The Generic Tech Support Youtube Channel

Welcome to The GenericTechSupport YouTube Channel.This website is dedicated to delivering valuable insights, strategies, and updates tailored to technical support professionals, business managers, and small business owners.Our focus is on providing practical, actionable information that enhances your understanding of technology and its application in today’s business landscape.Our goal is to maintain transparency while offering expert guidance for those looking to navigate the complexities of technology.Please subscribe on our Youtube Channel for weekly updates.Or feel free to reach out with any inquiries, collaboration opportunities, or if you’re in need of a reliable IT managed service provider.

• Collaboration
• HIRE ME!
• Video Request
• Channel
• About TGO
• Sponsorship

• ← Back

Do you have an internal IT department but require the expertise of a senior engineer on a temporary basis?

One of the most significant challenges in IT is sourcing qualified engineering talent to address technical gaps as they arise.In many cases, it is unnecessary to hire a senior-level engineer for a full-time role when their expertise is only needed for advanced issues or temporary situations.Let GenericTechSupport provide the skilled support you need to fill that gap efficiently and cost-effectively.

• Contact-Us

• ← Back

Do you need internal IT?

Determining whether you need an internal IT department for your business depends on several factors, including the size of your business, the complexity of your technology needs, and your long-term goals. Here are a few considerations:1. Business Size and Growth: Small businesses with minimal IT infrastructure usually do not require a dedicated internal team, as outsourcing IT services can be more cost-effective.2. Technology Complexity: If your business does not rely heavily on complex systems, software, or data security, having an outsourced IT department can provide quick, tailored solutions for all businesses with simpler needs.3. Cost Efficiency: Internal IT departments come with overhead costs such as salaries, health insurance, training, and infrastructure. If your needs are more intermittent or specialized, outsourcing to GenericTechSupport may offer a more cost-effective solution without the burden of full-time staff.
Most outsourced IT will provide remote support at a fraction of the cost.4. Support Availability: Having an outsourced IT department allows for immediate emergency support. If your business operates in multiple locations or requires 24/7 support, an external remote team might be more suitable.
Ultimately, whether you need an internal IT department depends on your business’s specific needs and resources. GenericTechSupport can help you navigate a hybrid approach—keeping internal staff for day-to-day tasks while outsourcing specialized or high-level support as needed or a full remote approach
—going 100% outsourced.Please contact us for help!

• Contact-US

ISO LINKS

• Fedora-ISO
• Debian-ISO
• Win-DSKTP-ISO
• Win-SRVR-ISO
• MISC-LINUX-ISO

Freeware Links

• Windows Software
• Linux Software

Channel Wiki Links

• Fedora-WIKI
• Debian-WIKI
• Windows-Wiki
• Win-Server-Core
• Granite-XP

Video Links By Release Date

• Under Construction
• Integrals NEW Update XP - 4/3/25
• Modern Browsers on XP - 4/2/25
• Free Heat-Mapper 3/25/25
• How to RDP into Ubuntu/Mint - 3/18/25
• GarudaOS - Arch Gaming - 3/11/25
• Bazzite Gaming - 3/6/25
• CrossOver - ...EXE's on Debian - 3/4/25
• MInt Office Computer - 2/27/25
• RavenTalon - ..Config Breakdown 2/25/25
• NixOS - 2/20/25
• Happy Kalentines Day - 2/14/25
• Windows Apt Store - 2/12/25
• (Debian) Free-XP/Free-10 2/11/25
• Fedora 41 - 2/6/25
• High Level BASH Script - 1/7/25

Bonus Content

• Debian-10 2/21/25
• Q405 - Windows Quick Guide 2/21/25

In House Custom Project Specials

Latest Update: 4/1/25

• Granite XP Security Package 4/20/25

Welcome To Granite XP ALPHA

PROJECT SCOPE

The Granite XP Project is nothing more than a central repository for all security settings for XP to attempt to make XP as secure or more secure than Windows 11 with NIST based Policy Assigned.

This project started as a proof of concept Video. But slowly as I realized that people actually needed the updates and the configurations to build gaming rigs, or to use as a hobby system, the idea was planted to make an XP system that could "in theory" not only match security configuration set by Microsoft on Windows 10, but to exceed the security requirements based on NIST 800-171 2024 Standards.

This Page will Document the process, what the hold-up's have been and when the Granite Package will finally be released to the public.

Set Backs

I Got A Rock: One (Main Hold-Up)

Big Impact: unfortunately it appears that Microsoft has revoked the Certificate on Windows XP that is required for XP to trust it's own updates, this as a result has caused the update application Process to fail, and throw an error that the NESSUS Scan picks up as Ransomware, even though it's not.

I Got A Rock: Two (Secondary Hold-UP)

Big Impact: Since Microsoft Killed the Certificate trust, the 2019 Domain Controller that created the Trusted Updates and the NIST Policy used a self Signed Cert, Since the Domain Is Dead, and the Servers are long Gone I need to figure out how to fix the Certificate and HASH values on the Updates so that windows XP will update them and not false report Ransomware to Windows AV Applications.

BIG WINS

Windows Updates (LIST)

Coming SOON!

The Granite XP Package Includes over 1000 Windows updates for Windows XP From All versions in One easy to install Package

BIG WINS

Enabling POS For Later Update Support

[HKEYLOCALMACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001

Setting the SecEdit DB Location For Security

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit]
"LastUsedDatabase"="C:\WINDOWS\security\database\KB968930.sdb"
"TemplateUsed"="C:\WINDOWS\SECD5.tmp"
"EnvironmentVariables"=hex(7):25,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,\
25,00,00,00,25,00,55,00,73,00,65,00,72,00,50,00,72,00,6f,00,66,00,69,00,6c,\
00,65,00,25,00,00,00,25,00,41,00,6c,00,6c,00,55,00,73,00,65,00,72,00,73,00,\
50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,25,00,00,00,25,00,50,00,72,00,6f,\
00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,25,00,00,00,25,00,\
53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,00,00,25,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,00,65,00,25,00,\
00,00,25,00,54,00,65,00,6d,00,70,00,25,00,00,00,25,00,54,00,6d,00,70,00,25,\
00,00,00
"SetupCompDebugLevel"=dword:00000001
"DefaultTemplate"="C:\WINDOWS\inf\secrecs.inf"
"LastWinLogonConfig"=dword:5344fd3d

Setting Variables for Driver Signing

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Driver Signing/Policy]
"ValueType"=dword:00000003
"DisplayType"=dword:00000003
"DisplayName"="Devices: Unsigned driver installation behavior"
"DisplayChoices"=hex(7):30,00,7c,00,53,00,69,00,6c,00,65,00,6e,00,74,00,6c,00,\
79,00,20,00,73,00,75,00,63,00,63,00,65,00,65,00,64,00,20,00,00,00,31,00,7c,\
00,57,00,61,00,72,00,6e,00,20,00,62,00,75,00,74,00,20,00,61,00,6c,00,6c,00,\
6f,00,77,00,20,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,32,00,7c,00,44,00,6f,00,20,00,6e,00,6f,00,74,00,20,00,\
61,00,6c,00,6c,00,6f,00,77,00,20,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00

Disables Automatic Recovery

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Setup/RecoveryConsole/SecurityLevel]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Recovery console: Allow automatic administrative logon"

Disable Floppy Access to Drivers

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Setup/RecoveryConsole/SetCommand]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Recovery console: Allow floppy copy and access to all drives and all folders"

Restrict CD Access to Local Users Only

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateCDRoms]
"ValueType"=dword:00000001
"DisplayType"=dword:00000000
"DisplayName"="Devices: Restrict CD-ROM access to locally logged-on user only"

Define Only Admin Access to Eject Hardware

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateDASD]
"ValueType"=dword:00000001
"DisplayType"=dword:00000003
"DisplayName"="Devices: Allowed to format and eject removable media"
"DisplayChoices"=hex(7):30,00,7c,00,41,00,64,00,6d,00,69,00,6e,00,69,00,73,00,\
74,00,72,00,61,00,74,00,6f,00,72,00,73,00,00,00,31,00,7c,00,41,00,64,00,6d,\
00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,72,00,73,00,20,00,\
61,00,6e,00,64,00,20,00,50,00,6f,00,77,00,65,00,72,00,20,00,55,00,73,00,65,\
00,72,00,73,00,00,00,32,00,7c,00,41,00,64,00,6d,00,69,00,6e,00,69,00,73,00,\
74,00,72,00,61,00,74,00,6f,00,72,00,73,00,20,00,61,00,6e,00,64,00,20,00,49,\
00,6e,00,74,00,65,00,72,00,61,00,63,00,74,00,69,00,76,00,65,00,20,00,55,00,\
73,00,65,00,72,00,73,00,00,00,00,00

Local Admin Access Floppy Only

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateFloppies]
"ValueType"=dword:00000001
"DisplayType"=dword:00000000
"DisplayName"="Devices: Restrict floppy access to locally logged-on user only"

Cached Logons

SPECIAL NOTE: Since we don't have an active Domain Controller, Logons are not set to Cached, and not set to require a DC to work, as such this setting is an accepted Risk in workgroup Mode.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/CachedLogonsCount]
"ValueType"=dword:00000001
"DisplayType"=dword:00000001
"DisplayName"="Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
"DisplayUnit"="logons"

Cached Computer Accounts

SPECIAL NOTE: Since we don't have an active Domain Controller, Logons are not set to Cached, and not set to require a DC to work, as such this setting is an accepted Risk in workgroup Mode.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ForceUnlockLogon]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Interactive logon: Require Domain Controller authentication to unlock workstation"

Prompt Users to Change Passwords 4-Days In Advance

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/PasswordExpiryWarning]
"ValueType"=dword:00000004
"DisplayType"=dword:00000001
"DisplayName"="Interactive logon: Prompt user to change password before expiration"
"DisplayUnit"="days

Disable Smart Card Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ScRemoveOption]
"ValueType"=dword:00000001
"DisplayType"=dword:00000003
"DisplayName"="Interactive logon: Smart card removal behavior"
"DisplayChoices"=hex(7):30,00,7c,00,4e,00,6f,00,20,00,41,00,63,00,74,00,69,00,\
6f,00,6e,00,00,00,31,00,7c,00,4c,00,6f,00,63,00,6b,00,20,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,32,00,7c,00,46,00,\
6f,00,72,00,63,00,65,00,20,00,4c,00,6f,00,67,00,6f,00,66,00,66,00,00,00,00,\
00

Require Control+Alt+Del to Logon

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableCAD]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Interactive logon: Do not require CTRL+ALT+DEL"

Disable Display Last User Logon

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLastUserName]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Interactive logon: Do not display last user name"

Do Not Display Locked User Account Name

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Interactive logon: Display user information when the session is locked"
"DisplayChoices"=hex(7):31,00,7c,00,55,00,73,00,65,00,72,00,20,00,64,00,69,00,\
73,00,70,00,6c,00,61,00,79,00,20,00,6e,00,61,00,6d,00,65,00,2c,00,20,00,64,\
00,6f,00,6d,00,61,00,69,00,6e,00,20,00,61,00,6e,00,64,00,20,00,75,00,73,00,\
65,00,72,00,20,00,6e,00,61,00,6d,00,65,00,73,00,00,00,32,00,7c,00,55,00,73,\
00,65,00,72,00,20,00,64,00,69,00,73,00,70,00,6c,00,61,00,79,00,20,00,6e,00,\
61,00,6d,00,65,00,20,00,6f,00,6e,00,6c,00,79,00,00,00,33,00,7c,00,44,00,6f,\
00,20,00,6e,00,6f,00,74,00,20,00,64,00,69,00,73,00,70,00,6c,00,61,00,79,00,\
20,00,75,00,73,00,65,00,72,00,20,00,69,00,6e,00,66,00,6f,00,72,00,6d,00,61,\
00,74,00,69,00,6f,00,6e,00,00,00,00,00

