[BUG]: Wrong registry references #255
Labels
bug
Something isn't working
Comments
undergroundwires
added a commit
that referenced
this issue
Oct 12, 2023
- Introduce a new parent category: 'Disable Application Compatibility framework" for better categorization. - Move following existing scripts under the new category: - Disable Application Impact Telemetry (AIT) - Disable steps recorder - Disable Inventory Collector - Program Compatibility Assistant Service - Add new scripts new scripts within the same category: - Disable Application Compatibility Engine - Disable "Program Compatibility Assistant (PCA)" feature - Disable "Program Compatibility Assistant Service" (`PcaSvc`) - Add missing revert codes for: - 'Disable steps recorder' - Fix revert codes for scripts: - 'Disable Inventory Collector' - 'Disable Application Impact Telemetry (AIT)' (as pointed in #255). - Add extensive documentation for all related scripts. - Rename scripts for clarity: - 'Disable Inventory Collector' > 'Disable "Inventory Collector" task'. - 'Program Compatibility Assistant Service' > 'Disable "Program Compatibility Assistant Service" (`PcaSvc`) service'. - 'Disable steps recorder' > 'Disable Steps Recorder (collects screenshots, mouse/keyboard input and UI data)'.
|
"Disable Application Impact Telemetry (AIT)" is fixed and documented, it's now under new category "Disable Application Compatibility Framework" with more scripts added/fixed and documented, it's released in 0.12.5 🚀 |
undergroundwires
added a commit
that referenced
this issue
Dec 3, 2023
- Rename script for simplicity. - Add documentation. - Fix default value not matching default OS state.
undergroundwires
added a commit
that referenced
this issue
Dec 3, 2023
- Rename script for simplicity. - Add documentation. - Fix default value not matching default OS state. - Fix wrong registry path.
|
"RestrictAnonymousSAM" is fixed and documented, renamed it from "Disable anonymous enumeration of SAM accounts" to "Disable unauthorized user account discovery (anonymous SAM enumeration)" for simplicity, it's released in 0.12.9 🚀. Thank you for thee feedback @tempdrive again, you are always welcome to report if you see anything else. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I have noticed that there are a couple of invalid registry references in v0.12.2 as per the below:
name: Disable Application Impact Telemetry (AIT)
recommend: standard
code: reg add "HKLM\Software\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d "0" /f
revertCode: reg add "HKLM\Software\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d "1" /f
The revertCode part refers to a different registry entry.
name: Block Anonymous enumeration of SAM accounts
recommend: standard
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63745
code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "RestrictAnonymousSAM" /t REG_DWORD /d 1 /f
revertCode: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "RestrictAnonymousSAM" /t REG_DWORD /d 0 /f
For the above, the proper path would be "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Lsa", which is also referenced in the link provided.
The text was updated successfully, but these errors were encountered: