First release

Here's an improved version of the text in English:

The following modules have been added:

- Disabled IPv6
- Disabled SMB
- Disabled Remote Desktop
- Blocked all incoming connections
- Set AdguardDNS server as default
- Enabled protection against potentially unwanted applications (PUA)
- Set User Account Control (UAC) to maximum
- Activated automatic Windows Updates by default
- Activated automatic Store Updates by default
- Enabled UAC Secure Desktop by default
- Removed branding from OEM information

README.md

@@ -1,12 +1,9 @@
-<p align="center">A fork of AtlasOS focused on security, without leaving behind usability and performance.</p>
+<p align="center">A fork of AtlasOS that focuses on security without compromising usability or performance.</p>
 
 <p align="center">
-  <a href="https://atlasos.net" target="_blank">🌐 AtlasOS Website</a>
-  •
-  <a href="https://docs.atlasos.net" target="_blank">📚 AtlasOS Documentation</a>
-  •
-  <a href="https://discord.atlasos.net" target="_blank">☎️ AtlasOS Discord</a>
-  •
+  <a href="https://atlasos.net" target="_blank">🌐 AtlasOS Website</a> |
+  <a href="https://docs.atlasos.net" target="_blank">📚 AtlasOS Documentation</a> |
+  <a href="https://discord.atlasos.net" target="_blank">☎️ AtlasOS Discord</a> |
   <a href="https://forum.atlasos.net" target="_blank">💬 AtlasOS Forum</a>
 </p>
 
@@ -17,25 +14,24 @@
 - [Branding](https://docs.atlasos.net/branding/)
 
 ## 🤔 What is SecOS?
-SecOS is an open source fork of AtlasOS that enhances Windows by eliminating factors that negatively affect performance. 
-SecOS focuses on security as it focuses on the daily use of Windows to ensure end-user safety.
+SecOS is an open-source fork of AtlasOS that improves Windows by eliminating factors that negatively impact performance. It emphasizes security to ensure user protection during daily use of Windows.
 
-## 👀 Why SecOS?
+## 👀 Why Choose SecOS?
 
-As computer geeks, we all have family members who don't use their computers primarily for gaming. SecOS aims to provide these types of users with a fast user experience, similar to AtlasOS, but with a stronger focus on security and privacy.
+SecOS is designed for users who want a fast, secure experience similar to AtlasOS but with a greater emphasis on security and privacy. It is ideal for those who don't primarily use their computers for gaming.
 
-Trying to follow Microsoft's official methods.
+SecOS adheres to Microsoft's official methods.
 
 ### 🔍 Open Source and Transparent
 
-Unlike custom Windows ISOs, Atlas is more straightforward to audit due to the use of [AME Wizard](https://ameliorated.io). AME Wizard is controlled by Playbooks, a customizable script-esque system that can perform various tasks.
+Unlike custom Windows ISOs, SecOS easier to audit due to the use of [AME Wizard](https://ameliorated.io). AME Wizard is controlled by Playbooks, a customizable script-like system that can perform various tasks.
 
-Playbooks are renamed **.zip** archives, with the password [`malte`](https://docs.ameliorated.io/developers/getting-started/creation.html). As they primarily consist of plain text, Playbooks enable transparency, unlike custom Windows ISOs, which have many entry points for malicious activity. The few binaries in the Playbook are open source in our [`utilities` repository](https://github.com/Atlas-OS/utilities), with the [hashes listed here](https://github.com/Atlas-OS/Atlas/blob/main/src/playbook/Executables/AtlasModules/README.md).
+Playbooks are **.zip** files with the password [`malte`](https://docs.ameliorated.io/developers/getting-started/creation.html). Since they primarily consist of plain text, Playbooks offer transparency, unlike custom Windows ISOs, which have many entry points for malicious activity. The few binaries in the Playbook are open source in our [`utilities` repository](https://github.com/Atlas-OS/utilities), with the [hashes listed here](https://github.com/Atlas-OS/Atlas/blob/main/src/playbook/Executables/AtlasModules/README.md).
 
-Although the GUI is not open source for AME Wizard, AME Wizard's entire backend (called [TrustedUninstaller](https://github.com/Ameliorated-LLC/trusted-uninstaller-cli)) is open source under MIT, which contains each action used to run SecOS. The SecOS Playbook is open source under the [GPLv3 license](https://github.com/iamcarron/SecOS/blob/main/LICENSE).
+Although the GUI of AME Wizard is not open source, the entire backend (called [TrustedUninstaller](https://github.com/Ameliorated-LLC/trusted-uninstaller-cli)) is open source under MIT and contains each action used to run SecOS. The SecOS Playbook is open source under the [GPLv3 license](https://github.com/iamcarron/SecOS/blob/main/LICENSE).
 
 ### 🔒 Legal Compliance
-As SecOS doesn't redistribute a modified Windows ISO, it complies with [Windows's Usage Terms](https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm). In addition, SecOS does not alter activation in Windows.
+SecOS complies with [Windows's Usage Terms](https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm) because it doesn't redistribute a modified Windows ISO. Additionally, SecOS does not alter Windows activation.
 
-### 🤝 Contribution
-SecOS arises as a project for a class work, so it is not guaranteed to have recurring updates and very often, so any contribution is appreciated!
+### 🤝 Contributions
+SecOS began as a class project, so frequent updates are not guaranteed. Contributions are welcome and appreciated to help improve the project.

src/playbook/Configuration/tweaks.yml

@@ -1,6 +1,6 @@
 ---
 title: Tweaks Root Playbook File
-description: Runs all of the Atlas playbook tweaks
+description: Runs all of the SecOS playbook tweaks
 actions: []
 tasks:
   # ------------------------- NOTES ------------------------- #
@@ -27,15 +27,16 @@ tasks:
   - tweaks\statuses\status-networking.yml
   - tweaks\networking\disable-llmnr.yml
   - tweaks\networking\atlas-network-settings.yml
+  - tweaks\networking\block-incoming-connections.yml
+  - tweaks\networking\set-adguarddns.yml
 
   # -------------------------------------------------------------------------- #
   #  networking\shares                                                         #
   # -------------------------------------------------------------------------- #
   - tweaks\networking\shares\restrict-anonymous-access.yml
   - tweaks\networking\shares\restrict-anonymous-enumeration.yml
   - tweaks\networking\shares\disable-smb-bandwidth-throttling.yml
-
-
+  - tweaks\networking\shares\disable-smb-protocols.yml
 
   # -----------------------------------------------------
   #                      Performance
@@ -54,7 +55,6 @@ tasks:
   - tweaks\performance\disable-fth.yml
   - tweaks\performance\disable-sleep-study.yml
 
-
   # -------------------------------------------------------------------------- #
   #  performance\system                                                        #
   # -------------------------------------------------------------------------- #
@@ -64,8 +64,6 @@ tasks:
   - tweaks\performance\system\disable-service-host-split.yml
   - tweaks\performance\system\win32-priority-seperation.yml
 
-
-
   # -----------------------------------------------------
   #                        Privacy
   # -----------------------------------------------------
@@ -124,8 +122,6 @@ tasks:
   - tweaks\privacy\telemetry\disable-input-telemetry.yml
   - tweaks\privacy\telemetry\disallow-data-collection.yml
 
-
-
   # -----------------------------------------------------
   #                          QOL
   # -----------------------------------------------------
@@ -146,7 +142,6 @@ tasks:
   - tweaks\qol\disable-mouse-accel.yml
   - tweaks\qol\disable-settings-tips.yml
   - tweaks\qol\disable-spell-checking.yml
-  - tweaks\qol\disable-store-auto-updates.yml
   - tweaks\qol\disable-touch-keyboard-features.yml
   - tweaks\qol\disable-touch-visual-feedback.yml
   - tweaks\qol\disable-usb-issues-notifications.yml
@@ -173,7 +168,6 @@ tasks:
   - tweaks\qol\windows-update\disable-insider.yml
   - tweaks\qol\windows-update\disable-msrt-telemetry.yml
   - tweaks\qol\windows-update\disable-feature-updates.yml
-  - tweaks\qol\windows-update\disable-auto-updates.yml
   - tweaks\qol\windows-update\disable-auto-reboot.yml
   - tweaks\qol\windows-update\disable-delivery-optimization.yml
 
@@ -232,11 +226,6 @@ tasks:
   - tweaks\qol\explorer\remove-context-menus\share.yml
   - tweaks\qol\explorer\remove-context-menus\troubleshooting-compat.yml
 
-  # -------------------------------------------------------------------------- #
-  #  qol\security                                                              #
-  # -------------------------------------------------------------------------- #
-  - tweaks\qol\security\disable-uac-secure-desktop.yml
-
   # -------------------------------------------------------------------------- #
   #  qol\shell                                                                 #
   # -------------------------------------------------------------------------- #
@@ -283,8 +272,6 @@ tasks:
   - tweaks\qol\taskbar\set-to-left.yml
   - tweaks\qol\taskbar\end-task.yml
 
-
-
   # -----------------------------------------------------
   #                       Security
   # -----------------------------------------------------
@@ -297,8 +284,10 @@ tasks:
   - tweaks\security\block-anonymous-enum-sam.yml
   - tweaks\security\delete-defaultuser0.yml
   - tweaks\security\disable-remote-assistance.yml
-
-
+  - tweaks\security\disable-ipv6.yml
+  - tweaks\security\disable-remote-desktop.yml
+  - tweaks\security\enable-pua-protection.yml
+  - tweaks\security\uac-maximum.yml
 
   # -----------------------------------------------------
   #                        Debloat
@@ -315,8 +304,6 @@ tasks:
   - tweaks\debloat\hide-unused-security-pages.yml
   - tweaks\debloat\config-storage-sense.yml
 
