REG file to secure Windows

Discussion in 'Windows 7' started by Hazar, Dec 1, 2011.

  1. Hazar

    Hazar MDL Guru

    Jul 29, 2009
    2,523
    452
    90
    Hello all,

    I crafted this simple reg file which should bind RPC to localhost and close most of the vulnerable windows ports. On my machine it left only two ports open (139, 445). It doesn't appear to affect any functionality of RPC based services. Should work on most Windows versions.

    Reboot after applying the REG file

    If anyone has any ideas on anything further that can be done I'd be interested to hear it.

    View attachment secure.zip

    Hazar
     
  2. triggat

    triggat MDL Member

    Feb 18, 2009
    192
    12
    10
    Security is always paramount. Thank u!
     
  3. CODYQX4

    CODYQX4 MDL Developer

    Sep 4, 2009
    4,804
    45,144
    150
    When I add the Linkage part it causes KMS failure, as in starting KMSEmulator crashes. Removing the Linkage subkey immediately fixes it.

    Anyone else confirm?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. BobSheep

    BobSheep MDL Guru

    Apr 19, 2010
    2,326
    1,358
    90
    #4 BobSheep, Dec 3, 2011
    Last edited: Dec 3, 2011
    How does one "uninstall" this? `

    Just suppose I know nothing about computers and the registry and run your registry import.
    Skype stops working, so does my office VPN, shared printer and BBC iPlayer too. Or perhaps my purchased KMS Enterprise license suddently starts saying the computer is not genuine?

    What am I to do?

    Or do you not provide "uninstall" instructions
     
  5. CODYQX4

    CODYQX4 MDL Developer

    Sep 4, 2009
    4,804
    45,144
    150
    #5 CODYQX4, Dec 3, 2011
    Last edited by a moderator: Apr 20, 2017
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs]
    "ListenOnInternet"="N"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Rpc\Linkage]
    "Bind"=hex(7):31,00,00,00,00,00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer]
    "Start"=dword:00000003
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation]
    "Start"=dword:00000003
    That is the normal reg file. The first reg entry doesn't seem to get set for me. I delete the second one (the Linkage key) as it caused a lot of issues for me (hard to tell if this was at fault but I had to use system restoreafter this). The other two simply change a service to manual (I think those two are auto so you'd want to change their value to 2).
    What am I to do?

    Or do you not provide "uninstall" instructions[/QUOTE]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Hazar

    Hazar MDL Guru

    Jul 29, 2009
    2,523
    452
    90
    If you want to remove it... just delete the Rpc key and remove the ListenOnInternet value... Skype, VPNs all that still work fine for me... Haven't tested KMS though as I don't use it
     
  7. Josh Cell

    Josh Cell MDL Developer

    Jan 8, 2011
    3,519
    7,103
    120
    #7 Josh Cell, Dec 4, 2011
    Last edited by a moderator: Apr 20, 2017
    Very important backup the keys before aply the mods, if have any incompatibility with your APPS:

    Code:
    reg save "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services" "C:\Backup.reg"
    When "C:\Backup.reg" is the directory/file for save.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...