Display Banner for Logon

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeCaption]
"ValueType"=dword:00000001
"DisplayType"=dword:00000002
"DisplayName"="Interactive logon: Message title for users attempting to log on"

Use Message Text for Logging on Users

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeText]
"ValueType"=dword:00000007
"DisplayType"=dword:00000004
"DisplayName"="Interactive logon: Message text for users attempting to log on"

Disable CAC Card Requirement

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ScForceOption]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Interactive logon: Require smart card"

Disable Shutdown without Logon

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ShutdownWithoutLogon]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Shutdown: Allow system to be shut down without having to log on"

Disable Undock without logon

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/UndockWithoutLogon]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Devices: Allow undock without having to log on"

Define Access to DCOM Users and Admins

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/SOFTWARE/policies/Microsoft/windows NT/DCOM/MachineAccessRestriction]
"ValueType"=dword:00000001
"DisplayType"=dword:00000002
"DisplayName"="DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax"

System Audit Event Configuration

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/AuditBaseObjects]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Audit: Audit the access of global system objects"

Shutdown System Immediately if Audit is disabled

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/CrashOnAuditFail]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Audit: Shut down system immediately if unable to log security audits"

Disable Domain Stored Credentials

SPECIAL NOTE: Since we don't have an active Domain Controller, Logons are set to disabled in Domain Passport Options, This would be enabled and Encrypted in a DC controlled system on Windows 10/11

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/DisableDomainCreds]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Network access: Do not allow storage of credentials or .NET Passports for network authentication"

Disable Allow Everyone Access to Shares

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/EveryoneIncludesAnonymous]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Network access: Let Everyone permissions apply to anonymous users"

Force FIPS 140-3 Encryption

SPECIAL NOTE: This was never an option in XP, and requries the Updates in the Configuration to work correctly. Failure to run updates will fail to secure this configuration.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"

Disable Windows Guest Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/ForceGuest]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Network access: Sharing and security model for local accounts"
"DisplayChoices"=hex(7):30,00,7c,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,\
20,00,2d,00,20,00,6c,00,6f,00,63,00,61,00,6c,00,20,00,75,00,73,00,65,00,72,\
00,73,00,20,00,61,00,75,00,74,00,68,00,65,00,6e,00,74,00,69,00,63,00,61,00,\
74,00,65,00,20,00,61,00,73,00,20,00,74,00,68,00,65,00,6d,00,73,00,65,00,6c,\
00,76,00,65,00,73,00,00,00,31,00,7c,00,47,00,75,00,65,00,73,00,74,00,20,00,\
6f,00,6e,00,6c,00,79,00,20,00,2d,00,20,00,6c,00,6f,00,63,00,61,00,6c,00,20,\
00,75,00,73,00,65,00,72,00,73,00,20,00,61,00,75,00,74,00,68,00,65,00,6e,00,\
74,00,69,00,63,00,61,00,74,00,65,00,20,00,61,00,73,00,20,00,47,00,75,00,65,\
00,73,00,74,00,00,00,00,00

Audit All Access to Shadow Copy Services

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/FullPrivilegeAuditing]
"ValueType"=dword:00000003
"DisplayType"=dword:00000000
"DisplayName"="Audit: Audit the use of Backup and Restore privilege"

Disable Blank Password Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/LimitBlankPasswordUse]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Accounts: Limit local account use of blank passwords to console logon only"

Set LANMAN Encryption Level to Windows 10

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/LmCompatibilityLevel]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Network security: LAN Manager authentication level"
"DisplayChoices"=hex(7):30,00,7c,00,53,00,65,00,6e,00,64,00,20,00,4c,00,4d,00,\
20,00,26,00,20,00,4e,00,54,00,4c,00,4d,00,20,00,72,00,65,00,73,00,70,00,6f,\
00,6e,00,73,00,65,00,73,00,00,00,31,00,7c,00,53,00,65,00,6e,00,64,00,20,00,\
4c,00,4d,00,20,00,26,00,20,00,4e,00,54,00,4c,00,4d,00,20,00,2d,00,20,00,75,\
00,73,00,65,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,00,20,00,73,00,65,00,\
73,00,73,00,69,00,6f,00,6e,00,20,00,73,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,69,00,66,00,20,00,6e,00,65,00,67,00,6f,00,74,00,69,00,61,00,\
74,00,65,00,64,00,00,00,32,00,7c,00,53,00,65,00,6e,00,64,00,20,00,4e,00,54,\
00,4c,00,4d,00,20,00,72,00,65,00,73,00,70,00,6f,00,6e,00,73,00,65,00,20,00,\
6f,00,6e,00,6c,00,79,00,00,00,33,00,7c,00,53,00,65,00,6e,00,64,00,20,00,4e,\
00,54,00,4c,00,4d,00,76,00,32,00,20,00,72,00,65,00,73,00,70,00,6f,00,6e,00,\
73,00,65,00,20,00,6f,00,6e,00,6c,00,79,00,00,00,34,00,7c,00,53,00,65,00,6e,\
00,64,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,00,20,00,72,00,65,00,73,00,\
70,00,6f,00,6e,00,73,00,65,00,20,00,6f,00,6e,00,6c,00,79,00,5c,00,72,00,65,\
00,66,00,75,00,73,00,65,00,20,00,4c,00,4d,00,00,00,35,00,7c,00,53,00,65,00,\
6e,00,64,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,00,20,00,72,00,65,00,73,\
00,70,00,6f,00,6e,00,73,00,65,00,20,00,6f,00,6e,00,6c,00,79,00,5c,00,72,00,\
65,00,66,00,75,00,73,00,65,00,20,00,4c,00,4d,00,20,00,26,00,20,00,4e,00,54,\
00,4c,00,4d,00,00,00,00,00

Set NTLM Security SSP Session

SPECIAL NOTE: Unfortunately this Key is Revoked by Microsoft As it was built under Windows 2019 Server. This is noted in the section above as a big issue, Uncertain if this will cause any other issues in the future.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinClientSec]
"ValueType"=dword:00000004
"DisplayType"=dword:00000005
"DisplayName"="Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"
"DisplayFlags"=hex(7):31,00,36,00,7c,00,52,00,65,00,71,00,75,00,69,00,72,00,65,\
00,20,00,6d,00,65,00,73,00,73,00,61,00,67,00,65,00,20,00,69,00,6e,00,74,00,\
65,00,67,00,72,00,69,00,74,00,79,00,00,00,33,00,32,00,7c,00,52,00,65,00,71,\
00,75,00,69,00,72,00,65,00,20,00,6d,00,65,00,73,00,73,00,61,00,67,00,65,00,\
20,00,63,00,6f,00,6e,00,66,00,69,00,64,00,65,00,6e,00,74,00,69,00,61,00,6c,\
00,69,00,74,00,79,00,00,00,35,00,32,00,34,00,32,00,38,00,38,00,7c,00,52,00,\
65,00,71,00,75,00,69,00,72,00,65,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,\
00,20,00,73,00,65,00,73,00,73,00,69,00,6f,00,6e,00,20,00,73,00,65,00,63,00,\
75,00,72,00,69,00,74,00,79,00,00,00,35,00,33,00,36,00,38,00,37,00,30,00,39,\
00,31,00,32,00,7c,00,52,00,65,00,71,00,75,00,69,00,72,00,65,00,20,00,31,00,\
32,00,38,00,2d,00,62,00,69,00,74,00,20,00,65,00,6e,00,63,00,72,00,79,00,70,\
00,74,00,69,00,6f,00,6e,00,00,00,00,00

Set NTLM Security SSP Session Minimum

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinServerSec]
"ValueType"=dword:00000004
"DisplayType"=dword:00000005
"DisplayName"="Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"
"DisplayFlags"=hex(7):31,00,36,00,7c,00,52,00,65,00,71,00,75,00,69,00,72,00,65,\
00,20,00,6d,00,65,00,73,00,73,00,61,00,67,00,65,00,20,00,69,00,6e,00,74,00,\
65,00,67,00,72,00,69,00,74,00,79,00,00,00,33,00,32,00,7c,00,52,00,65,00,71,\
00,75,00,69,00,72,00,65,00,20,00,6d,00,65,00,73,00,73,00,61,00,67,00,65,00,\
20,00,63,00,6f,00,6e,00,66,00,69,00,64,00,65,00,6e,00,74,00,69,00,61,00,6c,\
00,69,00,74,00,79,00,00,00,35,00,32,00,34,00,32,00,38,00,38,00,7c,00,52,00,\
65,00,71,00,75,00,69,00,72,00,65,00,20,00,4e,00,54,00,4c,00,4d,00,76,00,32,\
00,20,00,73,00,65,00,73,00,73,00,69,00,6f,00,6e,00,20,00,73,00,65,00,63,00,\
75,00,72,00,69,00,74,00,79,00,00,00,35,00,33,00,36,00,38,00,37,00,30,00,39,\
00,31,00,32,00,7c,00,52,00,65,00,71,00,75,00,69,00,72,00,65,00,20,00,31,00,\
32,00,38,00,2d,00,62,00,69,00,74,00,20,00,65,00,6e,00,63,00,72,00,79,00,70,\
00,74,00,69,00,6f,00,6e,00,00,00,00,00

Set Default System Owner to Administrators Accounts

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/NoDefaultAdminOwner]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="System objects: Default owner for objects created by members of the Administrators group"
"DisplayChoices"=hex(7):30,00,7c,00,41,00,64,00,6d,00,69,00,6e,00,69,00,73,00,\
74,00,72,00,61,00,74,00,6f,00,72,00,73,00,20,00,67,00,72,00,6f,00,75,00,70,\
00,00,00,31,00,7c,00,4f,00,62,00,6a,00,65,00,63,00,74,00,20,00,63,00,72,00,\
65,00,61,00,74,00,6f,00,72,00,00,00,00,00

Do not store UnEncrypted Passwords in Password Manager

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/NoLMHash]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Network security: Do not store LAN Manager hash value on next password change"

Do not allow Anonymous enumeration of SAM Accounts and Shares

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymous]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Network access: Do not allow anonymous enumeration of SAM accounts and shares"

Allow Server Operators to Modify Scheduled Tasks

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/SubmitControl]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain controller: Allow server operators to schedule tasks"

Allow Authenticated Users to Install Print Drivers (Print Nightmare Fix)

SPECIAL NOTE: While this fix may work on 10/11 It likely will not work on XP, but is required for the NESSUS Scanner

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Devices: Prevent users from installing printer drivers"

Secure and Encrypt System Shares

SPECIAL NOTE: WARNING!!! IF this System was added back to a domain, you need the STIG Fix for Hardened Security Path to access Domain Shares after this fix.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/SecurePipeServers/Winreg/AllowedPaths/Machine]
"ValueType"=dword:00000007
"DisplayType"=dword:00000004
"DisplayName"="Network access: Remotely accessible registry paths"

Forces Case Sensitive Access when Integrating UNIX/LINUX systems

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Session Manager/Kernel/ObCaseInsensitive]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="System objects: Require case insensitivity for non-Windows subsystems"

Do Not Clear System Page File on Boot

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Session Manager/Memory Management/ClearPageFileAtShutdown]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Shutdown: Clear virtual memory pagefile"

Force AES 265 Encryption on System Internal Objects

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Session Manager/ProtectionMode]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)"

Set Idle Lockout Time

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/AutoDisconnect]
"ValueType"=dword:00000004
"DisplayType"=dword:00000001
"DisplayName"="Microsoft network server: Amount of idle time required before suspending session"
"DisplayUnit"="minutes"

Set User Idle timeout action

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableForcedLogOff]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network server: Disconnect clients when logon hours expire"

Force Digital Signature on Communication

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableSecuritySignature]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network server: Digitally sign communications (if client agrees)"

Disable Anonymous Network Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionPipes]
"ValueType"=dword:00000007
"DisplayType"=dword:00000004
"DisplayName"="Network access: Named Pipes that can be accessed anonymously"

Disable Anonymous Share Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionShares]
"ValueType"=dword:00000007
"DisplayType"=dword:00000004
"DisplayName"="Network access: Shares that can be accessed anonymously"

Only Allow Signed Share Access

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RequireSecuritySignature]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network server: Digitally sign communications (always)"

Do Not Allow UnEncrypted Passwords on the network

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnablePlainTextPassword]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network client: Send unencrypted password to third-party SMB servers"

Do Not Allow Client to Disable Encrypted Communication

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnableSecuritySignature]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Microsoft network client: Digitally sign communications (if server agrees)"

Require All LDAP Communication be Encrypted

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LDAP/LDAPClientIntegrity]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Network security: LDAP client signing requirements"
"DisplayChoices"=hex(7):30,00,7c,00,4e,00,6f,00,6e,00,65,00,00,00,31,00,7c,00,\
4e,00,65,00,67,00,6f,00,74,00,69,00,61,00,74,00,65,00,20,00,73,00,69,00,67,\
00,6e,00,69,00,6e,00,67,00,00,00,32,00,7c,00,52,00,65,00,71,00,75,00,69,00,\
72,00,65,00,20,00,73,00,69,00,67,00,6e,00,69,00,6e,00,67,00,00,00,00,00

Require Passwords be 8 Characters Minimum and meet Compliance Standards of NIST

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/DisablePasswordChange]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Disable machine account password changes"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/MaximumPasswordAge]
"ValueType"=dword:00000004
"DisplayType"=dword:00000001
"DisplayName"="Domain member: Maximum machine account password age"
"DisplayUnit"="days"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RefusePasswordChange]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain controller: Refuse machine account password changes"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireSignOrSeal]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Digitally encrypt or sign secure channel data (always)"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Require strong (Windows 2000 or later) session key"

Force Secure Signing of Channel Data Required

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SealSecureChannel]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Digitally encrypt secure channel data (when possible)"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SignSecureChannel]
"ValueType"=dword:00000004
"DisplayType"=dword:00000000
"DisplayName"="Domain member: Digitally sign secure channel data (when possible)"[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/NTDS/Parameters/LDAPServerIntegrity]
"ValueType"=dword:00000004
"DisplayType"=dword:00000003
"DisplayName"="Domain controller: LDAP server signing requirements"
"DisplayChoices"=hex(7):31,00,7c,00,4e,00,6f,00,6e,00,65,00,00,00,32,00,7c,00,\
52,00,65,00,71,00,75,00,69,00,72,00,65,00,20,00,73,00,69,00,67,00,6e,00,69,\
00,6e,00,67,00,00,00,00,00

Force Google Chrome TLS 1.2 SSL 3.0

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN THIS VERSION OF CHROME, THIS REQUIRES ADDITIONAL SOFTWARE

[HKEYLOCALMACHINE\SOFTWARE\Policies\Google\Chrome]
"RemoteAccessHostFirewallTraversal"=dword:00000000
"DefaultPopupsSetting"=dword:00000002
"DefaultGeolocationSetting"=dword:00000002
"DefaultSearchProviderName"="Google Encrypted"
"DefaultSearchProviderEnabled"=dword:00000001
"PasswordManagerEnabled"=dword:00000000
"BackgroundModeEnabled"=dword:00000000
"SyncDisabled"=dword:00000001
"CloudPrintProxyEnabled"=dword:00000000
"MetricsReportingEnabled"=dword:00000000
"SearchSuggestEnabled"=dword:00000000
"ImportSavedPasswords"=dword:00000000
"IncognitoModeAvailability"=dword:00000001
"SavingBrowserHistoryDisabled"=dword:00000000
"AllowDeletingBrowserHistory"=dword:00000000
"PromptForDownloadLocation"=dword:00000001
"AutoplayAllowed"=dword:00000000
"SafeBrowsingExtendedReportingEnabled"=dword:00000000
"DefaultWebUsbGuardSetting"=dword:00000002
"ChromeCleanupEnabled"=dword:00000000
"ChromeCleanupReportingEnabled"=dword:00000000
"EnableMediaRouter"=dword:00000000
"UrlKeyedAnonymizedDataCollectionEnabled"=dword:00000000
"WebRtcEventLogCollectionAllowed"=dword:00000000
"NetworkPredictionOptions"=dword:00000002
"DeveloperToolsAvailability"=dword:00000002
"BrowserGuestModeEnabled"=dword:00000000
"AutofillCreditCardEnabled"=dword:00000000
"AutofillAddressEnabled"=dword:00000000
"ImportAutofillFormData"=dword:00000000
"SafeBrowsingProtectionLevel"=dword:00000001
"DefaultSearchProviderSearchURL"="https://www.google.com/search?q={searchTerms}"
"DownloadRestrictions"=dword:00000001
"DefaultWebBluetoothGuardSetting"=dword:00000002
"QuicAllowed"=dword:00000000
"EnableOnlineRevocationChecks"=dword:00000001
"SSLVersionMin"="tls1.2"

Windows 10 IE Standards

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel]
"History"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Download]
"RunInvalidSignatures"=dword:00000000
"CheckExeSignatures"="yes"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds]
"DisableEnclosureDownload"=dword:00000001
"AllowBasicAuthInClear"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\IEDevTools]
"Disabled"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"NotifyDisableIEOptions"=dword:00000000
"DisableEPMCompat"=dword:00000001
"Isolation64Bit"=dword:00000001
"Isolation"="PMEM"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREDISABLEMKPROTOCOL]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREMIMEHANDLING]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREMIMESNIFFING]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURERESTRICTACTIVEXINSTALL]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURERESTRICTFILEDOWNLOAD]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURESECURITYBAND]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREWINDOWRESTRICTIONS]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATUREZONEELEVATION]
"(Reserved)"="1"
"explorer.exe"="1"
"iexplore.exe"="1"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter]
"PreventOverride"=dword:00000001
"PreventOverrideAppRepUnknown"=dword:00000001
"EnabledV9"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy]
"ClearBrowsingHistoryOnExit"=dword:00000000
"CleanHistory"=dword:00000000
"EnableInPrivateBrowsing"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions]
"NoCrashDetection"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security]
"DisableSecuritySettingsCheck"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\ActiveX]
"BlockNonAdminActiveXInstall"=dword:00000001

Windows 10 MS EDGE Standards

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN THIS VERSION OF EDGE.

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings]
"PreventCertErrorOverrides"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main]
"FormSuggest Passwords"="no"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter]
"PreventOverrideAppRepUnknown"=dword:00000001

Set Hardware Sleep Timers

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Power][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51]
"DCSettingIndex"=dword:00000001
"ACSettingIndex"=dword:00000001

Set Internet Options and Internet Settings

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"Securityzonesmapedit"=dword:00000001
"Securityoptionsedit"=dword:00000001
"SecurityHKLMonly"=dword:00000001
"PreventIgnoreCertErrors"=dword:00000001
"CertificateRevocation"=dword:00000001
"WarnOnBadCertRecving"=dword:00000001
"EnableSSL3Fallback"=dword:00000000
"SecureProtocols"=dword:00000800[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones\0]
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones\1]
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones\2]
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LockdownZones\4]
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
"DaysToKeep"=dword:00000028[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"270C"=dword:00000000
"1C00"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"270C"=dword:00000000
"1201"=dword:00000003
"1C00"=dword:00010000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"270C"=dword:00000000
"1201"=dword:00000003
"1C00"=dword:00010000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1406"=dword:00000003
"1407"=dword:00000003
"1802"=dword:00000003
"2402"=dword:00000003
"120b"=dword:00000003
"120c"=dword:00000003
"1206"=dword:00000003
"2102"=dword:00000003
"1209"=dword:00000003
"2103"=dword:00000003
"2200"=dword:00000003
"270C"=dword:00000000
"1001"=dword:00000003
"1004"=dword:00000003
"2709"=dword:00000003
"2708"=dword:00000003
"160A"=dword:00000003
"1201"=dword:00000003
"1C00"=dword:00000000
"1804"=dword:00000003
"1A00"=dword:00010000
"1607"=dword:00000003
"2004"=dword:00000003
"2001"=dword:00000003
"1806"=dword:00000001
"1409"=dword:00000000
"2500"=dword:00000000
"2301"=dword:00000000
"1809"=dword:00000000
"1606"=dword:00000003
"2101"=dword:00000003
"140C"=dword:00000003[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"1406"=dword:00000003
"1400"=dword:00000003
"2000"=dword:00000003
"1407"=dword:00000003
"1802"=dword:00000003
"1803"=dword:00000003
"2402"=dword:00000003
"1608"=dword:00000003
"120b"=dword:00000003
"120c"=dword:00000003
"1206"=dword:00000003
"2102"=dword:00000003
"1209"=dword:00000003
"2103"=dword:00000003
"2200"=dword:00000003
"270C"=dword:00000000
"1001"=dword:00000003
"1004"=dword:00000003
"2709"=dword:00000003
"2708"=dword:00000003
"160A"=dword:00000003
"1201"=dword:00000003
"1C00"=dword:00000000
"1804"=dword:00000003
"1A00"=dword:00030000
"1607"=dword:00000003
"2004"=dword:00000003
"1200"=dword:00000003
"1405"=dword:00000003
"1402"=dword:00000003
"1806"=dword:00000003
"1409"=dword:00000000
"2500"=dword:00000000
"2301"=dword:00000000
"1809"=dword:00000000
"1606"=dword:00000003
"2101"=dword:00000003
"2001"=dword:00000003
"140C"=dword:00000003

