-
-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG]: Wrong registry references #255
Comments
- Introduce a new parent category: 'Disable Application Compatibility framework" for better categorization. - Move following existing scripts under the new category: - Disable Application Impact Telemetry (AIT) - Disable steps recorder - Disable Inventory Collector - Program Compatibility Assistant Service - Add new scripts new scripts within the same category: - Disable Application Compatibility Engine - Disable "Program Compatibility Assistant (PCA)" feature - Disable "Program Compatibility Assistant Service" (`PcaSvc`) - Add missing revert codes for: - 'Disable steps recorder' - Fix revert codes for scripts: - 'Disable Inventory Collector' - 'Disable Application Impact Telemetry (AIT)' (as pointed in #255). - Add extensive documentation for all related scripts. - Rename scripts for clarity: - 'Disable Inventory Collector' > 'Disable "Inventory Collector" task'. - 'Program Compatibility Assistant Service' > 'Disable "Program Compatibility Assistant Service" (`PcaSvc`) service'. - 'Disable steps recorder' > 'Disable Steps Recorder (collects screenshots, mouse/keyboard input and UI data)'.
"Disable Application Impact Telemetry (AIT)" is fixed and documented, it's now under new category "Disable Application Compatibility Framework" with more scripts added/fixed and documented, it's released in 0.12.5 🚀 |
- Rename script for simplicity. - Add documentation. - Fix default value not matching default OS state.
- Rename script for simplicity. - Add documentation. - Fix default value not matching default OS state. - Fix wrong registry path.
"RestrictAnonymousSAM" is fixed and documented, renamed it from "Disable anonymous enumeration of SAM accounts" to "Disable unauthorized user account discovery (anonymous SAM enumeration)" for simplicity, it's released in 0.12.9 🚀. Thank you for thee feedback @tempdrive again, you are always welcome to report if you see anything else. |
Hi,
I have noticed that there are a couple of invalid registry references in v0.12.2 as per the below:
name: Disable Application Impact Telemetry (AIT)
recommend: standard
code: reg add "HKLM\Software\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d "0" /f
revertCode: reg add "HKLM\Software\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d "1" /f
The revertCode part refers to a different registry entry.
name: Block Anonymous enumeration of SAM accounts
recommend: standard
docs: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63745
code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "RestrictAnonymousSAM" /t REG_DWORD /d 1 /f
revertCode: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "RestrictAnonymousSAM" /t REG_DWORD /d 0 /f
For the above, the proper path would be "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Lsa", which is also referenced in the link provided.
The text was updated successfully, but these errors were encountered: