forked from Atlas-OS/Atlas
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Here's an improved version of the text in English: The following modules have been added: - Disabled IPv6 - Disabled SMB - Disabled Remote Desktop - Blocked all incoming connections - Set AdguardDNS server as default - Enabled protection against potentially unwanted applications (PUA) - Set User Account Control (UAC) to maximum - Activated automatic Windows Updates by default - Activated automatic Store Updates by default - Enabled UAC Secure Desktop by default - Removed branding from OEM information
- Loading branch information
Showing
15 changed files
with
107 additions
and
147 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 0 additions & 29 deletions
29
src/playbook/Configuration/tweaks/misc/config-oem-information.yml
This file was deleted.
Oops, something went wrong.
4 changes: 4 additions & 0 deletions
4
src/playbook/Configuration/tweaks/networking/block-incoming-connections.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
title: Block All Incoming Connections with Microsoft Defender Firewall | ||
description: To enhance network security, Microsoft Defender Firewall is configured to block all incoming connections. | ||
actions: | ||
- !run: {exe: 'netsh', args: 'advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound'} |
9 changes: 9 additions & 0 deletions
9
src/playbook/Configuration/tweaks/networking/set-adguarddns.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: Configure AdguardDNS | ||
description: Set the DNS server to AdguardDNS for improved privacy and security. | ||
actions: | ||
- !registryValue: | ||
path: 'HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{InterfaceGUID}' | ||
value: 'NameServer' | ||
data: '94.140.14.14,94.140.15.15' | ||
type: REG_SZ |
8 changes: 8 additions & 0 deletions
8
src/playbook/Configuration/tweaks/networking/shares/disable-smb-protocols.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
title: Disable SMB Protocols | ||
description: Disabling SMB protocols to enhance the security of the Windows system and minimize vulnerabilities. | ||
actions: | ||
- !run: {exe: 'powershell', args: 'Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$false'} | ||
- !run: {exe: 'powershell', args: 'Set-SmbServerConfiguration -EnableSMB2Protocol $false -Confirm:$false'} | ||
|
||
|
9 changes: 0 additions & 9 deletions
9
src/playbook/Configuration/tweaks/qol/disable-store-auto-updates.yml
This file was deleted.
Oops, something went wrong.
9 changes: 0 additions & 9 deletions
9
src/playbook/Configuration/tweaks/qol/security/disable-uac-secure-desktop.yml
This file was deleted.
Oops, something went wrong.
31 changes: 0 additions & 31 deletions
31
src/playbook/Configuration/tweaks/qol/windows-update/disable-auto-updates.yml
This file was deleted.
Oops, something went wrong.
10 changes: 10 additions & 0 deletions
10
src/playbook/Configuration/tweaks/security/disable-ipv6.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
title: Disable IPv6 | ||
description: As IPv6 may introduce security vulnerabilities in some network environments, it is disabled to improve security. | ||
actions: | ||
- !registryValue: | ||
path: 'HKLM\SYSTEM\CurrentControlSet\services\tcpip6\parameters' | ||
value: 'DisabledComponents' | ||
data: '0' | ||
type: REG_DWORD | ||
- !run: {exe: 'powershell', args: 'Get-NetAdapterBinding –ComponentID “ms_tcpip6” | disable-NetAdapterBinding –ComponentID “ms_tcpip6” –PassThru'} |
13 changes: 13 additions & 0 deletions
13
src/playbook/Configuration/tweaks/security/disable-remote-desktop.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
title: Disable Remote Desktop | ||
description: Disable Remote Desktop to enhance system security and prevent unauthorized access. | ||
actions: | ||
- !registryValue: | ||
path: 'HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server' | ||
value: 'fDenyTSConnections' | ||
data: '1' | ||
type: REG_DWORD | ||
- !registryValue: | ||
path: 'HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' | ||
value: 'UserAuthentication' | ||
data: '1' | ||
type: REG_DWORD |
5 changes: 5 additions & 0 deletions
5
src/playbook/Configuration/tweaks/security/enable-pua-protection.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
title: Enable PUA Protection | ||
description: Enable the protection against Potentially Unwanted Applications (PUA) using Microsoft Defender. | ||
actions: | ||
- !run: {exe: 'powershell', args: '-Command "Set-MpPreference -PUAProtection Enabled"'} |
24 changes: 24 additions & 0 deletions
24
src/playbook/Configuration/tweaks/security/uac-maximum.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
title: Set User Account Control (UAC) to Maximum | ||
description: To enhance system security, UAC is set to its highest level, requiring the user's permission for all actions. | ||
actions: | ||
- !registryValue: | ||
path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' | ||
value: 'ConsentPromptBehaviorAdmin' | ||
data: '2' | ||
type: REG_DWORD | ||
- !registryValue: | ||
path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' | ||
value: 'ConsentPromptBehaviorUser' | ||
data: '1' | ||
type: REG_DWORD | ||
- !registryValue: | ||
path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' | ||
value: 'EnableLUA' | ||
data: '1' | ||
type: REG_DWORD | ||
- !registryValue: | ||
path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' | ||
value: 'PromptOnSecureDesktop' | ||
data: '1' | ||
type: REG_DWORD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.