Set Windows 10 IPSec Security policy Variables

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecFilter"
"description"="Matches all ICMP packets between this computer and any other computer."
"name"="ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
"ipsecName"="All ICMP Traffic"
"ipsecID"="{72385235-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b5,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,52,00,00,00,01,\
00,00,00,02,00,00,00,00,00,02,00,00,00,00,00,0a,00,00,00,49,00,43,00,4d,00,\
50,00,00,00,e0,0e,bc,51,00,8b,06,46,8f,03,6d,3b,4c,45,5e,ff,01,00,00,00,00,\
00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,4e,00,46,00,41,00,7b,00,39,00,37,00,39,00,62,00,39,00,61,00,39,\
00,34,00,2d,00,31,00,37,00,62,00,62,00,2d,00,34,00,31,00,34,00,39,00,2d,00,\
61,00,64,00,36,00,62,00,2d,00,64,00,38,00,64,00,34,00,64,00,31,00,32,00,62,\
00,33,00,64,00,66,00,61,00,7d,00,00,00,53,00,4f,00,46,00,54,00,57,00,41,00,\
52,00,45,00,5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,\
64,00,6f,00,77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,\
00,6c,00,69,00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,\
70,00,73,00,65,00,63,00,4e,00,46,00,41,00,7b,00,61,00,34,00,61,00,61,00,31,\
00,36,00,34,00,30,00,2d,00,31,00,63,00,66,00,64,00,2d,00,34,00,63,00,30,00,\
35,00,2d,00,38,00,34,00,64,00,37,00,2d,00,36,00,33,00,39,00,34,00,64,00,38,\
00,32,00,30,00,62,00,36,00,38,00,38,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecFilter"
"description"="Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE)."
"name"="ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
"ipsecName"="All IP Traffic"
"ipsecID"="{7238523a-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b5,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,4a,00,00,00,01,\
00,00,00,02,00,00,00,00,00,02,00,00,00,00,00,02,00,00,00,00,00,10,4f,8e,d5,\
ca,d5,cc,42,82,d6,af,d5,f8,d3,e8,1b,01,00,00,00,00,00,00,00,ff,ff,ff,ff,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,4e,00,46,00,41,00,7b,00,37,00,30,00,33,00,61,00,30,00,66,00,63,\
00,62,00,2d,00,62,00,35,00,65,00,39,00,2d,00,34,00,32,00,34,00,37,00,2d,00,\
39,00,32,00,65,00,65,00,2d,00,32,00,32,00,30,00,64,00,33,00,38,00,37,00,64,\
00,31,00,30,00,33,00,30,00,7d,00,00,00,53,00,4f,00,46,00,54,00,57,00,41,00,\
52,00,45,00,5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,\
64,00,6f,00,77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,\
00,6c,00,69,00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,\
70,00,73,00,65,00,63,00,4e,00,46,00,41,00,7b,00,38,00,38,00,31,00,38,00,31,\
00,36,00,62,00,39,00,2d,00,35,00,33,00,64,00,30,00,2d,00,34,00,61,00,64,00,\
61,00,2d,00,62,00,33,00,39,00,63,00,2d,00,62,00,34,00,30,00,65,00,39,00,35,\
00,37,00,64,00,34,00,34,00,33,00,37,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385231-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b8,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,40,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,\
00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,80,70,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,50,00,6f,00,6c,00,69,00,63,00,79,00,7b,00,37,00,32,00,33,00,38,\
00,35,00,32,00,33,00,30,00,2d,00,37,00,30,00,66,00,61,00,2d,00,31,00,31,00,\
64,00,31,00,2d,00,38,00,36,00,34,00,63,00,2d,00,31,00,34,00,61,00,33,00,30,\
00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385234-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b8,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,40,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,\
00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,80,70,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}"
"ipsecID"="{72385237-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b8,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,40,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,\
00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,80,70,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,50,00,6f,00,6c,00,69,00,63,00,79,00,7b,00,37,00,32,00,33,00,38,\
00,35,00,32,00,33,00,36,00,2d,00,37,00,30,00,66,00,61,00,2d,00,31,00,31,00,\
64,00,31,00,2d,00,38,00,36,00,34,00,63,00,2d,00,31,00,34,00,61,00,33,00,30,\
00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}"
"ipsecID"="{7238523d-70fa-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b8,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,40,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,\
00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,80,70,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,80,70,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,50,00,6f,00,6c,00,69,00,63,00,79,00,7b,00,37,00,32,00,33,00,38,\
00,35,00,32,00,33,00,63,00,2d,00,37,00,30,00,66,00,61,00,2d,00,31,00,31,00,\
64,00,31,00,2d,00,38,00,36,00,34,00,63,00,2d,00,31,00,34,00,61,00,33,00,30,\
00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{582b2f50-c50e-4fc4-a1ed-e12d52b6f308}]
"ClassName"="ipsecNegotiationPolicy"
"name"="ipsecNegotiationPolicy{582b2f50-c50e-4fc4-a1ed-e12d52b6f308}"
"ipsecID"="{582b2f50-c50e-4fc4-a1ed-e12d52b6f308}"
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b9,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,e4,01,00,00,06,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,03,00,\
00,00,02,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,\
00,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,02,00,00,00,00,00,00,\
00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,\
00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00
"whenChanged"=dword:660f142b
"ipsecOwnersReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,\
5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,\
00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,\
00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,\
65,00,63,00,4e,00,46,00,41,00,7b,00,35,00,38,00,64,00,35,00,63,00,38,00,64,\
00,62,00,2d,00,34,00,33,00,35,00,35,00,2d,00,34,00,32,00,61,00,65,00,2d,00,\
61,00,33,00,32,00,65,00,2d,00,35,00,38,00,31,00,36,00,33,00,30,00,36,00,32,\
00,39,00,34,00,63,00,61,00,7d,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecNegotiationPolicy"
"description"="Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request."
"name"="ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}"
"ipsecName"="Request Security (Optional)"
"ipsecID"="{72385233-70fa-11d1-864c-14a300000000}"
"ipsecNegotiationPolicyAction"="{3f91a81a-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:b9,20,dc,80,c8,2e,d1,11,a8,9e,00,a0,24,8d,30,21,94,01,00,00,05,\
00,00,00,84,03,00,00,a0,86,01,00,00,00,00,00,00,00,00,00,01,00,00,00,03,00,\
00,00,02,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,84,03,00,00,a0,86,01,00,00,00,00,00,00,00,00,00,01,\
00,00,00,01,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,2c,01,00,00,a0,86,01,0

Set Windows 10 Network Security Variables

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection]
"DeviceEnumerationPolicy"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation]
"AllowInsecureGuestAuth"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\NetCache][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NCShowSharedAccessUI"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider][HKEYLOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\SYSVOL"="RequireMutualAuthentication=1,RequireIntegrity=1"
"\\\NETLOGON"="RequireMutualAuthentication=1,RequireIntegrity=1"

Disable Lock Screen Camera and Slide-Show

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization]
"NoLockScreenCamera"=dword:00000001
"NoLockScreenSlideshow"=dword:00000001

Lock Down Powershell Commands

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN THIS VERSION OF POWERSHELL THIS COMMAND IS STRICTLY FOR NESSUS

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging]
"EnableScriptBlockLogging"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription]
"EnableTranscripting"=dword:00000001
"OutputDirectory"="C:\ProgramData\PS_Transcript"

Set Known Software Restriction Policies (Windows 11)

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN THIS VERSION OF CODEIDENTIFIERS POLICY SETTINGS, THESE UPDATES WILL NOT OFFICIALLY WORK

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"ExecutableTypes"=hex(7):41,00,44,00,45,00,00,00,41,00,44,00,50,00,00,00,42,00,\
41,00,53,00,00,00,42,00,41,00,54,00,00,00,43,00,48,00,4d,00,00,00,43,00,4d,\
00,44,00,00,00,43,00,4f,00,4d,00,00,00,43,00,50,00,4c,00,00,00,43,00,52,00,\
54,00,00,00,45,00,58,00,45,00,00,00,48,00,4c,00,50,00,00,00,48,00,54,00,41,\
00,00,00,49,00,4e,00,46,00,00,00,49,00,4e,00,53,00,00,00,49,00,53,00,50,00,\
00,00,4c,00,4e,00,4b,00,00,00,4d,00,44,00,42,00,00,00,4d,00,44,00,45,00,00,\
00,4d,00,53,00,43,00,00,00,4d,00,53,00,49,00,00,00,4d,00,53,00,50,00,00,00,\
4d,00,53,00,54,00,00,00,4f,00,43,00,58,00,00,00,50,00,43,00,44,00,00,00,50,\
00,49,00,46,00,00,00,52,00,45,00,47,00,00,00,53,00,43,00,52,00,00,00,53,00,\
48,00,53,00,00,00,55,00,52,00,4c,00,00,00,56,00,42,00,00,00,57,00,53,00,43,\
00,00,00,00,00
"TransparentEnabled"=dword:00000001
"DefaultLevel"=dword:00040000
"AuthenticodeEnabled"=dword:00000000
"PolicyScope"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{349d35ab-37b5-462f-9b89-edd5fbde1328}]
"Description"="Stop the download of this file"
"FriendlyName"="Mdac11.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:5e,ab,30,4f,95,7a,49,89,6a,00,6c,1c,31,15,40,15
"LastModified"=hex(b):85,c4,34,dc,19,a2,c2,01
"ItemSize"=hex(b):0b,03,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}]
"Description"="Stop the download of this file"
"FriendlyName"="mdac20.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:67,b0,d4,8b,34,3a,3f,d3,bc,e9,dc,64,67,04,f3,94
"LastModified"=hex(b):03,8a,39,dc,19,a2,c2,01
"ItemSize"=hex(b):05,02,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}]
"Description"="Stop the download of this file"
"FriendlyName"="mdac20a.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:32,78,02,dc,fe,f8,c8,93,dc,8a,b0,06,dd,84,7d,1d
"LastModified"=hex(b):be,77,45,dc,19,a2,c2,01
"ItemSize"=hex(b):96,03,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{94e3e076-8f53-42a5-8411-085bcc18a68d}]
"Description"="Stop the download of this file"
"FriendlyName"="msadc10.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:bd,9a,2a,db,42,eb,d8,56,0e,25,0e,4d,f8,16,2f,67
"LastModified"=hex(b):81,4f,3e,dc,19,a2,c2,01
"ItemSize"=hex(b):e5,00,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}]
"Description"="Stop the download of this file"
"FriendlyName"="msadc11.cab"
"SaferFlags"=dword:00000000
"HashAlg"=dword:00008003
"ItemData"=hex:38,6b,08,5f,84,ec,f6,69,d3,6b,95,6a,22,c0,1e,80
"LastModified"=hex(b):40,b2,40,dc,19,a2,c2,01
"ItemSize"=hex(b):72,01,00,00,00,00,00,00[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths][HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths{dda3f824-d8cb-441b-834d-be2efd2c1a33}]
"Description"=""
"SaferFlags"=dword:00000000
"ItemData"=hex(2):25,00,48,00,4b,00,45,00,59,00,5f,00,43,00,55,00,52,00,52,00,\
45,00,4e,00,54,00,5f,00,55,00,53,00,45,00,52,00,5c,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,43,00,75,\
00,72,00,72,00,65,00,6e,00,74,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,\
5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,53,00,68,00,65,\
00,6c,00,6c,00,20,00,46,00,6f,00,6c,00,64,00,65,00,72,00,73,00,5c,00,43,00,\
61,00,63,00,68,00,65,00,25,00,4f,00,4c,00,4b,00,2a,00,00,00
"LastModified"=hex(b):de,ce,61,cf,d2,86,da,01

Enable Smart Screen Settings for Windows XP (Windows 11)

SPECIAL NOTE: WARNING!!! WINDOWS XP WAS NEVER DESIGNED TO RUN SMART SCREEN VARIABLES LIKE THIS. THIS CHANGE CUSTOMIZES THE SECURITY SETTINGS ON XP

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"DontDisplayNetworkSelectionUI"=dword:00000001
"EnumerateLocalUsers"=dword:00000000
"EnableSmartScreen"=dword:00000001
"ShellSmartScreenLevel"="Block"
"AllowDomainPINLogon"=dword:00000000
"EnableLogonOptimization"=dword:00000001
"SyncModeSlowLinkThreshold"=dword:000001f4
"SyncModeNoDCThreshold"=dword:00001388

Secure Windows RDS Services (TERMINAL SERVICES)

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"fDisableAutoReconnect"=dword:00000001
"fDenyTSConnections"=dword:00000000
"fDisableForcibleLogoff"=dword:00000001
"KeepAliveEnable"=dword:00000000
"MaxInstanceCount"=dword:00000001
"SelectTransport"=dword:00000001
"fSingleSessionPerUser"=dword:00000001
"fAllowUnlistedRemotePrograms"=dword:00000000
"SecurityLayer"=dword:00000000
"UserAuthentication"=dword:00000001
"fAllowToGetHelp"=dword:00000000
"DisablePasswordSaving"=dword:00000001
"fDisableCdm"=dword:00000001
"fPromptForPassword"=dword:00000001
"fEncryptRPCTraffic"=dword:00000001
"MinEncryptionLevel"=dword:00000003[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\AllUserInstallAgent]
"LogonWaitForPackageRegistration"=dword:00000000

Secure Windows Firewall

SPECIAL NOTE: For Obvious Reasons, we can't secure Firewall settings for your home network, however they are configured through SecEdit to match basic requirements.

