980436
KB981322
KB981852
KB981957
KB981997
KB982132
KB982214
KB982665
KB982802

Curious What each KB Contains, Follow the Link and Provide the KB Number for Details

Microsoft Update Catalog

Granite Install Instructions

Package Details

Hardware Requirements

A FRESH INSTALL
Pentium 3 733MHZ or better
(4 Core on ONECOREAPI Mod)
4GB PC133 RAM
(8GB DDR on OneCoreAPI Mod)
40GB IDE HARDDISK
Video Card capable of 1024/768
NO Network Connection Required

Package Contents

01. ReadFirst
02. RegistryFix
03. Updates
04. NetworkConfiguration
05. AdditionalSecurityConfig
06. OneCoreAPI_Browsers
07. Download References

Step 0: Installation Prep

01. Open Network Connection
02. Right click on your network connection (LAN)
03. Choose Properties
04. Click on TCP/IP and click on Properties
05. Click on Advanced
06. Click on WINS Tab
07. Uncheck "Enable LMHosts lookup"
08. Click Bullet to disable Netbios over TCP/IP
09. Click OK
10. Click OK
11. Click Check box to "show icon in notification area, when connected"
12. click close

Step 1: Installation Prep

1. Click on Start
2. Right Click on My Computer
3. Choose Manage
4. Click on Local Users and Groups
5. Click on users
6. Right Click Choose New User
Name: Pete (or whatever you want to name it)
7. Password: 8-12 Characters, 2 special, 2 numbers (Warning Less than 8 characters will cause package to fail)
8. Create
9. Right-Click on Pete
Make him a member of "Administrators" Group.
10. Remove him from Users Group
Save
NOTE: This account only needs to exist, does not need to be the primary account

Step 2: Installation Prep

1. On a Modern Windows System, using 7Zip Extract the GraniteXP installation Data
2. Mount the data to a Thumb Drive (NOTE: You will need 8GB)
3. Copy the raw data over to the C:\tools directory on your Clean built windows XP System.

Step 3: Installation Registry Config

Double Click on: Granite-XP-REG-CONFIG.msi
Reboot when completed

Step 4: 03. Updates

1. Open the 01. WsusOfflineXP Folder
2. Double-Click on UpdateInstaller.exe
3. Select Options as shown in Image

Step 4: 03. Updates (CONT)

4. Choose StartSPECIAL NOTESystem will reboot 3-7 times depending on hardware and other factors.You must Click OK on the Banner data on the logon screen, the system will automatically recall and update after that point.Once completed you will be forced to authenticate to log back into the system.

Step 5: 03. Updates (CONT)

1. Open "02. FullXPUpdates "
2. Double-Click: GraniteUpdatePackOne.msiWhen completed the system will automatically reboot.Estimated 2-4min to complete

Step 6: 03. Updates (CONT)

1. Open "02. FullXPUpdates "
2. Double-Click: GraniteUpdatePackTwo.msiWhen completed the system will automatically reboot.Estimated 4+ Hours to complete

Step 7: 03. Updates (CONT)

1. Open "03. ApplicationRollups"
2. Run the Batch file located in this location first, this is labeled as: RunBefore_GraniteUpdatePackThreee.batFailure to run this Batch first will result in an error.3. Double-Click: GraniteUpdatePackThree.msiWhen completed the system will automatically reboot.Estimated 10-20min to complete

Step 8: 03. Updates (CONT)

1. Open "04. Cleanup Installers"
2. Double-Click: GraniteXPCleanup.msiWhen completed the system will automatically reboot.Estimated 10-20Seconds to complete

Step 9: 04. NetworkConfiguration NEW

Double-Click: 01. GraniteXPNetworkRegConfig.msiWhen completed the system will automatically reboot.Estimated 10-20Seconds to complete

Step 10: 04. NetworkConfiguration(CONT)

Double-Click: "02. GraniteXPNetworkingRegModSecure.msi"When completed the system will automatically reboot.Estimated 10-20Seconds to complete

Step 11: 05. AdditionalSecurityConfig NEW

Double-Click: "EnableTLS1_2Mod.msi"When completed the system will automatically reboot.Estimated 10-20Seconds to complete

STOP HERE & SEE "ADDITIONAL PACKAGE DETAILS" IF YOU WANT TO USE ONECOREAPI

Step 12: 06. OneCoreAPI_Browsers NEW

1. Open: 01. Installers
2. Double Click: 49.0.2633.112 To install the last version of Google Chrome for Windows XP.
3. Double-Click: Firefox Setup 52.9 To install the last version of Firefox for Windows XP.

Granite Special Install Instructions

SPECIAL NOTE

A HUGE Amount of Configuration has gone into the making of this package, however, not all of the configuration is mine.Special Thanks to the long gone makers of the WSUS Offline Installer 9.2.1. They saved me a bunch of time and headaches with tracking down .net, directX, Powershell, and other installers for XP.

Installing GraniteXP on Integral Edition with One-Core-API

While the installation process is the same as listed above, if you intend on using OneCoreAPI, you must install the Granite Updates before you install OneCoreAPI or it will result in errors. When you do the OneCoreAPI You will want to keep the system offline and allow OneCoreAPI to fail on system update, the Granite Package contains the required updates already installed on your system.

In testing results were inconsistent, meaning sometimes updates with OneCoreAPI will result in BSOD, while others it does not, however the package still works with GraniteXP Updates installed, as they contain the core updates in the OneCoreAPI configuration.

Additional Package Details

06. OneCoreAPI_Browsers

07. Download References

Step 1: Open the References Text Document under the "07. Download References" location, and go to the OneCoreAPI GIT location and download the latest build.(NOTE: If you can't find it, a link to the build version used in this package is at the bottom of this page)

Step 2: Disconnect your network connection and Install the OneCoreAPI Application, and shutdown your PC. Add additional Cores, and Memory. Turn back on your PC, and Reboot once you log in, you will see an alert about a core change and requiring a reboot.

Step 3: Open the "06. OneCoreAPI_Browsers" Location and open the "01. Installers" Location, Install both Chrome and Firefox for XP. These are the final builds available on XP native edition.

Step 4: Go to your installation directory for Chrome. It should be: C:\Documents and Settings*YOURUSERNAME*\Local Settings\Application DataCopy over the Entire folder for;
Chrome (Rename NewChrome)
Vivaldi
Brave
FirefoxRight click on the Chrome.exe and paste shortcut to the desktopRepeat on each application.

Granite Links

WINDOWS ADDITIONAL PACKAGES

WELCOME TO

The Modern Windows Granite Performance Project

This Release is Beta 0.1

THIS PROJECT IS DEAD

Only 19 People Downloaded this Project, over a 14 day time period, not worth my time to continue working on it

PROJECT SCOPE

* Uninstall Microsoft Edge
* Remove Apps from App Store
* Remove System Bloat
* Disable System Services associated with no longer active APPS.
* Remove Firewall Ports that are no longer needed.
* Cleanup Task Scheduler
* Disable Services not needed for daily use.
* Create a Safe to use with Granite Security Package Option.

PROJECT DETAILS (DATA)

* Using Scrips previously created for other projects, combine them into an active package that will work with Granite Security.
* Fix any errors in the package for release
* Add any bug details to the Bug list on this page in the event of any issues found.

BUG DISCOVERY

* UGH!!! The Removal of Edge without a reboot results in a boot loop. But only occurs after a certain rollup in 24H2. Haven't been able to pinpoint the issue yet.
* The AppX Package removal created as an extension of the Talon Raven video appears to remove Notepad, i need notepad, going to remove that appX package in the Powershell command.
* Can't Package these Powershell scripts into MSI or EXE, attempted PS2EXE package creation tool, but it fails, appears to be an issue with running as admin, even when using an exe and running it as admin, probably have to revisit the commandline and fix the powershell scripts to work correctly as a package. Kinda annoying..

TERMS OF USE

You are free to:Share — copy and redistribute the material in any medium or format as you wish.The licensor cannot revoke these freedoms as long as you follow the license terms.Under the following terms:Attribution — You must give appropriate credit , provide a link to https://www.youtube.com/@generictechsupportYou may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.NonCommercial — You may use the material for commercial purposes if you wish, but it's ULTRA BETA, and not recommended.NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material without mailing GenericTechSupport an Entenmann's Chocolate Cake.No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything in this license permits.Notices:
No warranties are given.
The license may not give you all of the permissions necessary for your intended use.For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.Guarantee:
The Software is provided "AS IS", without warranty of any kind, express or implied, including but not limited to the warranties of use for a particular purpose. In no event shall the authors or copyright holders be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Software or the use or other dealings in the Software.

Special NOTE: This is 100% a BETA PROJECT and IS NOT COMPLETED.By Downloading the Software you are accepting the terms of service.

LINK TO GRANITE PERFORMANCE ULTRA BETA WINDOWS 11

See Link for Video Containing Decryption Password(s)

Link to Release Video (5/10/25)

BONUS CONTENT

Part of this Performance change is the creation of something easier to work with, both ascetically as well as functionally.

In doing this I have found that Windows 11, can be fairly easily switched to look like windows 7.

Links to Software Packages to make this happen.
(NOTE: Both Security and Performance Packages were installed in this system configuration)

Download and install Explorer Patcher.
Download and install OpenShell
Download and Install UltraUXThemePatcher
Reboot
Once you are booted, copy the .theme files into the C:\windows\Resources\Themes Folder
Reboot.
Add OpenShell to the system, change the settings to include the Start menu icons.
Note: If you modify this Registy key: HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced and Add a DWORD 32 "Start_ShowClassicMode" value = 0 Reboot. That will enable the Shift+Right click menu on the start menu.

WELCOME TO

The Modern Windows Granite Security Project

This Release is Beta 3.2

This Project is underway for Release 3.3

Initially nearly no one downloaded this project, but last count was 500 people in 3 weeks, so it's back in the mix for the next upgrade eventually.

NOTE: GenericTechSupport Reached out to MIcrosoft and escalated a case for the release of GraniteXP, Since GenericTechSupport owns companies, this was required, as he does not want to lose access to his Microsoft Licensing portal, YouTube makes about 13.00 a month, his job pays the mortgage, it's not worth the risk

PROJECT SCOPE

* Create Windows Security that mimics Windows 7 Defaults
* Create Windows Lockdown that locks out common security issues.
* Increase system performance
* Add STIG Values to add additional security to workgroup machines
* Add Functional Changes back to the system menus
* Fix performance limitations of windows 11
* learn how to package system configurations as software

PROJECT FEATURE REQUESTS Added to next release

User: @jasonmitchell3307

Add Last Click Active Option back to the Mouse Configuration

Windows Registry Editor Version 5.00
HKCU\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Advanced
"LastActiveClick"=dword:00000001

Fix the Default Onedrive Location in MS Office for File Saves

Windows Registry Editor Version 5.00
HKCU\SOFTWARE\Microsoft\Office\16.0\common\general
"PreferCloudSaveLocations"=dword:0000000

PROJECT FEATURE REQUESTS Added to next release

User: GenericTechSupport

Add Telnet Client

dism /online /Enable-Feature /FeatureName:TelnetClient

Add WMIC Back

DISM /Online /Add-Capability /CapabilityName:WMIC

PROJECT DETAILS (DATA)

* Built Domain Controller
* Found that Server 2025 is still too buggy to use as a base system.
* installed 2022, and imported the ADMX/ADML Templates from 2025.
* Installed Powershell tools on Windows 11, discovered how broken new RSAT Configuration settings are in windows 11.
* Created XML template of windows 11 configuration of GPO settings from STIG Values.
* Heavily Modified the configuration of STIG to work without a DC.
* Added Configuration for Workgroup settings needed to work around DC Limitations.
* Added customizations to UI on windows 11 to fix performance issues, where clicking takes forever to react.
* Added performance settings to UI to make Windows 11 function better in gaming.
* Added Memory settings to help fix some limitations of DDR4 and DDR3 latency.
* Expanded MFT compression limits to help reduce latency in SATA connected Drives.
* Added IE Security settings to block against ransomware attempts using IE flaws.
* Disabled all AI integration services from Reporting Back TO MICROSOFT
* Set the Default PC Value to opt-out of any recording of personal data.
* Set dump value to purge personal data from AI that may have already collected.
* Added Firefox and Google chrome AI Integration functions to disabled.
More to come
* discovered that the Advanced Installer is programmatically broken and done so to force purchase (May be a video)

TERMS OF USE

You are free to:Share — copy and redistribute the material in any medium or format as long as you Do not modify the original MSI package.The licensor cannot revoke these freedoms as long as you follow the license terms.Under the following terms:Attribution — You must give appropriate credit , provide a link to https://www.youtube.com/@generictechsupportYou may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.NonCommercial — You may not use the material for commercial purposes, without paying royalties or residuals to the GenericTechSupport Youtube Channel .NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified MSI material.No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything in this license permits.Notices:
No warranties are given.
The license may not give you all of the permissions necessary for your intended use.For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.Guarantee:
The Software (MSI and Scripts) is provided "AS IS", without warranty of any kind, express or implied, including but not limited to the warranties of use for a particular purpose. In no event shall the authors or copyright holders be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Software or the use or other dealings in the Software.

Special NOTE: This is 100% a BETA PROJECT and IS NOT COMPLETED.By Downloading the Software you are accepting the terms of service.

LINK TO GRANITE SECURITY PACKAGE FOR WINDOWS 11

See Link for Video Containing Decryption Password(s)

Link To Release Video (5/10/25)

Granite XP
Channel Home Page
Windows Software

Request Ad-Time

Please provide a brief introduction to your product or service, highlighting its technical integrity, testing, and quality.If this is not a technical request, please provide details on the product or service, e.g., lifestyle product, eco-friendly item, home gadget, etc.Please mention any relevant features or qualities, such as sustainability, ease of use, design and any links to studies or details vetting the products quality or function.

Home

GenericTechSupport Business Collaboration request

Collaboration meetings are an essential part of our process, where we work closely with clients to understand their specific needs, discuss potential solutions, and align on goals.These meetings foster open communication and help us provide customized IT support that best suits your business requirements.We are committed to ensuring that every collaboration is productive and results-driven.Use the contact-us details listed here for service

Home

GenericTechSupport MSP Request

We offer a range of pricing options to suit your needs, including flat rates and hourly rates.Whether you require a one-time service or ongoing support, we can customize a solution that fits your budget and ensures you receive the technical assistance you need.Feel free to contact us to discuss the best option for your business.

Home

Have an Idea for a video?

Whether you have a video idea in mind or need assistance learning something new in Technology, feel free to send us a Video Idea. We're here to help!

Home

About TechGuyOne and The GenericTechSupport Youtube Channel.

With over 25 years of extensive experience in the IT and systems engineering field, I have honed my expertise across a broad range of technologies and industries.My journey has led me to work on high-impact projects for multiple high profile organizations, where I was responsible for designing and implementing complex integration and encryption solutions.My technical background spans across various Microsoft server technologies, cloud solutions, security and compliance frameworks, as well as systems and network infrastructure.I have led diverse engineering projects, from Active Directory implementations to designing advanced cloud integrations and supporting legacy systems for some of the largest companies in the world.In multiple roles I have found myself training the more junior engineers and techs, providing them with guidance and direction. These young professionals are who pushed me to start the generictechsupport youtube channel.I specialize in providing expert consulting for businesses seeking tailored IT support, migration solutions, and long-term infrastructure improvements. With a proven track record of ensuring compliance across industries like healthcare, finance, and government, I understand the importance of maintaining a secure and efficient environment.In addition to my technical prowess, I bring a strong set of soft skills to the table, including excellent communication, documentation, and customer service abilities.I have built a reputation for being a collaborative leader, working closely with teams and clients to ensure project success and long-term satisfaction.Whether working on a large-scale migration, designing complex integrations, or providing ongoing IT management and support, I am committed to delivering high-quality, results-driven solutions that enhance operational efficiency and security.

Channel Links
Home

Thank You

Thank you for reaching out!No matter which department you're contacting, we're excited to assist you and look forward to engaging with you in any way we can.

Channel Links
Home

How to Apply WMI in Domain Controllers

Right click WMI Filters, choose New, Name it something, and click on Add, Under the Query, add whatever Query data you want to create the filter from, use the cheat sheet located in the next part of this page, and create the WMI Filter you need to filter.

Windows DESKTOPS WMI Filter List

Windows Desktop OS WMI

Any Windows Desktop OS – Version 1
select * from Win32OperatingSystem WHERE ProductType = "1"
Any Windows Desktop OS – Version 2 (better for Win7 sometimes)
select * from Win32OperatingSystem WHERE (ProductType <> "2") AND (ProductType <> "3")
Any Windows Desktop OS – 32-bit
select * from Win32OperatingSystem WHERE ProductType = "1" AND NOT OSArchitecture = "64-bit"
Any Windows Desktop OS – 64-bit
select * from Win32OperatingSystem WHERE ProductType = "1" AND OSArchitecture = "64-bit"

Windows XP OS WMI

Windows XP
select * from Win32OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1"
Windows XP – 32-bit
select * from Win32OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows XP – 64-bit (Excluses IA64 Chip)
select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1" AND OSArchitecture = "64-bit"

Windows VISTA OS WMI

Windows Vista
select * from Win32OperatingSystem WHERE Version like "6.0%" AND ProductType="1"
Windows Vista – 32-bit
select * from Win32OperatingSystem WHERE Version like "6.0%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows Vista – 64-bit
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1" AND OSArchitecture = "64-bit"

Windows 7 OS WMI

Windows 7
select * from Win32OperatingSystem WHERE Version like "6.1%" AND ProductType="1"
Windows 7 – 32-bit
select * from Win32OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 7 – 64-bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

Windows 8 OS WMI

Windows 8
select * from Win32OperatingSystem WHERE Version like "6.2%" AND ProductType="1"
Windows 8 – 32-bit
select * from Win32OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 8 – 64-bit
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND OSArchitecture = "64-bit"

Windows 8.1 OS WMI

Windows 8.1
select * from Win32OperatingSystem WHERE Version like "6.3%" AND ProductType="1"
Windows 8.1 – 32-bit
select * from Win32OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 8.1 – 64-bit
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND OSArchitecture = "64-bit"

Windows 10 OS WMI

Windows 10
select * from Win32OperatingSystem WHERE Version like "10.0.1%" AND ProductType="1"
Windows 10 – 32-bit
select * from Win32OperatingSystem WHERE Version like "10.0.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 10 – 64-bit
select * from Win32_OperatingSystem WHERE Version like "10.0.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

Windows 11 OS WMI

Windows 11
select * from Win32_OperatingSystem WHERE Version like "10.0.2%" AND ProductType="1"

Windows SERVERS WMI Filter List

Windows Server OS WMI

Any Windows Server OS
select * from Win32OperatingSystem where (ProductType = "2") OR (ProductType = "3")
Any Windows Server OS – 32-bit
select * from Win32OperatingSystem where (ProductType = "2") OR (ProductType = "3") AND NOT OSArchitecture = "64-bit"
Any Windows Server OS – 64-bit
select * from Win32OperatingSystem where (ProductType = "2") OR (ProductType = "3") AND OSArchitecture = "64-bit"
Any Windows Server – Domain Controller
select * from Win32OperatingSystem where (ProductType = "2")
Any Windows Server – Domain Controller – 32-bit
select * from Win32OperatingSystem where (ProductType = "2") AND NOT OSArchitecture = "64-bit"
Any Windows Server – Domain Controller – 64-bit
select * from Win32OperatingSystem where (ProductType = "2") AND OSArchitecture = "64-bit"
Any Windows Server – Non-Domain Controller
select * from Win32OperatingSystem where (ProductType = "3")
Any Windows Server – Non- Domain Controller – 32-bit
select * from Win32OperatingSystem where (ProductType = "3") AND NOT OSArchitecture = "64-bit"
Any Windows Server – Non-Domain Controller – 64-bit
select * from Win32_OperatingSystem where (ProductType = "3") AND OSArchitecture = "64-bit"

Windows Server 2003 WMI

Windows Server 2003 – DC
select * from Win32OperatingSystem WHERE Version like "5.2%" AND ProductType="2"
Windows Server 2003 – non-DC
select * from Win32OperatingSystem WHERE Version like "5.2%" AND ProductType="3"
Windows Server 2003 – 32-bit – DC
select * from Win32OperatingSystem WHERE Version like "5.2%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
Windows Server 2003 – 32-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "5.2%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
Windows Server 2003 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "5.2%" AND ProductType="2" AND OSArchitecture = "64-bit"
Windows Server 2003 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "5.2%" AND ProductType="3" AND OSArchitecture = "64-bit"

Windows Server 2003R2 WMI

Windows Server 2003 R2 – DC
select * from Win32OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2"
Windows Server 2003 R2 – non-DC
select * from Win32OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3"
Windows Server 2003 R2 – 32-bit – DC
select * from Win32OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
Windows Server 2003 R2 – 32-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
Windows Server 2003 R2 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2" AND OSArchitecture = "64-bit"
Windows Server 2003 R2 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3" AND OSArchitecture = "64-bit"

Windows Server 2008 WMI

Windows Server 2008 – DC
select * from Win32OperatingSystem WHERE Version like "6.0%" AND ProductType="2"
Windows Server 2008 – non-DC
select * from Win32OperatingSystem WHERE Version like "6.0%" AND ProductType="3"
Windows Server 2008 – 32-bit – DC
select * from Win32OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
Windows Server 2008 – 32-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
Windows Server 2008 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND OSArchitecture = "64-bit"
Windows Server 2008 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND OSArchitecture = "64-bit"

Windows Server 2008R2 WMI

Windows Server 2008 R2 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "6.1%" AND ProductType="2"
Windows Server 2008 R2 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "6.1%" AND ProductType="3"

Windows Server 2012 WMI

Windows Server 2012 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "6.2%" AND ProductType="2"
Windows Server 2012 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "6.2%" AND ProductType="3"

Windows Server 2012R2 WMI

Windows Server 2012 R2 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "6.3%" AND ProductType="2"
Windows Server 2012 R2 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "6.3%" AND ProductType="3"

Windows Server 2016 WMI

Windows Server 2016 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "10.0.14%" AND ProductType="2"
Windows Server 2016 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "10.0.14%" AND ProductType="3"

Windows Server 2019 WMI

Windows Server 2019 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "10.0.17%" AND ProductType="2"
Windows Server 2019 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "10.0.17%" AND ProductType="3"

Windows Server 2022 WMI

Windows Server 2022 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "10.0.20%" AND ProductType="2"
Windows Server 2022 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "10.0.20%" AND ProductType="3"

Windows Server 2025 WMI

Windows Server 2025 – 64-bit – DC
select * from Win32OperatingSystem WHERE Version like "10.0.26%" AND ProductType="2"
Windows Server 2025 – 64-bit – non-DC
select * from Win32OperatingSystem WHERE Version like "10.0.26%" AND ProductType="3"

Windows 11 RSAT Installation Guide

Step 1: Click on Start

Step 2: Click on Settings

Step 3: Click on System

Step 4: Click on Optional Features

Step 5: Click on View Features

Step 6: Select the Optional Features you want/Need. Click On Next

Step 7: Confirm your features and click on Add

Step 8: Allow the system to install the RSAT Tools. (You May have to reboot)

How to Remove the Windows 11 / Server 2022/25 Recovery Partition from The Root Directory using Disk Part

Open CMD as admin

Open Disk Manager

Open Windows File Explorer

Navigate to your Disk

Open the CMD box, and enter in: DiskPart

While in DiskPart: List Disk

Enter in the disk to select, in our case Disk 0

Enter in: Select Disk 0

Now enter in: List Part

This will list all partitions, note the partition that says "recovery"

In our case this is partition 4

So, let's select partition 4 with: Select Partition 4

Now let's delete partition 4 so we can expand our disk

Type in: Delete Partition Override

Finally we can now expand our disk with the gui

Select your disk: right click and choose Extend Volume

Follow the prompts in the wizard

Once completed you should see the expanded disk.

Under Construction

Fedora Command ListUpdate Commands:
sudo dnf update
sudo dnf upgrade --refresh
--------------------------------
Install Snap:
sudo dnf install snapd
sudo ln -s /var/lib/snapd/snap /snap
--------------------------------
Install Flatpak:
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
------------------------------
Install OBSStudios:
flatpak install flathub com.obsproject.Studio -y
sudo dnf upgrade --refresh
------------------------------
Install OpenShot:
sudo dnf install openshot
------------------------------

How to install Nvidea Drivers

Install NVidea Drivers:
sudo dnf install kernel-devel kernel-headers gcc make dkms acpid libglvnd-glx libglvnd-opengl libglvnd-devel pkgconfig
------------------------------------------------
Free Driver (Open)
sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm
------------------------------------------------
Offical NVidea Driver: (closed)
sudo dnf install https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
------------------------------------------------
Make the Driver the default:
sudo dnf makecache
sudo dnf install akmod-nvidia xorg-x11-drv-nvidia-cuda
------------------------------------------------
------------------------------------------------

Package Removal Instructions

DNF Removal:
sudo dnf remove Package NameSnap Removal:
sudo snap remove Package NameFlatpak Removal:
sudo flatpak remove Package Name

K8s Script Package

Key in Video

Download K8s Scripts Package

Return
Linux Software

Fedora 41 - Community Reply Video

Update Commands:
sudo dnf update
sudo dnf upgrade --refresh
--------------------------------
Install Snap:
sudo dnf install snapd
sudo ln -s /var/lib/snapd/snap /snap
--------------------------------
Install Flatpak:
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
------------------------------
Install OBSStudios:
flatpak install flathub com.obsproject.Studio -y
sudo dnf upgrade --refresh
------------------------------
Install OpenShot:
sudo dnf install openshot
------------------------------

Package Removal Instructions

DNF Removal:
sudo dnf remove Package NameSnap Removal:
sudo snap remove Package NameFlatpak Removal:
sudo flatpak remove Package Name

Content

Linux Software Repos

Debian Repositories

Additional Repositories:
---------------------------------------------
RetroArch:
sudo add-apt-repository ppa:libretro/stable -y
---------------------------------------------
Xbox:
Sudo add-apt-repository ppa:mborgerson/xemu
---------------------------------------------
Firefox Official:
sudo add-apt-repository ppa:mozillateam/ppa
---------------------------------------------
YTDL:
sudo add-apt-repository ppa:tomtomtom/yt-dlp
---------------------------------------------
OBS Studios:
sudo add-apt-repository ppa:obsproject/obs-studio
---------------------------------------------
Steam:
sudo add-apt-repository-multiverse
---------------------------------------------
OpenShot:
sudo add-apt-repository ppa:openshot.developers/ppa -y
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------

SNAP LISTS (Debian, Fedora, ARCH)

Business SNAPS

Install Microsoft Teams
sudo snap install teams-for-linux
--------------------------------------------
Install Slack for Linux
sudo snap install slack
--------------------------------------------
Install VLC Player on Linux
sudo snap install vlc
--------------------------------------------
Install Discord
sudo snap install discord
--------------------------------------------
Snap Store:
sudo snap install snap-store
--------------------------------------------
Open Shot:
sudo snap install openshot-community
--------------------------------------------

Debian Gaming Emulators

Xbox:
sudo apt install xemu
------------------------------------------------
PS3:
Sudo snap install rpcs3-emu
------------------------------------------------
Genesis:
Sudo apt -y install higan
------------------------------------------------
WII:
sudo snap install dolphin-emulator --edge
----
WII-MOTE:
sudo apt install libcwiid1 lswm wmgui wminput
-----
sudo echo "uinput" Shift Period Shift Period /etc/modules
-----
sudo modprobe uinput
------------------------------------------------
SNES:
Sudo apt-get install zsnes
------------------------------------------------
N64:
sudo apt install mupen64plus-qt
------------------------------------------------
PS2:
sudo apt-get install pcsx2
------------------------------------------------
GameBoy Advanced:
sudo snap install visualboyadvance-m --beta
------------------------------------------------
Retro Arcade (arch)
sudo apt install software-properties-common apt-transport-https -y
---
sudo apt install retroarch -y
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------

Basic Fedora Software List

Install a different docking station:
sudo dnf install gnome-shell-extension-dash-to-dock
------------------------------------------------
More Docking station details:
https://extensions.gnome.org/extension/307/dash-to-dock/
------------------------------------------------
Install Snap:
sudo dnf install snapd
sudo dnf update
sudo ln -s /var/lib/snapd/snap /snap
------------------------------------------------
Special Note: Snap Store/App does not work right in Fedora.
------------------------------------------------
Install Steam: (Proton Only)
sudo dnf install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm -y
---
sudo dnf config-manager --enable fedora-cisco-openh264 -y
---
sudo dnf config-manager setopt fedora-cisco-openh264.enabled=1
---
sudo dnf install steam -y
------------------------------------------------
Install any .rpm:
rpm -ihv --nodeps package Name
------------------------------------------------
Driver issues:
rpm -qa | grep -e package name
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------

Debian Download Links
Deb Files

All .deb files can be installed by right-clicking and choosing to open with the "GDebi" Package installer.