-
-
   # -----------------------------------------------------
   #                        Scripts
   # -----------------------------------------------------
@@ -335,8 +322,6 @@ tasks:
   - tweaks\scripts\script-backup2.yml
   - tweaks\scripts\script-clientcbs.yml
 
-
-
   # -----------------------------------------------------
   #                         Misc
   # -----------------------------------------------------
@@ -348,7 +333,6 @@ tasks:
   - tweaks\statuses\status-misc.yml
   - tweaks\misc\config-time.yml
   - tweaks\misc\delete-windows-specific-files.yml
-  - tweaks\misc\config-oem-information.yml
   - tweaks\misc\rebuild-perf-counters.yml
   - tweaks\misc\create-shortcuts.yml
   - tweaks\misc\add-music-videos-to-home.yml

src/playbook/Configuration/tweaks/networking/block-incoming-connections.yml

@@ -0,0 +1,4 @@
+title: Block All Incoming Connections with Microsoft Defender Firewall
+description: To enhance network security, Microsoft Defender Firewall is configured to block all incoming connections.
+actions:
+  - !run: {exe: 'netsh', args: 'advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound'}

src/playbook/Configuration/tweaks/networking/set-adguarddns.yml

@@ -0,0 +1,9 @@
+---
+title: Configure AdguardDNS
+description: Set the DNS server to AdguardDNS for improved privacy and security.
+actions:
+  - !registryValue:
+      path: 'HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{InterfaceGUID}'
+      value: 'NameServer'
+      data: '94.140.14.14,94.140.15.15'
+      type: REG_SZ

src/playbook/Configuration/tweaks/networking/shares/disable-smb-protocols.yml

@@ -0,0 +1,8 @@
+---
+title: Disable SMB Protocols
+description: Disabling SMB protocols to enhance the security of the Windows system and minimize vulnerabilities.
+actions:
+  - !run: {exe: 'powershell', args: 'Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$false'}
+  - !run: {exe: 'powershell', args: 'Set-SmbServerConfiguration -EnableSMB2Protocol $false -Confirm:$false'}
+
+

src/playbook/Configuration/tweaks/security/disable-ipv6.yml

@@ -0,0 +1,10 @@
+---
+title: Disable IPv6
+description: As IPv6 may introduce security vulnerabilities in some network environments, it is disabled to improve security.
+actions:
+  - !registryValue:
+    path: 'HKLM\SYSTEM\CurrentControlSet\services\tcpip6\parameters'
+    value: 'DisabledComponents'
+    data: '0'
+    type: REG_DWORD
+  - !run: {exe: 'powershell', args: 'Get-NetAdapterBinding –ComponentID “ms_tcpip6” | disable-NetAdapterBinding –ComponentID “ms_tcpip6” –PassThru'}

src/playbook/Configuration/tweaks/security/disable-remote-desktop.yml

@@ -0,0 +1,13 @@
+title: Disable Remote Desktop
+description: Disable Remote Desktop to enhance system security and prevent unauthorized access.
+actions:
+  - !registryValue:
+      path: 'HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server'
+      value: 'fDenyTSConnections'
+      data: '1'
+      type: REG_DWORD
+  - !registryValue:
+      path: 'HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'
+      value: 'UserAuthentication'
+      data: '1'
+      type: REG_DWORD

src/playbook/Configuration/tweaks/security/enable-pua-protection.yml

@@ -0,0 +1,5 @@
+---
+title: Enable PUA Protection
+description: Enable the protection against Potentially Unwanted Applications (PUA) using Microsoft Defender.
+actions:
+  - !run: {exe: 'powershell', args: '-Command "Set-MpPreference -PUAProtection Enabled"'}

src/playbook/Configuration/tweaks/security/uac-maximum.yml

@@ -0,0 +1,24 @@
+---
+title: Set User Account Control (UAC) to Maximum
+description: To enhance system security, UAC is set to its highest level, requiring the user's permission for all actions.
+actions:
+  - !registryValue:
+    path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
+    value: 'ConsentPromptBehaviorAdmin'
+    data: '2'
+    type: REG_DWORD
+  - !registryValue:
+    path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
+    value: 'ConsentPromptBehaviorUser'
+    data: '1'
+    type: REG_DWORD
+  - !registryValue:
+    path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
+    value: 'EnableLUA'
+    data: '1'
+    type: REG_DWORD
+  - !registryValue:
+    path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
+    value: 'PromptOnSecureDesktop'
+    data: '1'
+    type: REG_DWORD

src/playbook/local-build.cmd

@@ -5,7 +5,7 @@
 # Do not change anything here, this is simply for reference
 $defaultConfig = @{
 	# Name of resulting APBX
-	fileName = "Atlas Test"
+	fileName = "SecOS"
 
 	# Should the script delete any playbook that already exists with the same name or not
 	# If not, it will make something like "Atlas Test (1).apbx"