[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion"=dword:0000021d[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000001
"DefaultOutboundAction"=dword:00000000
"DefaultInboundAction"=dword:00000001
"DisableNotifications"=dword:00000000
"AllowLocalPolicyMerge"=dword:00000001
"AllowLocalIPsecPolicyMerge"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"{30B550DB-C4B8-4A44-A383-D1C7ED13AAE2}"="v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=43389|Name=AllowCustomRDP|"
"{0B7F479C-F8C6-4850-A763-1C2C9B1FE520}"="v2.28|Action=Block|Active=TRUE|Dir=In|Protocol=6|LPort=3389|Name=DenyDefaultRDP|"[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall"=dword:00000001
"DefaultOutboundAction"=dword:00000000
"DefaultInboundAction"=dword:00000001
"DisableNotifications"=dword:00000000
"AllowLocalPolicyMerge"=dword:00000001
"AllowLocalIPsecPolicyMerge"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall"=dword:00000001
"DefaultOutboundAction"=dword:00000000
"DefaultInboundAction"=dword:00000001
"DisableNotifications"=dword:00000000
"AllowLocalPolicyMerge"=dword:00000001
"AllowLocalIPsecPolicyMerge"=dword:00000001

Locking Down Firefox Configurations

[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla][HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox]
"SSLVersionMin"="tls1.2"
"ExtensionUpdate"=dword:00000000
"DisableFormHistory"=dword:00000001
"PasswordManagerEnabled"=dword:00000000
"DisableTelemetry"=dword:00000001
"DisableDeveloperTools"=dword:00000001
"DisableForgetButton"=dword:00000001
"DisablePrivateBrowsing"=dword:00000001
"SearchSuggestEnabled"=dword:00000000
"NetworkPrediction"=dword:00000000
"DisableFirefoxAccounts"=dword:00000001
"DisableFeedbackCommands"=dword:00000001
"Preferences"=hex(7):7b,00,00,00,20,00,20,00,22,00,73,00,65,00,63,00,75,00,72,\
00,69,00,74,00,79,00,2e,00,64,00,65,00,66,00,61,00,75,00,6c,00,74,00,5f,00,\
70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,5f,00,63,00,65,00,72,00,74,\
00,22,00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,56,00,61,00,\
6c,00,75,00,65,00,22,00,3a,00,20,00,22,00,41,00,73,00,6b,00,20,00,45,00,76,\
00,65,00,72,00,79,00,20,00,54,00,69,00,6d,00,65,00,22,00,2c,00,00,00,20,00,\
20,00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,22,00,3a,00,20,\
00,22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,00,20,00,7d,00,\
2c,00,00,00,20,00,20,00,22,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,2e,\
00,73,00,65,00,61,00,72,00,63,00,68,00,2e,00,75,00,70,00,64,00,61,00,74,00,\
65,00,22,00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,56,00,61,\
00,6c,00,75,00,65,00,22,00,3a,00,20,00,66,00,61,00,6c,00,73,00,65,00,2c,00,\
00,00,20,00,20,00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,22,\
00,3a,00,20,00,22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,00,\
20,00,7d,00,2c,00,00,00,20,00,20,00,22,00,64,00,6f,00,6d,00,2e,00,64,00,69,\
00,73,00,61,00,62,00,6c,00,65,00,5f,00,77,00,69,00,6e,00,64,00,6f,00,77,00,\
5f,00,6d,00,6f,00,76,00,65,00,5f,00,72,00,65,00,73,00,69,00,7a,00,65,00,22,\
00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,56,00,61,00,6c,00,\
75,00,65,00,22,00,3a,00,20,00,74,00,72,00,75,00,65,00,2c,00,00,00,20,00,20,\
00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,22,00,3a,00,20,00,\
22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,00,20,00,7d,00,2c,\
00,00,00,20,00,20,00,22,00,64,00,6f,00,6d,00,2e,00,64,00,69,00,73,00,61,00,\
62,00,6c,00,65,00,5f,00,77,00,69,00,6e,00,64,00,6f,00,77,00,5f,00,66,00,6c,\
00,69,00,70,00,22,00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,\
56,00,61,00,6c,00,75,00,65,00,22,00,3a,00,20,00,74,00,72,00,75,00,65,00,2c,\
00,00,00,20,00,20,00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,\
22,00,3a,00,20,00,22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,\
00,20,00,7d,00,2c,00,00,00,20,00,20,00,20,00,22,00,62,00,72,00,6f,00,77,00,\
73,00,65,00,72,00,2e,00,63,00,6f,00,6e,00,74,00,65,00,6e,00,74,00,62,00,6c,\
00,6f,00,63,00,6b,00,69,00,6e,00,67,00,2e,00,63,00,61,00,74,00,65,00,67,00,\
6f,00,72,00,79,00,22,00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,\
00,56,00,61,00,6c,00,75,00,65,00,22,00,3a,00,20,00,22,00,73,00,74,00,72,00,\
69,00,63,00,74,00,22,00,2c,00,00,00,20,00,20,00,20,00,20,00,22,00,53,00,74,\
00,61,00,74,00,75,00,73,00,22,00,3a,00,20,00,22,00,6c,00,6f,00,63,00,6b,00,\
65,00,64,00,22,00,00,00,20,00,20,00,7d,00,2c,00,00,00,20,00,20,00,22,00,65,\
00,78,00,74,00,65,00,6e,00,73,00,69,00,6f,00,6e,00,73,00,2e,00,68,00,74,00,\
6d,00,6c,00,61,00,62,00,6f,00,75,00,74,00,61,00,64,00,64,00,6f,00,6e,00,73,\
00,2e,00,72,00,65,00,63,00,6f,00,6d,00,6d,00,65,00,6e,00,64,00,61,00,74,00,\
69,00,6f,00,6e,00,73,00,2e,00,65,00,6e,00,61,00,62,00,6c,00,65,00,64,00,22,\
00,3a,00,20,00,7b,00,00,00,20,00,20,00,20,00,20,00,22,00,56,00,61,00,6c,00,\
75,00,65,00,22,00,3a,00,20,00,66,00,61,00,6c,00,73,00,65,00,2c,00,00,00,20,\
00,20,00,20,00,20,00,22,00,53,00,74,00,61,00,74,00,75,00,73,00,22,00,3a,00,\
20,00,22,00,6c,00,6f,00,63,00,6b,00,65,00,64,00,22,00,00,00,20,00,20,00,7d,\
00,00,00,7d,00,00,00,00,00
"DisablePocket"=dword:00000001
"DisableFirefoxStudies"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\Certificates]
"ImportEnterpriseRoots"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\DisabledCiphers]
"TLSRSAWITH3DESEDECBCSHA"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\EnableTrackingProtection]
"Fingerprinting"=dword:00000001
"Cryptomining"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\EncryptedMediaExtensions]
"Enabled"=dword:00000000
"Locked"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\FirefoxHome]
"Search"=dword:00000000
"TopSites"=dword:00000000
"SponsoredTopSites"=dword:00000000
"Highlights"=dword:00000000
"Pocket"=dword:00000000
"SponsoredPocket"=dword:00000000
"Snippets"=dword:00000000
"Locked"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\InstallAddonsPermission]
"Default"=dword:00000000[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\Permissions][HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\Permissions\Autoplay]
"Default"="block-audio-video"[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\PopupBlocking]
"Default"=dword:00000001
"Locked"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\PopupBlocking\Allow]
"1"=".mil"
"2"=".gov"[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\SanitizeOnShutdown]
"Cache"=dword:00000000
"Cookies"=dword:00000000
"Downloads"=dword:00000000
"FormData"=dword:00000000
"History"=dword:00000000
"Sessions"=dword:00000000
"SiteSettings"=dword:00000000
"OfflineApps"=dword:00000000
"Locked"=dword:00000001[HKEYLOCALMACHINE\SOFTWARE\Policies\Mozilla\Firefox\UserMessaging]
"ExtensionRecommendations"=dword:00000000

Disable Remote Registry Anonymous access

[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Description"="Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start."
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"DisplayName"="Remote Registry"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"ObjectName"="NT AUTHORITY\LocalService"
"Group"=""
"Start"=dword:00000004
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\
00,01,00,00,00,e8,03,00,00
"DependOnGroup"=hex(7):00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,65,00,67,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum]
"0"="Root\LEGACY_REMOTEREGISTRY\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Disable MIcrosoft Remote Access Help on XP

[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Routing and Remote Access"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,53,00,00,00,00,00
"DependOnGroup"=hex(7):4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="Offers routing services to businesses in local area and wide area network environments."
@=""[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers]
"ActiveProvider"="{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"="{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}"
"DisplayName"="RADIUS Accounting"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,72,00,61,00,64,00,2e,00,64,00,6c,00,6c,00,00,00
"ProviderTypeGUID"="{76560D80-2BFD-11d2-9539-3078302C2030}"
"VendorName"="Microsoft"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"=""
"DisplayName"="Windows Accounting"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00
"ProviderTypeGUID"="{76560D81-2BFD-11d2-9539-3078302C2030}"
"VendorName"="Microsoft"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers]
"ActiveProvider"="{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"="{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}"
"DisplayName"="RADIUS Authentication"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,72,00,61,00,64,00,2e,00,64,00,6c,00,6c,00,00,00
"VendorName"="Microsoft"
"ProviderTypeGUID"="{76560D00-2BFD-11d2-9539-3078302C2030}"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"=""
"DisplayName"="Windows Authentication"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00
"VendorName"="Microsoft"
"ProviderTypeGUID"="{76560D01-2BFD-11d2-9539-3078302C2030}"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\DemandDialManager]
"DllPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,\
00,70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces]
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0]
"InterfaceName"="Loopback"
"Type"=dword:00000005
"Enabled"=dword:00000001
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1]
"InterfaceName"="Internal"
"Type"=dword:00000004
"Enabled"=dword:00000001
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2]
"InterfaceName"="{029DC097-8FC0-475C-BEB2-112AEB62D7A0}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters]
"RouterType"=dword:00000001
"ServerFlags"=dword:00002702
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6d,00,70,00,72,00,64,00,69,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AppleTalk]
"EnableIn"=dword:00000001[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ip]
"AllowClientIpAddresses"=dword:00000000
"AllowNetworkAccess"=dword:00000001
"EnableIn"=dword:00000001
"IpAddress"="0.0.0.0"
"IpMask"="0.0.0.0"
"UseDhcpAddressing"=dword:00000001[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ipx]
"EnableIn"=dword:00000001
"AcceptRemoteNodeNumber"=dword:00000001
"AllowNetworkAccess"=dword:00000001
"AutoWanNetAllocation"=dword:00000001
"FirstWanNet"=dword:00000000
"GlobalWanNet"=dword:00000001
"LastWanNet"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Nbf]
"EnableIn"=dword:00000001
"AllowNetworkAccess"=dword:00000001[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]
"Open"="OpenRasPerformanceData"
"Close"="CloseRasPerformanceData"
"Collect"="CollectRasPerformanceData"
"Library"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,\
00,61,00,73,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"Last Counter"=dword:00000804
"Last Help"=dword:00000805
"First Counter"=dword:000007de
"First Help"=dword:000007df
"WbemAdapFileSignature"=hex:b0,b0,d7,90,5a,c7,1b,c2,78,f1,7f,45,5e,18,26,11
"WbemAdapFileTime"=hex:00,a0,a1,10,27,9e,c8,01
"WbemAdapFileSize"=dword:00002e00
"WbemAdapStatus"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy]
"ProductDir"="C:\WINDOWS\system32\IAS"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\01]
@="IAS.ProxyPolicyEnforcer"
"Requests"="0 1 2"
"Responses"="0 1 2 3 4"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\02]
@="IAS.NTSamNames"
"Providers"="1"
"Requests"="0"
"Responses"="0 1 3"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\03]
@="IAS.BaseCampHost"
"Requests"="0 1"
"Responses"="0 1 2 4"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\04]
@="IAS.RadiusProxy"
"Providers"="2"
"Responses"="0"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\05]
@="IAS.NTSamAuthentication"
"Providers"="1"
"Requests"="0"
"Responses"="0"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\06]
@="IAS.AccountValidation"
"Providers"="1"
"Requests"="0"
"Responses"="0 1"
"Reasons"="33"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\07]
@="IAS.PolicyEnforcer"
"Providers"="1"
"Requests"="0"
"Responses"="0 1 3"
"Reasons"="33"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\08]
@="IAS.NTSamPerUser"
"Providers"="1"
"Requests"="0"
"Responses"="0 1 3"
"Reasons"="33"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\09]
@="IAS.EAP"
"Providers"="1"
"Requests"="0 2"
"Responses"="0"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\10]
@="IAS.URHandler"
"Providers"="0 1"
"Requests"="0 2"
"Responses"="0 1"
"Reasons"="33"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\11]
@="IAS.ChangePassword"
"Providers"="1"
"Requests"="0"
"Responses"="0 1"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\12]
@="IAS.AuthorizationHost"
"Requests"="0 1 2"
"Responses"="0 1 2 4"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\13]
@="IAS.Accounting"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\14]
@="IAS.MSChapErrorReporter"
"Providers"="0 1"
"Requests"="0"
"Responses"="2"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers]
"Stamp"=dword:00000000[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip]
"ProtocolId"=dword:00000021
"GlobalInfo"=hex:01,00,00,00,80,00,00,00,02,00,00,00,03,00,ff,ff,08,00,00,00,\
01,00,00,00,30,00,00,00,06,00,ff,ff,3c,00,00,00,01,00,00,00,38,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,07,00,00,00,02,00,00,00,01,00,00,00,03,00,\
00,00,0a,00,00,00,16,27,00,00,03,00,00,00,17,27,00,00,05,00,00,00,12,27,00,\
00,07,00,00,00,0d,00,00,00,6e,00,00,00,08,00,00,00,78,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"DLLPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\
00,70,00,72,00,74,00,72,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