Fedora Download Links
RPM Files

All .rpm files can be installed by right-clicking and choosing to open with the "Software" installer.

FreeOffice

Return
Debian-Wiki
Fedora-WIKI

ISO LINKS - FEDORA BASED

Fedora-41

Return

ISO LINKS - MISC LINUX ISO

NIXOS

Return
NixOS Video Details

ISO LINKS - DEBIAN BASED

Under Construction

Return

Build Script Details from Video

How to:
Get the Trusted Host (Workgroup Mode) list..
Get-Item WSMan:\localhost\Client\TrustedHosts
How to Set the Trust for WinRM communication:
(MachineA and MachineB)
Set-Item WSMan:\localhost\Client\TrustedHosts -Value 'machineA,machineB'If the above does not work, or still throws an error, try the Asterisk.Set-Item WSMan:\localhost\Client\TrustedHosts -Value '*'Once you have everything on the domain, run the clear command on all boxes to reset the trust.Clear-Item -Path WSMan:\localhost\Client\TrustedHosts -Force

Setting up a share on Core Server

If you want to share a folder named "Bills" and you want to give it read, write and modify access, this is the command.Note: "Bill Access" is the name of the security group we created in AD.New-SmbShare –Name Bills –Path "C:\Network Share\Bills –changeaccess "bill access"If you have a share named "bills" and you want to give it full control.. this is the command (Not recommended, see video for details)New-SmbShare –Name Bills –Path "C:\Network Share\Bills –fullaccess "bill access"

Remove the Share if you screw up

Check your share from CMD: Net shareIf you screwed up the share..Remove-SmbShare -Name "Bills"

Use the links to return to Home or Watch the video

Windows Software Links

Return

ISO LINKS - WINDOWS DESKTOP

Return

Under Construction

Return

Windows WinGet

Powershell Command

Open Powershell as admin:Add-AppxPackage -RegisterByFamilyName -MainPackage Microsoft.DesktopAppInstaller_8wekyb3d8bbwe

To use the Winget commands:
Open CMD As Admin
(NOTE: you must be a local administrator for this to work, and cannot be logged in as a local user)winget search (some kind of product)
winget install google.chrome
winget install valve.steam
winget install electronicarts.origin

To Remove an application:winget remove (application ID)
--silent (doesn't work)NOTE: While Silent doesn't work on all applications, it does on some, and this process is much easier than stumbling through the GUI.

ISO LINKS - WINDOWS SERVER

Return

Welcome to all things Debian Wiki

Welcome to the debian Wiki

In this location you will find common commands for application installations that work on all flavors of Debian.

Install Snap:
sudo apt install snapd
--------------------------------------------
Search a snap:
sudo snap search snap name
--------------------------------------------
Install a snap:
sudo snap install package Name
--------------------------------------------
Remove a snap:
sudo snap remove Package Name
--------------------------------------------
Install Flatpak:
sudo apt install flatpak
--------------------------------------------
Search for a flatpak:
sudo flatpak search flatpak name
--------------------------------------------
install a flatpak:
sudo flatpak install flatpak name
--------------------------------------------
Remove a flatpak:
sudo flatpak remove flatpak Name
--------------------------------------------
Install Updates:
sudo apt update -y
sudo apt upgrade -y
--------------------------------------------
Install Apt Packages:
sudo apt install package Name
--------------------------------------------
Search Package names with Apt:
sudo apt search package type
(for instance: sudo apt search google)
--------------------------------------------
remove an apt:
sudo apt remove package name
--------------------------------------------
(NOTE: apt replaces apt-get, if you are on older builds you may need to use apt-get)

How to install XRDP on Mint

sudo apt install xrdp
sudo systemctl enable xrdp
sudo ufw allow 3389
sudo reboot now

Increase your Swap File

Make Page file 8GB (NOTE, you can make this 4GB, or 16GB, or modify whatever number you want of GB)
---------------------------------------------
sudo swapoff -a
---------------------------------------------
sudo fallocate -l 8G /swapfile
---------------------------------------------
sudo chmod 600 /swapfile
---------------------------------------------
sudo mkswap /swapfile
---------------------------------------------
sudo swapon /swapfile
---------------------------------------------
sudo swapon --show
---------------------------------------------

How to Configure your File Share on Mint

Install Samba

sudo apt install samba -y

add the new user (Change newuser to whatever user you want to use)
(See video for details)

sudo adduser newuser

Set the password in the SMB Configuration to whatever you set in the prior step. This should be identical. (See video for details)

sudo smbpasswd -a newuser

Open the configuration file in NANO Editor
(See video for details)

sudo nano /etc/samba/smb.conf

Follow Instructions in the Video for where to add this text:

[global]
workgroup = WORKGROUP
client min protocol = SMB3
client max protocol = SMB3
client smb encrypt = required
client signing = required
server min protocol = SMB3
server max protocol = SMB3
ntlm auth = ntlmv2-only

[sharename]
comment = Samba on Ubuntu
path = /srv/sambashare/sharename
read only = no
browsable = yes
valid users = newuser

Restart the SMB Service

sudo service smbd restart

create the new share folder (Named the same as the config above)

sudo mkdir -p /srv/sambashare/sharename

Set the Permissions on the share for windows 11 24h2 Access
(See video for details)

sudo chown newuser: /srv/sambashare/sharename

Restart the SMB Service one last time

sudo service smbd restart

Link to Video

Use the links to return to Home or View Linux Software

Return
Linux Software List

See Link for Debian Wiki for more details

Debian-Wiki

Non-Standard Package install details
(XP Version and 10 Version with Snap Packages)

The Snap store installation on this OS is slightly different.Use this process instead of what's in the debian Wiki:Install Snap Configuration:
sudo apt install snapd
---------------------------------------------
Fix the Menu Bug:
sudo apt install xfce4-appfinder -y
sudo apt install exo-utils -y
sudo apt install libexo* -y
sudo reboot now
----------------------------------------------
Follow any additional instructions in the Debian Wiki for more packages and install help.

Windows 10 Version

Things to Note

There's no default update gui package installed.You will likely need to use the gui to at least start the update process at first.sudo apt update
authenticateAt which point the gui should populate available updates. After doing this once I didn't need to do this again, and the Gui just worked.

Use the links to return to Home or Watch the videos, or download the ISO files and try this yourself

NixOS - Coming 2/20/25

How to Install Flatpak on NIX OS

Using Terminal Open
/etc/nixos/configuration.nixsudo nano /etc/nixos/configuration.nixLocate the section that says "Services"Add this line:services.flatpak.enable = true;Control X to save, and y to save over the other fileNext run: (as sudo)
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepoLastly:
reboot

Command to install flatpaks

Same as all the other flavors of Linux..sudo flatpak search (app Name)
sudo flatpak install (app Name)If you can't find the package, try to update the repository..sudo flatpak update

Command to install Nix Packages

Much like the Linux Versions of Debian and Fedora
where you get the:sudo apt install vlc
--or--
sudo dnf install vlcNix has it's own application managerto install a nix, you would think sudo nix install vlc, but you would be wrong.Nix uses: sudo nix-env -i vlc to install the same application. (assuming the package exists on Nix)

Sample Bash Script for Debian

This is a sample BASH script created for an automated installation of Linux MINT

#!/bin/sh
# Welcome to the GenericTechSupport Youtube Channel Script, for installing Windows 11 Default Build Replacement applications, Please Note, you will need to install the Steam
# Application and the Snap Repository outside of this script. You Must install Snap before running this script, and must reboot, and must install the steam application after running
# this script and rebooting again. If you add the Steam store installation to this script it will cause the network drivers to fail, and cause the system to lose internet connection.
# You have been warned.
#
#
# To Follow the video save this file as applicationinstall.sh in the home directory
# Feel free to comment out whatever packages you don't want.
#
#
# Install Snap Repositories and updates prior to running this script.
# Snap update will require a reboot
# sudo mv /etc/apt/preferences.d/nosnap.pref ~/Documents/nosnap.backup
# sudo apt update
# sudo apt install snapd
# sudo snap install snap-store
#
#
# Also install VmWare Tools if you are installing this on vmware workstation or player, which will also require a reboot.
# sudo apt-get install open-vm-tools-desktop
# sudo apt-get install open-vm-tools
#
#
# update Repositories
sudo apt-get update
#
# Add the Multiverse repository, needed for steam
sudo add-apt-repository multiverse
#
# Add the Mozilla Repository, needed to update firefox.
sudo add-apt-repository ppa:mozillateam/ppa -y
#
# Add the YT DLP Repository, added for downloading media online.
sudo add-apt-repository ppa:tomtomtom/yt-dlp -y
#
# Add the OBS Project repository, needed for OBS-Studios
sudo add-apt-repository ppa:obsproject/obs-studio -y
#
# Add the OpenShot repository, needed for openshot video editing
sudo add-apt-repository ppa:openshot.developers/ppa -y
#
# download the Software needed for the apt repository
#
# Download the Office Apps debian application for office apps on o365
wget http://sourceforge.net/projects/microsoftonlineapps/files/v1.0.0/microsoftonlineapps.deb/download -P ./Downloads/Microsoft
#
# Download new Chrome, for Chrome Browser on Linux
wget https://dl.google.com/linux/direct/google-chrome-stablecurrentamd64.deb -P ./Downloads
#
# Download Zoom for Linux
wget https://zoom.us/client/6.3.1.5673/zoom_amd64.deb -P ./Downloads
#
# update the packages and repository options for next installation steps.
sudo apt-get update
#
# Install the Apt Repo Applications
#
# Install the Application YT Downloader
sudo apt-get install yt-dlp -y
#
# Install the OSB Studios Application
sudo apt-get install obs-studio -y
#
# Install the Openshot video Editor Software
sudo apt-get install openshot-qt python3-openshot -y
#
# Install the Custom Downloaded Packages
#
# Install the Microsoft Office Apps Package for Linux
sudo dpkg -i ~/Downloads/Microsoft/download
#
# Install the Chrome Browser on Linux
sudo dpkg -i ~/Downloads/google-chrome-stable.deb
#
# Install Zoom on Linux
sudo dpkg -i ~/Downloads/zoom.deb
#
# Install the Snaps
#
# Install Microsoft Teams
sudo snap install teams-for-linux
#
# Install Slack for Linux
sudo snap install slack
#
# Install VLC Player on Linux
sudo snap install vlc
#
# Install the Discord application on Linux
sudo snap install discord
#
# Upgrade the packages to latest version
sudo apt-get update
sudo apt-get upgrade -y
#
# Cleanup all cached data, Low on drive space option.
# sudo apt-get clean
#
# Cleanup downloaded apt packages, Low on drive space option.
# rm -rf ./Downloads/*
#
# Fix any encountered errors, common issue on discord application for some reason..
sudo apt --fix-broken install -y
#
# Reboot the system
sudo reboot now
#
# You must reboot to install Steam, please grab the bellow line and install outside of this script.
#
#
# WARNING - Steam has a lot of dependencies and may cause issues with NIC and other drivers, make sure all updates are done and a reboot is complete before running install for steam.
# sudo apt-get update
# sudo apt-get upgrade -y
# sudo apt-get dist-upgrade -y
# sudo do-release-upgrade -y
# sudo apt-get install steam -y
#

Return

Kali Video - 2/14/25

Application Name:dnsrecon -d nameofdomain.com

Output will provide deep troubleshooting details on DNS server or configuration.NOTE: This is for Website lookup or to troubleshoot your internal network, not designed for any illegal activity.

Raven Talon Debloater Tool - A full Dissection
Watch the breakdown on 2/25/25

!!!WARNING!!!

Before running the debloater scripts, make sure you have notepad++ and Firefox installed on your system. This was only tested on 24H2 as a clean build, use this at your own risk for pre-built systems.

This document contains the itemized process of cleaning up the bloat in stages, For a much easier process, use the Raven Talon "Debloater application" found on the Raven Git Website.

Link to Raven Debloater

Please Donate to their project, it helps our tech community continue to develop free packages

Edge Pin Removal Script

Run the script as admin in Powershell and the Menu cleanup and
reboot afterwards:
------------------------------------------function Unpin-App([string]$appname) {
((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() |
?{$.Name -eq $appname}).Verbs() | ?{$.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt()}
}Unpin-App("Microsoft Edge")

Windows Menu Cleanup Windows 11

Run as admin in powershell or cmd, and reboot when completed.
---------------------------------------------reg add "HKCU\Software\Classes\CLSID{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve

REBOOT NOW

Microsoft Edge Removal Powershell Script

Run the following as a PS1 file as admin

if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Host "This script must be run with administrator rights!" -ForegroundColor Red
Break
}
Write-Host "Edge Vanisher started" -ForegroundColor Yellow
Write-Host "Starting Microsoft Edge uninstallation process..." -ForegroundColor YellowWrite-Host "Terminating Edge processes..." -ForegroundColor Cyan
$processes = Get-Process | Where-Object { $.Name -like "edge" }
if ($processes) {
$processes | ForEach-Object {
Write-Host "Terminated process: $($.Name) (PID: $($.Id))" -ForegroundColor Cyan
}
$processes | Stop-Process -Force -ErrorAction SilentlyContinue
} else {
Write-Host "No running Edge processes found." -ForegroundColor Cyan
}Write-Host "Uninstalling Edge with setup..." -ForegroundColor Cyan
$edgePath = "${env:ProgramFiles(x86)}\Microsoft\Edge\Application*\Installer etup.exe"
if (Test-Path $edgePath) {
Start-Process -FilePath $(Resolve-Path $edgePath) -ArgumentList "--uninstall --system-level --verbose-logging --force-uninstall" -Wait
}Write-Host "Removing Start Menu shortcuts..." -ForegroundColor Cyan
$startMenuPaths = @(
"$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk",
"$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk",
"$env:ALLUSERSPROFILE\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk"
)
foreach ($path in $startMenuPaths) {
if (Test-Path $path) {
Write-Host "Deleting: $path" -ForegroundColor Cyan
Remove-Item -Path $path -Force -ErrorAction SilentlyContinue
if (!(Test-Path $path)) {
Write-Host "Successfully deleted: $path" -ForegroundColor Green
} else {
Write-Host "Failed to delete: $path" -ForegroundColor Red
}
}
}Write-Host "Cleaning Edge folders..." -ForegroundColor Cyan
$edgePaths = @(
"$env:LOCALAPPDATA\Microsoft\Edge",
"$env:PROGRAMFILES\Microsoft\Edge",
"${env:ProgramFiles(x86)}\Microsoft\Edge",
"${env:ProgramFiles(x86)}\Microsoft\EdgeUpdate",
"${env:ProgramFiles(x86)}\Microsoft\EdgeCore",
"$env:LOCALAPPDATA\Microsoft\EdgeUpdate",
"$env:PROGRAMDATA\Microsoft\EdgeUpdate",
"$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk",
"$env:PUBLIC\Desktop\Microsoft Edge.lnk"
)
foreach ($path in $edgePaths) {
if (Test-Path $path) {
Write-Host "Cleaning: $path" -ForegroundColor Cyan
takeown /F $path /R /D Y | Out-Null
icacls $path /grant administrators:F /T | Out-Null
Remove-Item -Path $path -Recurse -Force -ErrorAction SilentlyContinue
}
}Write-Host "Cleaning Edge registry entries..." -ForegroundColor Cyan
$edgeRegKeys = @(
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update",
"HKLM:\SOFTWARE\Microsoft\EdgeUpdate",
"HKCU:\Software\Microsoft\Edge",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msedge.exe",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeUpdate",
"HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeUpdate",
"HKLM:\SOFTWARE\Microsoft\Edge",
"HKLM:\SOFTWARE\WOW6432Node\Microsoft\Edge",
"HKLM:\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate",
"HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge",
"HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"
)
foreach ($key in $edgeRegKeys) {
if (Test-Path $key) {
Write-Host "Deleting registry key: $key" -ForegroundColor Cyan
Remove-Item -Path $key -Recurse -Force -ErrorAction SilentlyContinue
if (!(Test-Path $key)) {
Write-Host "Successfully deleted registry key: $key" -ForegroundColor Green
} else {
Write-Host "Failed to delete registry key: $key" -ForegroundColor Red
}
}
}$edgeUpdatePath = "${env:ProgramFiles(x86)}\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"
if (Test-Path $edgeUpdatePath) {
Start-Process $edgeUpdatePath -ArgumentList "/uninstall" -Wait -ErrorAction SilentlyContinue
}$services = @(
"edgeupdate",
"edgeupdatem",
"MicrosoftEdgeElevationService"
)
foreach ($service in $services) {
Stop-Service -Name $service -Force -ErrorAction SilentlyContinue
sc.exe delete $service
}$edgeSetup = Get-ChildItem -Path "${env:ProgramFiles(x86)}\Microsoft\Edge\Application*\Installer etup.exe" -ErrorAction SilentlyContinue
if ($edgeSetup) {
Start-Process $edgeSetup.FullName -ArgumentList "--uninstall --system-level --verbose-logging --force-uninstall" -Wait
}Stop-Process -Name explorer -Force -ErrorAction SilentlyContinue
Start-Process explorer
Write-Host "`nMicrosoft Edge uninstallation process completed!" -ForegroundColor GreenWrite-Host "Creating protective Edge folders..." -ForegroundColor Cyan
$protectiveFolders = @(
@{
Base = "${env:ProgramFiles(x86)}\Microsoft\Edge"
App = "${env:ProgramFiles(x86)}\Microsoft\Edge\Application"
CreateSubFolder = $true
},
@{
Base = "${env:ProgramFiles(x86)}\Microsoft\EdgeCore"
CreateSubFolder = $false
}
)
foreach ($folder in $protectiveFolders) {
# Create folders
New-Item -Path $folder.Base -ItemType Directory -Force | Out-Null
if ($folder.CreateSubFolder) {
New-Item -Path $folder.App -ItemType Directory -Force | Out-Null
}
Write-Host "Processing protective folder: $($folder.Base)" -ForegroundColor Cyan$currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Namefolder only for EdgeCore
if (!$folder.CreateSubFolder) {
try {
$acl = New-Object System.Security.AccessControl.DirectorySecurity$acl.SetOwner([System.Security.Principal.NTAccount]$currentUser)
$acl.SetAccessRuleProtection($true, $false)including take ownership permission
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
$currentUser,
"FullControl,TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$acl.AddAccessRule($accessRule)permission for SYSTEM, Administrators and Trusted Installer
$systemSid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-18")
$adminsSid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
$trustedInstallerSid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464")
$authenticatedUsersSid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-11")$denyRule1 = New-Object System.Security.AccessControl.FileSystemAccessRule(
$systemSid,
"TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Deny"
)$denyRule2 = New-Object System.Security.AccessControl.FileSystemAccessRule(
$adminsSid,
"TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Deny"
)
$denyRule3 = New-Object System.Security.AccessControl.FileSystemAccessRule(
$trustedInstallerSid,
"TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Deny"
)
$denyRule4 = New-Object System.Security.AccessControl.FileSystemAccessRule(
$authenticatedUsersSid,
"TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Deny"
)
$acl.AddAccessRule($denyRule1)
$acl.AddAccessRule($denyRule2)
$acl.AddAccessRule($denyRule3)
$acl.AddAccessRule($denyRule4)Set-Acl $folder.Base $acl -ErrorAction Stop
Write-Host "Success: $($folder.Base)" -ForegroundColor Green
}
catch {
Write-Host "Error occurred: $($folder.Base) - $" -ForegroundColor Red
}
}
else {Get-ChildItem -Path $folder.Base -Recurse | ForEach-Object {
try {
$acl = New-Object System.Security.AccessControl.DirectorySecurity$acl.SetOwner([System.Security.Principal.NTAccount]$currentUser)$acl.SetAccessRuleProtection($true, $false)permission including take ownership permission
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
$currentUser,
"FullControl,TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$acl.AddAccessRule($accessRule)$systemSid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-18")
$adminsSid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
$trustedInstallerSid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464")
$authenticatedUsersSid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-11")$denyRule1 = New-Object System.Security.AccessControl.FileSystemAccessRule(
$systemSid,
"TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Deny"
)$denyRule2 = New-Object System.Security.AccessControl.FileSystemAccessRule(
$adminsSid,
"TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Deny"
)
$denyRule3 = New-Object System.Security.AccessControl.FileSystemAccessRule(
$trustedInstallerSid,
"TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Deny"
)
$denyRule4 = New-Object System.Security.AccessControl.FileSystemAccessRule(
$authenticatedUsersSid,
"TakeOwnership,ChangePermissions",
"ContainerInherit,ObjectInherit",
"None",
"Deny"
)
$acl.AddAccessRule($denyRule1)
$acl.AddAccessRule($denyRule2)
$acl.AddAccessRule($denyRule3)
$acl.AddAccessRule($denyRule4)Set-Acl $.FullName $acl -ErrorAction Stop
Write-Host "Success: $($.FullName)" -ForegroundColor Green
}
catch {
Write-Host "Error occurred: $($.FullName) - $" -ForegroundColor Blue
}
}
}
}
Write-Host "Protective folders created and security settings configured for Edge and EdgeCore." -ForegroundColor Purple

NOTE: You will need to reboot after you run this.

Find your AppX Packages for your user

Run the following as a PS1 file as admin

mkdir c:\tools
Get-AppXPackage > C:\tools\AppXPackages.Log

Find your AppX Packages for Public Users

Run the following as a PS1 file as admin

mkdir c:\tools
Get-AppXPackage -allusers > C:\tools\AppXAllUsers.Log

Remove All AppX Packages from 24H2

Run the following as a PS1 file as admin

# Remove Applications HKCU (user Account)
Get-AppxPackage -name msteams | remove-appxpackage
Get-AppxPackage -name Microsoft.StorePurchaseApp | remove-appxpackage
Get-AppxPackage -name Microsoft.Todos | remove-appxpackage
Get-AppxPackage -name MicrosoftCorporationII.QuickAssist | remove-appxpackage
Get-AppxPackage -name Microsoft.YourPhone | remove-appxpackage
Get-AppxPackage -name Microsoft.XboxSpeechToTextOverlay | remove-appxpackage
Get-AppxPackage -name Microsoft.XboxGamingOverlay | remove-appxpackage
Get-AppxPackage -name Microsoft.Xbox.TCUI | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsSoundRecorder | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsFeedbackHub | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsCamera | remove-appxpackage
Get-AppxPackage -name Microsoft.Windows.Photos | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsCalculator | remove-appxpackage
Get-AppxPackage -name Microsoft.Windows.DevHome | remove-appxpackage
Get-AppxPackage -name Microsoft.WebpImageExtension | remove-appxpackage
Get-AppxPackage -name Microsoft.WebMediaExtensions | remove-appxpackage
Get-AppxPackage -name Microsoft.MicrosoftStickyNotes | remove-appxpackage
Get-AppxPackage -name Microsoft.MicrosoftSolitaireCollection | remove-appxpackage
Get-AppxPackage -name Microsoft.GetHelp | remove-appxpackage
Get-AppxPackage -name Microsoft.GamingApp | remove-appxpackage
Get-AppxPackage -name Microsoft.BingWeather | remove-appxpackage
Get-AppxPackage -name Microsoft.BingSearch | remove-appxpackage
Get-AppxPackage -name Microsoft.BingNews | remove-appxpackage
Get-AppxPackage -name Microsoft.MicrosoftEdge.Stable | remove-appxpackage
Get-AppxPackage -name Microsoft.Copilot | remove-appxpackage
Get-AppxPackage -name MicrosoftWindows.Client.WebExperience | remove-appxpackage
Get-AppxPackage -name Microsoft.zunemusic | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsStore | remove-appxpackage
Get-AppxPackage -name Microsoft.XboxIdentityProvider | remove-appxpackage
Get-AppxPackage -name Microsoft.ScreenSketch | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsAlarms | remove-appxpackage
Get-AppxPackage -name Microsoft.PowerAutomateDesktop | remove-appxpackage
Get-AppxPackage -name Microsoft.OutlookForWindows | remove-appxpackage
Get-AppxPackage -name Microsoft.MicrosoftOfficeHub | remove-appxpackage#Remove Applications HKLM (Public)
Get-AppxPackage -allusers -name Microsoft.MicrosoftOfficeHub | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.MicrosoftEdge.Stable | remove-appxpackage
Get-AppxPackage -allusers -name Clipchamp.Clipchamp | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.BingNews | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.BingSearch | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.BingWeather | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.GamingApp | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.GetHelp | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.OutlookForWindows | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.PowerAutomateDesktop | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.ScreenSketch | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.StorePurchaseApp | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Todos | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WebpImageExtension | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WebMediaExtensions | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Windows.DevHome | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Windows.Photos | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WindowsAlarms | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WindowsFeedbackHub | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WindowsSoundRecorder | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WindowsStore | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Xbox.TCUI | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.XboxGamingOverlay | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.XboxIdentityProvider | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.XboxSpeechToTextOverlay | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.YourPhone | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.ZuneMusic | remove-appxpackage
Get-AppxPackage -allusers -name MicrosoftCorporationII.QuickAssist | remove-appxpackage
Get-AppxPackage -allusers -name MicrosoftWindows.Client.WebExperience | remove-appxpackage
Get-AppxPackage -allusers -name MicrosoftWindows.CrossDevice | remove-appxpackage
Get-AppxPackage -allusers -name MSTeams | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Copilot | remove-appxpackage

REBOOT WHEN COMPLETED

Cleanup Task Scheduler 24H2

Run the following as a PS1 file as admin

Get-ScheduledTask -TaskPath "" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\AppID" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Application Experience" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\ApplicationData" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\AppListBackup" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\BrokerInfrastructure" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\capabilityaccessmanager" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\CloudExperienceHost" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\CloudRestore" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Offline Files" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\SystemRestore" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\XblGameSave\ " | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\DiskDiagnostic" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "Microsoft\Windows\Customer Experience Improvement program" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Feedback\Siuf" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Windows Error Reporting" | Disable-ScheduledTask
Get-ScheduledTask -TaskPath "\Microsoft\Windows\Maps" | Disable-ScheduledTask

NOTE: THERE'S a BUG AS SHOWN IN THE VIDEO

REBOOT WHEN COMPLETED

Remove Onedrive 24H2

Run the following as a PS1 file as admin

Get-Process | Where-Object { $.ProcessName -like "onedrive" } | Stop-Process -Force
if (Test-Path "$env:SystemRoot\SysWOW64\OneDriveSetup.exe") {
& "$env:SystemRoot\SysWOW64\OneDriveSetup.exe" /uninstall
} elseif (Test-Path "$env:SystemRoot\System32\OneDriveSetup.exe") {
& "$env:SystemRoot\System32\OneDriveSetup.exe" /uninstall
}@(
"$env:ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk",
"$env:APPDATA\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk",
"$env:PUBLIC\Desktop\OneDrive.lnk",
"$env:USERPROFILE\Desktop\OneDrive.lnk",
"$env:USERPROFILE\OneDrive",
"$env:LOCALAPPDATA\Microsoft\OneDrive",
"$env:ProgramData\Microsoft\OneDrive",
"$env:SystemDrive\OneDriveTemp"
) | ForEach-Object { Remove-Item $ -Force -Recurse }@(
"HKCR:\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}",
"HKCR:\Wow6432Node\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
) | ForEach-Object { Remove-Item -Path $_ -Recurse -Force }Get-Process explorer | Stop-Process -Force
Start-Sleep -Seconds 2
Start-Process explorer

REBOOT WHEN COMPLETED

Remove Microsoft Office 24H2

Run the following as a PS1 file as admin

Get-Process | Where-Object { $.ProcessName -like "outlook" } | Stop-Process -Force
Start-Sleep -Seconds 3Get-AppxPackage Microsoft.Office.Outlook | Remove-AppxPackage
Get-AppxProvisionedPackage -Online | Where-Object {$.PackageName -like "Microsoft.Office.Outlook"} | Remove-AppxProvisionedPackage -Online
Get-AppxPackage Microsoft.OutlookForWindows | Remove-AppxPackage
Get-AppxProvisionedPackage -Online | Where-Object {$.PackageName -like "Microsoft.OutlookForWindows"} | Remove-AppxProvisionedPackage -Online$windowsAppsPath = "C:\Program Files\WindowsApps"
$outlookFolders = Get-ChildItem -Path $windowsAppsPath -Directory | Where-Object { $.Name -like "Microsoft.OutlookForWindows" }
foreach ($folder in $outlookFolders) {
$folderPath = Join-Path $windowsAppsPath $folder.Name
takeown /f $folderPath /r /d Y | Out-Null
icacls $folderPath /grant administrators:F /t | Out-Null
Remove-Item -Path $folderPath -Recurse -Force
}$shortcutPaths = @(
"$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk",
"$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Outlook.lnk",
"$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Outlook.lnk",
"$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Outlook.lnk",
"$env:PUBLIC\Desktop\Outlook.lnk",
"$env:USERPROFILE\Desktop\Outlook.lnk",
"$env:PUBLIC\Desktop\Microsoft Outlook.lnk",
"$env:USERPROFILE\Desktop\Microsoft Outlook.lnk",
"$env:PUBLIC\Desktop\Outlook (New).lnk",
"$env:USERPROFILE\Desktop\Outlook (New).lnk",
"$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (New).lnk",
"$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Outlook (New).lnk"
)
$shortcutPaths | ForEach-Object { Remove-Item $_ -Force }
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Value 0 -Type DWord -Force$registryPaths = @(
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\TaskbarMRU",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\TaskBar",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
)
foreach ($path in $registryPaths) {
if (Test-Path $path) {
@("Favorites", "FavoritesResolve", "FavoritesChanges", "FavoritesRemovedChanges", "TaskbarWinXP", "PinnedItems") |
ForEach-Object { Remove-ItemProperty -Path $path -Name $_ -ErrorAction SilentlyContinue }
}
}Remove-Item "$env:LOCALAPPDATA\Microsoft\Windows\Shell\LayoutModification.xml" -Force
Remove-Item "$env:LOCALAPPDATA\Microsoft\Windows\Explorer\iconcache" -Force
Remove-Item "$env:LOCALAPPDATA\Microsoft\Windows\Explorer\thumbcache*" -ForceGet-Process explorer | Stop-Process -Force
Start-Sleep -Seconds 2
Start-Process explorer

REBOOT WHEN COMPLETED

Service Console Disable 24H2

Run the following as a bat file as admin

# Stops Xbox Accessory Integrations
sc config "xboxgipsvc" start=disabled
sc stop xboxgipsvc
# Stops Xbox Authentication Manager
sc config "XblAuthManager" start=disabled
sc stop XblAuthManager
# Stops Windows/Xbox Game Sync
sc config "XblGameSave" start=disabled
sc stop XblGameSave
# Stops Xbox Online sync
sc config "XboxNetApiSvc" start=disabled
sc stop XboxNetApiSvc
#stops Microsoft Account authentication
sc config "wlidsvc" start=disabled
sc stop wlidsvc
# Stops the AI Fabric Applications from connecting online
sc config "WSAIFabricSvc" start=disabled
sc stop WSAIFabricSvc
# Removes Syncing of all files accross all windows systems
sc config "workfolderssvc" start=disabled
sc stop workfolderssvc
# Removes Windows Store Push applications options
sc config "PushToInstall" start=disabled
sc stop PushToInstall
# Removes AI Camera options
sc config "perceptionsimulation" start=disabled
sc stop perceptionsimulation
# Disables Media Player File Share and Telemetery
sc config "WMPNetworkSvc" start=disabled
sc stop WMPNetworkSvc
# Removes the option for windows Insider Program to work
sc config "wisvc" start=disabled
sc stop wisvc
# Removes Windows Event Log access from online services from Microsoft.
sc config "Wecsvc" start=disabled
sc stop Wecsvc
# Disables remote camera access from 3rd party applications
sc config "FrameServer" start=disabled
sc stop FrameServer
# Disables Windows Hello, and removes biometric online data storage
sc config "WbioSrvc" start=disabled
sc stop WbioSrvc
# Disables Windows backup options
sc config "SDRSVC" start=disabled
sc stop SDRSVC
# Disables Wireless Docking Functions
sc config "WFDSConMgrSvc" start=disabled
sc stop WFDSConMgrSvc
# Removes Windows Wallet from storing financial data on microsoft servers
sc config "WalletService" start=disabled
sc stop WalletService
# Disables backups, system restore and data recovery methods.
sc config "VSS" start=disabled
sc stop VSS
# Disables access to user data for online roaming profiles.
sc config "UevAgentService" start=disabled
sc stop UevAgentService
# Provides online access to event logs
sc config "SNMPTrap" start=disabled
sc stop SNMPTrap
# Disables Smartcard access
sc config "SCPolicySvc" start=disabled
sc stop SCPolicySvc
# Disables Smartcard API access
sc config "ScDeviceEnum" start=disabled
sc stop ScDeviceEnum
# Disables Smart card reader
sc config "SCardSvr" start=disabled
sc stop SCardSvr
# Sets the lighting settings for monitors on bright or dim lighting.
sc config "SensrSvc" start=disabled
sc stop SensrSvc
# Removes System Demo Mode option
sc config "RetailDemo" start=disabled
sc stop RetailDemo
# Allows remote access to system without authentication
sc config "RasAuto" start=disabled
sc stop RasAuto
# Automatic Windows Help Services
sc config "TroubleshootingSvc" start=disabled
sc stop TroubleshootingSvc
# Automatic Data reporting (troubleshooting and Help)
sc config "wercplsupport" start=disabled
sc stop wercplsupport
# Used for stylus and touch screens.
sc config "PenService" start=disabled
sc stop PenService
sc config "PenService3395a" start=disabled
sc stop PenService3395a
# Parental Controls
sc config "WpcMonSvc" start=disabled
sc stop WpcMonSvc
# Unknown Plan9 Server Services, only aware of this in Bell Labs 1980s.
sc config "P9RdrService" start=disabled
sc stop P9RdrService
sc config "P9RdrService3395a" Start=disabled
sc stop P9RdrService3395a
# Disables offline file sync
sc config "CscService" start=disabled
sc stop CscService
# Location Awareness Service
sc config "NaturalAuthentication" start=disabled
sc stop NaturalAuthentication
# Microsoft Store Installation Automatic updater service
sc config "InstallService" start=disabled
sc stop InstallService
# Edge Disable Service
sc config "edgeupdatem" start=disabled
sc stop edgeupdatem
# More Edge stuff
sc config "edgeupdate" start=disabled
sc stop edgeupdate
# Engless Edge Garbage
sc config "MicrosoftEdgeElevationService" start=disabled
sc stop MicrosoftEdgeElevationService
# MS Cloud authentication and access
sc config "cloudidsvc" start=disabled
sc stop cloudidsvc
# MS Text messaging recording app
sc config "MessagingService" start=disabled
sc config "MessagingService3395a" start=disabled
sc config "DeviceAssociationBrokerSvc3395a" start=disabled
sc stop MessagingService
sc stop DeviceAssociationBrokerSvc3395a
sc stop MessagingService3395a
# Desktop Sharing Application
sc config "BcastDVRUserServic" start=disabled
sc stop BcastDVRUserService
sc config "BcastDVRUserService3395a" start=disabled
sc stop BcastDVRUserService3395a
# Network Device discovery services
sc config "DevQueryBroker" start=disabled
sc stop DevQueryBroker
# Miracast Services
sc config "DevicePickerUserSvc" start=disabled
sc config "DevicePickerUserSvc3395a" start=disabled
sc stop DevicePickerUserSvc3395a
sc stop DevicePickerUserSvc
# Automatic Credential Broker service
sc config "CredentialEnrollmentManagerUserSvc" start=disabled
sc config "CredentialEnrollmentManagerUserSvc3395a" start=disabled
sc stop CredentialEnrollmentManagerUserSvc3395a
sc stop CredentialEnrollmentManagerUserSvcacd8f
# Allows Apps from the internet to access device location services
sc config "ConsentUxUserSvc" start=disabled
sc stop ConsentUxUserSvc
# Allows Apps from the internet to access device location services
sc config "ConsentUxUserSvc3395a" start=disabled
sc stop ConsentUxUserSvc3395a
# disables Device api flow for user sync data with microsoft
sc config "DevicesFlowUserSvc3395a" start=disabled
sc stop DevicesFlowUserSvc3395a
# Disables Capture service for screen scaping access from microsoft
sc config "CaptureService3395a" start=disabled
sc stop CaptureService3395a
# disables Onedrive sync service
sc config "OneSyncSvc3395a" start=disabled
sc stop OneSyncSvc_3395a
# disables Touch screen settings
sc config "TextInputManagementService" start=disabled
sc stop TextInputManagementService

NOTE: Certain Services with wildcards will need the second part of this script to be disabled.