Secure Terminal Access RDP

[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console\RDP]
"CdClass"=dword:00000000
"CdDLL"=""
"CdFlag"=dword:00000000
"CdName"=""
"CfgDll"="RDPCFGEX.DLL"
"InteractiveDelay"=dword:00000032
"OutBufDelay"=dword:00000064
"PdClass"=dword:00000002
"PdDLL"="tdtcp"
"PdFlag"=dword:0000004e
"PdName"="tcp"
"WdDLL"="rdpwd"
"WdFlag"=dword:00000034
"WdName"="Microsoft RDP 5.1"
"WdPrefix"="RDP"
"WsxDLL"="rdpwsx"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"CfgDll"="RDPCFGEX.DLL"
"fEnableWinStation"=dword:00000001
"MaxInstanceCount"=dword:ffffffff
"PdName"="tcp"
"PdClass"=dword:00000002
"PdDLL"="tdtcp"
"PdFlag"=dword:0000004e
"OutBufLength"=dword:00000212
"OutBufCount"=dword:00000006
"OutBufDelay"=dword:00000064
"InteractiveDelay"=dword:00000032
"PortNumber"=dword:0000a97d
"KeepAliveTimeout"=dword:00000000
"LanAdapter"=dword:00000000
"WdName"="Microsoft RDP 5.1"
"WdDLL"="rdpwd"
"WsxDLL"="rdpwsx"
"WdFlag"=dword:00000036
"InputBufferLength"=dword:00000800
"CdClass"=dword:00000000
"CdName"=""
"CdDLL"=""
"CdFlag"=dword:00000000
"Comment"=""
"fInheritAutoLogon"=dword:00000001
"fInheritResetBroken"=dword:00000001
"fInheritReconnectSame"=dword:00000001
"fInheritInitialProgram"=dword:00000001
"fInheritCallback"=dword:00000000
"fInheritCallbackNumber"=dword:00000001
"fInheritShadow"=dword:00000001
"fInheritMaxSessionTime"=dword:00000001
"fInheritMaxDisconnectionTime"=dword:00000001
"fInheritMaxIdleTime"=dword:00000001
"fInheritAutoClient"=dword:00000001
"fInheritSecurity"=dword:00000000
"fInheritColorDepth"=dword:00000000
"fPromptForPassword"=dword:00000000
"fResetBroken"=dword:00000000
"fReconnectSame"=dword:00000000
"fLogonDisabled"=dword:00000000
"fAutoClientDrives"=dword:00000001
"fAutoClientLpts"=dword:00000001
"fForceClientLptDef"=dword:00000001
"fDisableEncryption"=dword:00000001
"fHomeDirectoryMapRoot"=dword:00000000
"fUseDefaultGina"=dword:00000000
"fDisableCpm"=dword:00000000
"fDisableCdm"=dword:00000000
"fDisableCcm"=dword:00000000
"fDisableLPT"=dword:00000000
"fDisableClip"=dword:00000000
"fDisableExe"=dword:00000000
"fDisableCam"=dword:00000000
"Username"=""
"Domain"=""
"Password"=""
"WorkDirectory"=""
"InitialProgram"=""
"CallbackNumber"=""
"Callback"=dword:00000000
"Shadow"=dword:00000001
"MaxConnectionTime"=dword:00000000
"MaxDisconnectionTime"=dword:00000000
"MaxIdleTime"=dword:00000000
"KeyboardLayout"=dword:00000000
"MinEncryptionLevel"=dword:00000002
"NWLogonServer"=""
"WFProfilePath"=""
"WdPrefix"="RDP"
"TraceEnable"=dword:00000000
"TraceDebugger"=dword:00000000
"TraceClass"=dword:00000000
"ColorDepth"=dword:00000003

Disable Auto-Run Applications

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWebServices"=dword:00000001
"NoAutorun"=dword:00000001
"NoDriveTypeAutoRun"=dword:000000ff
"NoStartBanner"=dword:00000001
"PreXPSP2ShellProtocolBehavior"=dword:00000000

Disables Option to Run this time, Run Once

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext]
"RunThisTimeEnabled"=dword:00000000
"VersionCheckEnabled"=dword:00000001

Logon Popup Details

SPECIAL NOTE: You can change the LegalNotic, or LegalNoticText to anything you want, but don't use any spaces, and write it like one continuous sentence.

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies ystem]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"="Welcome to Near Nist 800-171 for GraniteXP-2024 Edition"
"legalnoticetext"="NOTICE: This package is a BETA package, and is in development by @GenericTechSupport on Youtube. Subscribers will get updated details as packages are rolled out. Please subscribe to stay up to date on continued improvements. If you have any additional details, or requests, please feel free to leave a comment on the GraniteXP Project Playlist on the @GenericTechSupport youtube Channel. "
"shutdownwithoutlogon"=dword:00000000
"undockwithoutlogon"=dword:00000001
"disablecad"=dword:00000000
"inactivitytimeoutsecs"=dword:00000384
"MSAOptional"=dword:00000001
"DisableAutomaticRestartSignOn"=dword:00000001

WinLogon Variables

[HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=dword:00000001
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="1"
"AllowMultipleTSSessions"=dword:00000000
"UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\
00,00,00
"LogonType"=dword:00000000
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000001
"DisableCAD"=dword:00000000
"AutoAdminLogon"="0"

LANMAN Server/Client Settings

[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"OtherDomains"=hex(7):00,00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
"Size"=dword:00000002
"DisableDos"=dword:00000000
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000001
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,4c,\
00,4c,00,53,00,52,00,50,00,43,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,\
72,00,00,00,00,00
"NullSessionShares"=hex(7):43,00,4f,00,4d,00,43,00,46,00,47,00,00,00,44,00,46,\
00,53,00,24,00,00,00,00,00
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,72,00,76,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"Lmannounce"=dword:00000000
"Guid"=hex:e7,e8,91,4a,c5,2d,f8,49,b2,92,29,e4,87,d6,eb,30
"AdjustedNullSessionPipes"=dword:00000001
"SMB1"=dword:00000000
"restrictnullsessaccess"=dword:00000001[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer]
"Start"=dword:00000004

Cleanup Process

GPO/REG Config Cleanup Final Step Details

Disable System Restore

reg add "HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 1 /f

Set Page file to 4GB

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v PagingFiles /t REGMULTISZ /d "C:\pagefile.sys 4092 4092" /f

Disable System Remote Assistance

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v fAllowToGetHelp /t REGDWORD /d 0 /freg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v fAllowFullControl /t REGDWORD /d 0 /f

Disable Microsoft Remote Support

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 0 /f

Disable Application Foreground Boost

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl" /v Win32PrioritySeparation /t REG_DWORD /d 24 /f

Define RDP Inbound Port

reg add "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d "43389" /f

Windows Service Cleanup

Disable Windows Screen Recording

sc config srservice start= disabled

Disable Shared Resources

sc config browser start= disabled

Disable Windows Help Services

sc config helpsvc start= disabled

Disable Printer Services

sc config spooler start= disabled

Disable Windows Updates Services

sc config wuauserv start= disabled

MISC DATA

GPO/REG Configuration Details

The above is an incomplete list, the Policy configurations have changes slightly over the past year to compensate for additional configurations. It's important to note that while this project is a working project, it's been modeled after a Windows 10 22H2 machine, and there's been a couple of windows 11 Policies Sprinkled in over the year, however, that the configuration is based on a 100% out of the box windows XP SP3 machine, with no updates or any configurations on it. Attempting to install this package on a pre-built or XP system with a ton of stuff on it is a bad idea, and not something recommened.

NEW NETWORK CONFIGURATION

Set the Dynamic RPC Ports

reg add "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /v Ports /t REGMULTISZ /d 4000-4700 /f

Turn on Defined Internet RPC Access Ports

reg add "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /v PortsInternetAvailable /t REG_SZ /d Y /f

Force Use of Internet External RPC Ports

reg add "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /v UseInternetPorts /t REG_SZ /d Y /f

Force Object Linking for DCOM

reg add "HKLM\SOFTWARE\Microsoft\ole" /v EnableDCOM /t REG_SZ /d N /f

Disable DCOM on RPC Protocol

reg add "HKLM\SOFTWARE\Microsoft\Rpc" /v "DCOM Protocols" /t REGMULTISZ /f

Disable SMB Share Access Port

reg add "HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v SMBDeviceEnabled /t REG_DWORD /d 0 /f

Disable LMHost Share Access Port

reg add "HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v EnableLMHOSTS /t REG_DWORD /d 0 /f

Disable Print Spooler Services

sc config spooler start= disabled

Configure Network Firewall Ports

Configure Custom Settings for Network Security

Windows Registry Editor Version 5.00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Disabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::disabled:@xpsp2res.dll,-22019"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"clroptimizationv4.0.3031932-1"="V4.0|Action=Block|Dir=In|App=c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clroptimizationv4.0.3031932|Name=Block traffic for clroptimizationv4.0.3031932|"
"clroptimizationv4.0.3031932-2"="V4.0|Action=Block|Dir=Out|App=c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clroptimizationv4.0.3031932|Name=Block traffic for clroptimizationv4.0.3031932|"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Disabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::disabled:@xpsp2res.dll,-22019"[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts][HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP"="5985:TCP::Disabled:Windows Remote Management "
"80:TCP"="80:TCP::Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) "
"43389:TCP"="43389:TCP:*:Enabled:CustomRDP"

Granite Links

• Return
• GraniteXP Video 1
• GraniteXP Video 2
• GraniteXP Video 3
• GraniteXP Video 4
• GraniteXP Video 5
• GraniteXP Video 6
• GraniteXP Video 7 (Unreleased)
• GraniteXP Package Details

WINDOWS ADDITIONAL PACKAGES

• Windows XP OneCORE API Video
• OneCoreAPI Software V.4.0.1

Granite Install Instructions

Package Details

Hardware Requirements

A FRESH INSTALL
Pentium 3 733MHZ or better
(4 Core on ONECOREAPI Mod)
4GB PC133 RAM
(8GB DDR on OneCoreAPI Mod)
40GB IDE HARDDISK
Video Card capable of 1024/768
NO Network Connection Required

Package Contents

00. ReadFirst
01. RegistryMods
02. Updates
03. Cleanup

Step 1: Installation Prep

1. Click on Start
2. Right Click on My Computer
3. Choose Manage
4. Click on Local Users and Groups
5. Click on users
6. Right Click Choose New User
Name: Pete (or whatever you want to name it)
7. Password: 8-12 Characters, 2 special, 2 numbers (Warning Less than 8 characters will cause package to fail)
8. Create
9. Right-Click on Pete
Make him a member of "Administrators" Group.
10. Remove him from Users Group
Save
NOTE: This account only needs to exist, does not need to be the primary account

Step 2: Installation Prep

1. Create a new Folder in C:\ called "Tools"
2. Copy the installation package into that location

Step 3: Installation Mod

1. Open "01. RegistryMods"
2. Right-Click-on "01. POSEnabled" 3. Click on Merge
4. Click on Yes
5. Click on OK
6. Right-Click-on "02. SecurityEnabled"
7. Click on Merge
8. Click on Yes
9. Click on Ok
Reboot the system

Step 4: Installation Updates 1

1. Open "02 Updates"
2. Open Folder "01. WSUSOfflineXP"
3. Double-Click - UpdateInstaller

SELECT OPTIONS
1. Update Root Certificates
2. Install IE 8
3. Update C++ Runtimes
4. Install .net 3.5 SP1
5. Install .net 4.X
6. Install Powershell 2.0
7. Install Management Framework 3.0
8. Update DirectX Runtime
9. Update Windows Media Player
10. Update Remote Desktop Client
11. Automatic Reboot and Recall (Doesn't 100% work)
12. Verify Installation packages

SPECIAL NOTESystem will reboot 3-7 times depending on hardware and other factors.You must Click OK on the Banner data on the logon screen, the system will automatically recall and update after that point.Once completed you will be forced to authenticate to log back into the system.

Step 5: Installation Updates 2

1. Open "02 Updates"
2. Open Folder "02. FullXPUpdates"
3. Double-Click on "00-RunFirst"When completed the system will automatically reboot.Estimated 2-4min to complete

Step 6: Installation Updates 3

1. Open "02 Updates"
2. Open Folder "02. FullXPUpdates"
3. Double-Click on "00-Run-Second"When completed the system will automatically reboot.Estimated 4+ Hours to complete

Step 7: Installation Updates 4

1. Open "02 Updates"
2. Open Folder "03. ApplicationRollups"
3. Double-Click on "00-RunLast"When completed the system will automatically reboot.Estimated 10-20min to complete

Step 8: Installation Cleanup

1. Open "03. Cleanup"
2. Double-Click on "RunLast"When completed the system will automatically reboot.Estimated 10-20Seconds to complete

GenericTechSupport Ad Request

Advertise with GenericTechSupport

At GenericTechSupport, our fanbase consists of a diverse community of technical enthusiasts, which might suggest that we primarily promote technical software or equipment.However, we take a different approach. We are committed to supporting small businesses and helping them market products that may not be directly related to the technical field.We understand the concerns surrounding monetization and the potential for product reviews and opinions to be influenced by corporate interests. As such, we only choose to promote well-developed products that have been thoroughly tested and proven to meet high standards.If you have a product that aligns with these values, we encourage you to reach out to request ad-time in one of our upcoming videos.Please note that not all requests will be accepted, but if your product is of solid quality, we believe there is nothing to lose in submitting a proposal.We look forward to hearing from you and potentially working together.

• Request Ad-Time

Request Ad-Time

Please provide a brief introduction to your product or service, highlighting its technical integrity, testing, and quality.If this is not a technical request, please provide details on the product or service, e.g., lifestyle product, eco-friendly item, home gadget, etc.Please mention any relevant features or qualities, such as sustainability, ease of use, design and any links to studies or details vetting the products quality or function.

• Home

GenericTechSupport Business Collaboration request

Collaboration meetings are an essential part of our process, where we work closely with clients to understand their specific needs, discuss potential solutions, and align on goals.These meetings foster open communication and help us provide customized IT support that best suits your business requirements.We are committed to ensuring that every collaboration is productive and results-driven.Use the contact-us details listed here for service

• Home

GenericTechSupport MSP Request

We offer a range of pricing options to suit your needs, including flat rates and hourly rates.Whether you require a one-time service or ongoing support, we can customize a solution that fits your budget and ensures you receive the technical assistance you need.Feel free to contact us to discuss the best option for your business.

• Home

Have an Idea for a video?

Whether you have a video idea in mind or need assistance learning something new in Technology, feel free to send us a Video Idea. We're here to help!

• Home

About TechGuyOne and The GenericTechSupport Youtube Channel.

With over 25 years of extensive experience in the IT and systems engineering field, I have honed my expertise across a broad range of technologies and industries.My journey has led me to work on high-impact projects for multiple high profile organizations, where I was responsible for designing and implementing complex integration and encryption solutions.My technical background spans across various Microsoft server technologies, cloud solutions, security and compliance frameworks, as well as systems and network infrastructure.I have led diverse engineering projects, from Active Directory implementations to designing advanced cloud integrations and supporting legacy systems for some of the largest companies in the world.In multiple roles I have found myself training the more junior engineers and techs, providing them with guidance and direction. These young professionals are who pushed me to start the generictechsupport youtube channel.I specialize in providing expert consulting for businesses seeking tailored IT support, migration solutions, and long-term infrastructure improvements. With a proven track record of ensuring compliance across industries like healthcare, finance, and government, I understand the importance of maintaining a secure and efficient environment.In addition to my technical prowess, I bring a strong set of soft skills to the table, including excellent communication, documentation, and customer service abilities.I have built a reputation for being a collaborative leader, working closely with teams and clients to ensure project success and long-term satisfaction.Whether working on a large-scale migration, designing complex integrations, or providing ongoing IT management and support, I am committed to delivering high-quality, results-driven solutions that enhance operational efficiency and security.

Thank You

Thank you for reaching out!No matter which department you're contacting, we're excited to assist you and look forward to engaging with you in any way we can.

Under Construction

Fedora Command ListUpdate Commands:
sudo dnf update
sudo dnf upgrade --refresh
--------------------------------
Install Snap:
sudo dnf install snapd
sudo ln -s /var/lib/snapd/snap /snap
--------------------------------
Install Flatpak:
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
------------------------------
Install OBSStudios:
flatpak install flathub com.obsproject.Studio -y
sudo dnf upgrade --refresh
------------------------------
Install OpenShot:
sudo dnf install openshot
------------------------------

How to install Nvidea Drivers

Install NVidea Drivers:
sudo dnf install kernel-devel kernel-headers gcc make dkms acpid libglvnd-glx libglvnd-opengl libglvnd-devel pkgconfig
------------------------------------------------
Free Driver (Open)
sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm
------------------------------------------------
Offical NVidea Driver: (closed)
sudo dnf install https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
------------------------------------------------
Make the Driver the default:
sudo dnf makecache
sudo dnf install akmod-nvidia xorg-x11-drv-nvidia-cuda
------------------------------------------------
------------------------------------------------

Package Removal Instructions

DNF Removal:
sudo dnf remove Package NameSnap Removal:
sudo snap remove Package NameFlatpak Removal:
sudo flatpak remove Package Name

• Return
• Linux Software

Fedora 41 - Community Reply Video

Update Commands:
sudo dnf update
sudo dnf upgrade --refresh
--------------------------------
Install Snap:
sudo dnf install snapd
sudo ln -s /var/lib/snapd/snap /snap
--------------------------------
Install Flatpak:
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
------------------------------
Install OBSStudios:
flatpak install flathub com.obsproject.Studio -y
sudo dnf upgrade --refresh
------------------------------
Install OpenShot:
sudo dnf install openshot
------------------------------

Package Removal Instructions

DNF Removal:
sudo dnf remove Package NameSnap Removal:
sudo snap remove Package NameFlatpak Removal:
sudo flatpak remove Package Name

Content

• Fedora-Wiki
• Fedora-41 Part 1 - 2/6/25
• Fedora-41 Part 2 - 2/18/25
• Return

Linux Software Repos

• SNAP STORE
• FLATPAK STORE
• DNF STORE

Debian Repositories

Additional Repositories:
---------------------------------------------
RetroArch:
sudo add-apt-repository ppa:libretro/stable -y
---------------------------------------------
Xbox:
Sudo add-apt-repository ppa:mborgerson/xemu
---------------------------------------------
Firefox Official:
sudo add-apt-repository ppa:mozillateam/ppa
---------------------------------------------
YTDL:
sudo add-apt-repository ppa:tomtomtom/yt-dlp
---------------------------------------------
OBS Studios:
sudo add-apt-repository ppa:obsproject/obs-studio
---------------------------------------------
Steam:
sudo add-apt-repository-multiverse
---------------------------------------------
OpenShot:
sudo add-apt-repository ppa:openshot.developers/ppa -y
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------
---------------------------------------------

SNAP LISTS (Debian, Fedora, ARCH)

Business SNAPS

Install Microsoft Teams
sudo snap install teams-for-linux
--------------------------------------------
Install Slack for Linux
sudo snap install slack
--------------------------------------------
Install VLC Player on Linux
sudo snap install vlc
--------------------------------------------
Install Discord
sudo snap install discord
--------------------------------------------
Snap Store:
sudo snap install snap-store
--------------------------------------------
Open Shot:
sudo snap install openshot-community
--------------------------------------------

Debian Gaming Emulators

Xbox:
sudo apt install xemu
------------------------------------------------
PS3:
Sudo snap install rpcs3-emu
------------------------------------------------
Genesis:
Sudo apt -y install higan
------------------------------------------------
WII:
sudo snap install dolphin-emulator --edge
----
WII-MOTE:
sudo apt install libcwiid1 lswm wmgui wminput
-----
sudo echo "uinput" Shift Period Shift Period /etc/modules
-----
sudo modprobe uinput
------------------------------------------------
SNES:
Sudo apt-get install zsnes
------------------------------------------------
N64:
sudo apt install mupen64plus-qt
------------------------------------------------
PS2:
sudo apt-get install pcsx2
------------------------------------------------
GameBoy Advanced:
sudo snap install visualboyadvance-m --beta
------------------------------------------------
Retro Arcade (arch)
sudo apt install software-properties-common apt-transport-https -y
---
sudo apt install retroarch -y
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------

Basic Fedora Software List

Install a different docking station:
sudo dnf install gnome-shell-extension-dash-to-dock
------------------------------------------------
More Docking station details:
https://extensions.gnome.org/extension/307/dash-to-dock/
------------------------------------------------
Install Snap:
sudo dnf install snapd
sudo dnf update
sudo ln -s /var/lib/snapd/snap /snap
------------------------------------------------
Special Note: Snap Store/App does not work right in Fedora.
------------------------------------------------
Install Steam: (Proton Only)
sudo dnf install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm -y
---
sudo dnf config-manager --enable fedora-cisco-openh264 -y
---
sudo dnf config-manager setopt fedora-cisco-openh264.enabled=1
---
sudo dnf install steam -y
------------------------------------------------
Install any .rpm:
rpm -ihv --nodeps package Name
------------------------------------------------
Driver issues:
rpm -qa | grep -e package name
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------
------------------------------------------------

Debian Download Links
Deb Files

All .deb files can be installed by right-clicking and choosing to open with the "GDebi" Package installer.

• SamPDF
• FreeOffice
• CrossOver

Fedora Download Links
RPM Files

All .rpm files can be installed by right-clicking and choosing to open with the "Software" installer.