24H2 Service Wildcard Disable

Run the following as a PS1 file as admin

REBOOT WHEN COMPLETED

GROUP POLICY CONFIGURATIONS

WILL BE RELEASED IN PART 2 OF TALON SCRIPT VIDEO

Windows Software
Windows Wiki
Back to Channel Page

How to use your Mint System as a daily Driver office computer

Software Found in this video is located in Linux-Software Link

Linux-Software

Step 1: Install all the updates and reboot

sudo apt update
sudo apt upgrade -y

Step 2: Download and install the Software shown in video

Step 3: Install the Mail Client Evolution

sudo apt install evolution
sudo apt install evolution-ews
sudo apt install update
sudo reboot now

How to configure O365 on Evolution Mail

Cross Over - Running EXE's on Linux Debian Based Systems

Coming 3/4/25

Bazzite - The knock-off SteamOS Gaming Platform for Amazon Handhelds

Coming 3/6/25

Garuda OS - The Arch Flavored Linux Gaming Platform

Coming 3/11/25

How to use Remote Desktop on Ubuntu and Mint?

Coming 3/18/25

Commands to Install Xrdp on Mint

sudo apt update
sudo apt upgrade -y
sudo apt install xrdp
sudo systemctl enable xrdp
sudo ufw allow 3389
sudo reboot now

How to Install a Free WIFI Heat Mapper on Ubuntu

Coming 3/25/25

Scripts to install Heatmapper

BASH SCRIPT NUMBER 1

#!/bin/sh
# Welcome to Part 1 of the GenericTechSupport Youtube Channel Script for setting up a heat mapper on Linux Mint Version 24.sudo apt update
sudo apt upgrade -y
sudo swapoff -a
sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo reboot now
#

BASH SCRIPT NUMBER 2

#!/bin/sh
# Welcome to Part 2 of the GenericTechSupport Youtube Channel Script for setting up a heat mapper on UBUNTU Version 24.sudo apt install net-tools -y
sudo apt install python3-tk -y
sudo apt install python3-pip -y
sudo apt install python3-pil -y
sudo apt install speedtest-cli -y
sudo apt install python3-pil python3-pil.imagetk -y
sudo apt install iw -y
sudo apt install curl -y
sudo snap install tqdm
sudo snap install wireless-tools
sudo snap install speedtest
sudo reboot now
#

BASH SCRIPT NUMBER 3

#!/bin/sh
# Welcome to Part 3 of the GenericTechSupport Youtube Channel Script for setting up a heat mapper on UBUNTU Version 24.sudo pip3 install numpy --break-system-packages
sudo pip3 install matplotlib --break-system-packages
sudo pip3 install whm --break-system-packages
sudo pip3 install scipy --break-system-packages
sudo pip3 install pysimpleGUI --break-system-packages
sudo pip3 install speedtest_cli --break-system-packages
sudo dpkg -s wireless-tools
curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
sudo python3 -m pip install --force-reinstall --extra-index-url https://PySimpleGUI.net/install PySimpleGUI --break-system-packages
#

COMMON ERRORS

In some cases you may seePySimpleGUI is now located on a private PyPI server. Please add to your pip command: -i https://PySimpleGUI.net/installThe version you just installed should uninstalled:
python -m pip uninstall PySimpleGUI
python -m pip cache purge
Then install the latest from the private server:
python -m pip install --upgrade --extra-index-url https://PySimpleGUI.net/install PySimpleGUI
You can also force a reinstall using this command and it'll install the latest regardless of what you have installed currently
python -m pip install --force-reinstall --extra-index-url https://PySimpleGUI.net/install PySimpleGUIUse python3 command if you're running on the Mac or Linux
Traceback (most recent call last):
File "/usr/local/bin/whm", line 5, in <module>
from wifiheatmapper.main import driver
File "/usr/local/lib/python3.12/dist-packages/wifiheatmapper/main.py", line 3, in <module>
from wifiheatmapper.gui import startgui
File "/usr/local/lib/python3.12/dist-packages/wifiheatmapper/gui.py", line 5, in <module>
from wifiheatmapper.graph import generategraph
File "/usr/local/lib/python3.12/dist-packages/wifiheatmapper/graph.py", line 5, in <module>
import matplotlib.pyplot as plt
ModuleNotFoundError: No module named 'matplotlib'

HOW TO FIX

Here's the commands to repair this:sudo python3 -m pip install --force-reinstall --extra-index-url https://PySimpleGUI.net/install PySimpleGUI --break-system-packages

HOW TO RUN IT

Here's the commands to run this:whm bootstrap --config NameTheNetworkYouAreTesting.json

Accept the 30 Day Trial:
NOTE: You can get a free license as a hobbyist, but if this is for commercial work, please pay the 99.99 fee.

Run this command again:whm bootstrap --config NameTheNetworkYouAreTesting.json

IF YOU GET THIS ERROR

Found existing installation: kiwisolver 0.0.0
ERROR: Cannot uninstall kiwisolver 0.0.0, RECORD file not found. Hint: The package was installed by debian.TYPE THIS AS YOUR FIXpip3 install kiwisolver --force-reinstall --break-system-packagesNOTE: THIS ERROR IS DUE TO FAULTY WIFI NIC DRIVERS, IF YOU SEE THIS, THIS WILL NOT WORK CORRECTLY

FINALLY Run this command again:whm bootstrap --config NameTheNetworkYouAreTesting.json

YOU WILL GET THIS OUTPUT

OPEN ANOTHER TERMINAL

INTERFACE NAME

The interface name is the name listed to the left, you will need to grab that name, and enter it (Case Sensitive) into the other box, that interface should be your Wifi-Interface and press Enter.

Command: ifconfig

When prompted, click on Y for Yes to confirm the Adapter

When prompted, Enter No More than 2 for the number of passes.

Enter ALL When Prompted

Now create a rough diagram of the home, or office, and save it as a JPG file, I used PAINT on windows to do this, and it worked fine

Command to HeatMap

whm benchmark -m LivesInBox.jpg -c /home/user/home.json

SPECIAL NOTE

All videos are shot with VmWare Workstation Paid, however.. The Heat Mapper will only work on VirtualBox, Using VMware will cause you to use the Open-Vm Drivers for Ubuntu, which DO NOT WORK for heat mapping. If you need to run this virtual on a windows box, it will work, but you MUST use virtual box.

How to Create an ISO to bypass TPM on Windows 11

Coming 4/9/25

Software Needed

SPECIAL NOTES

NOTE: Hardware not desined for Windows 11 will likely not contain the upgrade licnese for windows 11. You will likely need to purchase a license to use the OS. You will also not be able to install this if you do not have UEFI BIOS options, Windows 11 Will not run on Legacy BIOS. Windows 11 is a bloated disaster, so installing this on unsupported hardware is a BAD IDEA. But.. This is how to do it. See video for more details.ALSO: Microsoft is now blocking downloading if you are on a VPN or use any Encrypted DNS. You will need to share who you are to download windows.

Step 1: Download the Windows 11 ISO, Rufus, 7Zip

Step 2: Install Rufus and Update

Step 3: Install 7Zip and Update

Step 4: Go to the Dell Site and using the Video find the correct driver pack that most likely is the same generation as your laptop/desktop

Step 5: Download the Dell Driver pack

Step 6: Using 7zip extract the exe or the cab file to the local machine

Step 7: Using the video select the options to bypass TPM settings in Rufus

Step 8: Write the ISO to the USB Drive

Step 9: Open the USB Drive as browse, and copy over the drivers to the USB

STEP BY STEP ON INSTALLING MEDIA APPLICATIONS

Coming 4/10/25

Required Software OPTIONS

KODI

sudo apt install software-properties-commonsudo sh -c "echo 'deb http://ppa.launchpad.net/team-xbmc/ppa/ubuntu trusty main' >> /etc/apt/sources.list.d/team-xbmc-xbmc-stable-trusty.list"sudo apt-key adv --keyserver http://keyserver.ubuntu.com --recv-keys 189701DA570C56B9488EF60A6D975C4791E7EE5Esudo apt install kodisudo apt update

JellyFin

sudo curl https://repo.jellyfin.org/install-debuntu.sh | sudo bash

Plex (Requires SNAP)

How to Install Snap:
sudo mv /etc/apt/preferences.d/nosnap.pref ~/Documents/nosnap.backupsudo apt install snapdsudo reboot now

How to Install Plex:sudo snap install plex-desktop

MadSonic (Fails)

sudo apt install openjdk-8-jre
Download the Deb Package from the link above
cd Downloads
ls
sudo dpkg -i (Name of the madsonic package).debURL: http://localhost:4040

Emby

Download the Deb Package from the link above
cd Downloads
ls
sudo dpkg -i (Name of the emby Package).deb
Open a browser
http://localhost:8096

UMS

sudo apt-get install openjdk-8-jre
Download the gz file with the above link
cd to the Downloads locations
sudo tar -xvf ums-SOFTWARENAME.tar.gz -C /opt
cd to the opt folder
sudo mv /opt/ums-SOFTWARENAME /opt/ums
sudo ln -s /opt/ums /opt/ums
cd /opt/ums
ls
sudo ./UMS.sh
Configure by prompts when it pops up
http://localhost:/8080

Stremio

flatpak install flathub com.stremio.Stremio
flatpak run com.stremio.Stremio

The Generic Tech Support Youtube Channel

Do you need internal IT?

Welcome to the GenericTechSupport Youtube Channel

GenericTechSupport Ad Request

Advertise with GenericTechSupport

Request Ad-Time

GenericTechSupport Business Collaboration request

GenericTechSupport MSP Request

Have an Idea for a video?

Thank You