• FreeOffice

• Return
• Debian-Wiki
• Fedora-WIKI

ISO LINKS - FEDORA BASED

• Fedora-41

• Return

ISO LINKS - MISC LINUX ISO

• NIXOS

• Return
• NixOS Video Details

ISO LINKS - DEBIAN BASED

• Linux Mint
• Ubuntu Desktop LTS
• Zorin OS
• TAILS Portable Linux
• Kali Linux LTS
• Free-XP (Q4OS)
• Free-10 (Q4OS)

• Return

Build Script Details from Video

How to:
Get the Trusted Host (Workgroup Mode) list..
Get-Item WSMan:\localhost\Client\TrustedHosts
How to Set the Trust for WinRM communication:
(MachineA and MachineB)
Set-Item WSMan:\localhost\Client\TrustedHosts -Value 'machineA,machineB'If the above does not work, or still throws an error, try the Asterisk.Set-Item WSMan:\localhost\Client\TrustedHosts -Value '*'Once you have everything on the domain, run the clear command on all boxes to reset the trust.Clear-Item -Path WSMan:\localhost\Client\TrustedHosts -Force

Setting up a share on Core Server

If you want to share a folder named "Bills" and you want to give it read, write and modify access, this is the command.Note: "Bill Access" is the name of the security group we created in AD.New-SmbShare –Name Bills –Path "C:\Network Share\Bills –changeaccess "bill access"If you have a share named "bills" and you want to give it full control.. this is the command (Not recommended, see video for details)New-SmbShare –Name Bills –Path "C:\Network Share\Bills –fullaccess "bill access"

Remove the Share if you screw up

Check your share from CMD: Net shareIf you screwed up the share..Remove-SmbShare -Name "Bills"

Use the links to return to Home or Watch the video

• Windows Core Config Video
• Channel

Windows Software Links

• Rufus
• 7ZIP
• Super-Anti-SpyWare
• FreeOffice 2024
• Zoom
• RetroBar
• OpenShell
• Windows Blinds
• Portable Linux Creation tool
• RSAT Tools Windows 10

• Return

ISO LINKS - WINDOWS DESKTOP

• Windows 11 X64
• Windows 10 X64
• Windows 10 X86
• Windows Desktop Legacy ISO's

• Return

• Return

Windows WinGet

Powershell Command

Open Powershell as admin:Add-AppxPackage -RegisterByFamilyName -MainPackage Microsoft.DesktopAppInstaller_8wekyb3d8bbwe

To use the Winget commands:
Open CMD As Admin
(NOTE: you must be a local administrator for this to work, and cannot be logged in as a local user)winget search (some kind of product)
winget install google.chrome
winget install valve.steam
winget install electronicarts.origin

To Remove an application:winget remove (application ID)
--silent (doesn't work)NOTE: While Silent doesn't work on all applications, it does on some, and this process is much easier than stumbling through the GUI.

• Return
• Windows APT video

ISO LINKS - WINDOWS SERVER

• Windows Server 2028 (TBA)
• Windows Server 2025
• Windows Server 2022
• Windows Server 2019
• Windows Server 2016
• Windows Server 2012R2
• Legacy Windows ISO Files

• Return

See Link for Debian Wiki for more details

• Debian-Wiki

NixOS - Coming 2/20/25

• Return
• NixOS Video

Sample Bash Script for Debian

This is a sample BASH script created for an automated installation of Linux MINT

#!/bin/sh
# Welcome to the GenericTechSupport Youtube Channel Script, for installing Windows 11 Default Build Replacement applications, Please Note, you will need to install the Steam
# Application and the Snap Repository outside of this script. You Must install Snap before running this script, and must reboot, and must install the steam application after running
# this script and rebooting again. If you add the Steam store installation to this script it will cause the network drivers to fail, and cause the system to lose internet connection.
# You have been warned.
#
#
# To Follow the video save this file as applicationinstall.sh in the home directory
# Feel free to comment out whatever packages you don't want.
#
#
# Install Snap Repositories and updates prior to running this script.
# Snap update will require a reboot
# sudo mv /etc/apt/preferences.d/nosnap.pref ~/Documents/nosnap.backup
# sudo apt update
# sudo apt install snapd
# sudo snap install snap-store
#
#
# Also install VmWare Tools if you are installing this on vmware workstation or player, which will also require a reboot.
# sudo apt-get install open-vm-tools-desktop
# sudo apt-get install open-vm-tools
#
#
# update Repositories
sudo apt-get update
#
# Add the Multiverse repository, needed for steam
sudo add-apt-repository multiverse
#
# Add the Mozilla Repository, needed to update firefox.
sudo add-apt-repository ppa:mozillateam/ppa -y
#
# Add the YT DLP Repository, added for downloading media online.
sudo add-apt-repository ppa:tomtomtom/yt-dlp -y
#
# Add the OBS Project repository, needed for OBS-Studios
sudo add-apt-repository ppa:obsproject/obs-studio -y
#
# Add the OpenShot repository, needed for openshot video editing
sudo add-apt-repository ppa:openshot.developers/ppa -y
#
# download the Software needed for the apt repository
#
# Download the Office Apps debian application for office apps on o365
wget http://sourceforge.net/projects/microsoftonlineapps/files/v1.0.0/microsoftonlineapps.deb/download -P ./Downloads/Microsoft
#
# Download new Chrome, for Chrome Browser on Linux
wget https://dl.google.com/linux/direct/google-chrome-stablecurrentamd64.deb -P ./Downloads
#
# Download Zoom for Linux
wget https://zoom.us/client/6.3.1.5673/zoom_amd64.deb -P ./Downloads
#
# update the packages and repository options for next installation steps.
sudo apt-get update
#
# Install the Apt Repo Applications
#
# Install the Application YT Downloader
sudo apt-get install yt-dlp -y
#
# Install the OSB Studios Application
sudo apt-get install obs-studio -y
#
# Install the Openshot video Editor Software
sudo apt-get install openshot-qt python3-openshot -y
#
# Install the Custom Downloaded Packages
#
# Install the Microsoft Office Apps Package for Linux
sudo dpkg -i ~/Downloads/Microsoft/download
#
# Install the Chrome Browser on Linux
sudo dpkg -i ~/Downloads/google-chrome-stable.deb
#
# Install Zoom on Linux
sudo dpkg -i ~/Downloads/zoom.deb
#
# Install the Snaps
#
# Install Microsoft Teams
sudo snap install teams-for-linux
#
# Install Slack for Linux
sudo snap install slack
#
# Install VLC Player on Linux
sudo snap install vlc
#
# Install the Discord application on Linux
sudo snap install discord
#
# Upgrade the packages to latest version
sudo apt-get update
sudo apt-get upgrade -y
#
# Cleanup all cached data, Low on drive space option.
# sudo apt-get clean
#
# Cleanup downloaded apt packages, Low on drive space option.
# rm -rf ./Downloads/*
#
# Fix any encountered errors, common issue on discord application for some reason..
sudo apt --fix-broken install -y
#
# Reboot the system
sudo reboot now
#
# You must reboot to install Steam, please grab the bellow line and install outside of this script.
#
#
# WARNING - Steam has a lot of dependencies and may cause issues with NIC and other drivers, make sure all updates are done and a reboot is complete before running install for steam.
# sudo apt-get update
# sudo apt-get upgrade -y
# sudo apt-get dist-upgrade -y
# sudo do-release-upgrade -y
# sudo apt-get install steam -y
#

• Return

Kali Video - 2/14/25

Application Name:dnsrecon -d nameofdomain.com

Output will provide deep troubleshooting details on DNS server or configuration.NOTE: This is for Website lookup or to troubleshoot your internal network, not designed for any illegal activity.

• Return
• Kalentine's Day Video

!!!WARNING!!!

Before running the debloater scripts, make sure you have notepad++ and Firefox installed on your system. This was only tested on 24H2 as a clean build, use this at your own risk for pre-built systems.

This document contains the itemized process of cleaning up the bloat in stages, For a much easier process, use the Raven Talon "Debloater application" found on the Raven Git Website.

• Link to Raven Debloater

Please Donate to their project, it helps our tech community continue to develop free packages

Find your AppX Packages for your user

Run the following as a PS1 file as admin

mkdir c:\tools
Get-AppXPackage > C:\tools\AppXPackages.Log

Find your AppX Packages for Public Users

Run the following as a PS1 file as admin

mkdir c:\tools
Get-AppXPackage -allusers > C:\tools\AppXAllUsers.Log

Remove All AppX Packages from 24H2

Run the following as a PS1 file as admin

# Remove Applications HKCU (user Account)
Get-AppxPackage -name msteams | remove-appxpackage
Get-AppxPackage -name Microsoft.StorePurchaseApp | remove-appxpackage
Get-AppxPackage -name Microsoft.Todos | remove-appxpackage
Get-AppxPackage -name MicrosoftCorporationII.QuickAssist | remove-appxpackage
Get-AppxPackage -name Microsoft.YourPhone | remove-appxpackage
Get-AppxPackage -name Microsoft.XboxSpeechToTextOverlay | remove-appxpackage
Get-AppxPackage -name Microsoft.XboxGamingOverlay | remove-appxpackage
Get-AppxPackage -name Microsoft.Xbox.TCUI | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsSoundRecorder | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsFeedbackHub | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsCamera | remove-appxpackage
Get-AppxPackage -name Microsoft.Windows.Photos | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsCalculator | remove-appxpackage
Get-AppxPackage -name Microsoft.Windows.DevHome | remove-appxpackage
Get-AppxPackage -name Microsoft.WebpImageExtension | remove-appxpackage
Get-AppxPackage -name Microsoft.WebMediaExtensions | remove-appxpackage
Get-AppxPackage -name Microsoft.MicrosoftStickyNotes | remove-appxpackage
Get-AppxPackage -name Microsoft.MicrosoftSolitaireCollection | remove-appxpackage
Get-AppxPackage -name Microsoft.GetHelp | remove-appxpackage
Get-AppxPackage -name Microsoft.GamingApp | remove-appxpackage
Get-AppxPackage -name Microsoft.BingWeather | remove-appxpackage
Get-AppxPackage -name Microsoft.BingSearch | remove-appxpackage
Get-AppxPackage -name Microsoft.BingNews | remove-appxpackage
Get-AppxPackage -name Microsoft.MicrosoftEdge.Stable | remove-appxpackage
Get-AppxPackage -name Microsoft.Copilot | remove-appxpackage
Get-AppxPackage -name MicrosoftWindows.Client.WebExperience | remove-appxpackage
Get-AppxPackage -name Microsoft.zunemusic | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsStore | remove-appxpackage
Get-AppxPackage -name Microsoft.XboxIdentityProvider | remove-appxpackage
Get-AppxPackage -name Microsoft.ScreenSketch | remove-appxpackage
Get-AppxPackage -name Microsoft.WindowsAlarms | remove-appxpackage
Get-AppxPackage -name Microsoft.PowerAutomateDesktop | remove-appxpackage
Get-AppxPackage -name Microsoft.OutlookForWindows | remove-appxpackage
Get-AppxPackage -name Microsoft.MicrosoftOfficeHub | remove-appxpackage#Remove Applications HKLM (Public)
Get-AppxPackage -allusers -name Microsoft.MicrosoftOfficeHub | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.MicrosoftEdge.Stable | remove-appxpackage
Get-AppxPackage -allusers -name Clipchamp.Clipchamp | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.BingNews | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.BingSearch | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.BingWeather | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.GamingApp | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.GetHelp | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.OutlookForWindows | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.PowerAutomateDesktop | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.ScreenSketch | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.StorePurchaseApp | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Todos | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WebpImageExtension | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WebMediaExtensions | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Windows.DevHome | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Windows.Photos | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WindowsAlarms | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WindowsFeedbackHub | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WindowsSoundRecorder | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.WindowsStore | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Xbox.TCUI | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.XboxGamingOverlay | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.XboxIdentityProvider | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.XboxSpeechToTextOverlay | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.YourPhone | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.ZuneMusic | remove-appxpackage
Get-AppxPackage -allusers -name MicrosoftCorporationII.QuickAssist | remove-appxpackage
Get-AppxPackage -allusers -name MicrosoftWindows.Client.WebExperience | remove-appxpackage
Get-AppxPackage -allusers -name MicrosoftWindows.CrossDevice | remove-appxpackage
Get-AppxPackage -allusers -name MSTeams | remove-appxpackage
Get-AppxPackage -allusers -name Microsoft.Copilot | remove-appxpackage

REBOOT WHEN COMPLETED