From 42d4e075d8f78e8b7d8c829700f0dc658d400c11 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 10 Oct 2024 21:15:18 +0200 Subject: [PATCH] feat: Disable SMB signing requirement (#787) --- assets/win11x64-enterprise-eval.xml | 43 +++++++++++++++------------- assets/win11x64-enterprise.xml | 44 ++++++++++++++++------------- assets/win11x64-iot.xml | 43 +++++++++++++++------------- assets/win11x64-ltsc.xml | 43 +++++++++++++++------------- assets/win11x64.xml | 43 +++++++++++++++------------- assets/win2025-eval.xml | 41 +++++++++++++++------------ assets/win2025.xml | 41 +++++++++++++++------------ 7 files changed, 167 insertions(+), 131 deletions(-) diff --git a/assets/win11x64-enterprise-eval.xml b/assets/win11x64-enterprise-eval.xml index c0045d3..555d1f4 100644 --- a/assets/win11x64-enterprise-eval.xml +++ b/assets/win11x64-enterprise-eval.xml @@ -343,101 +343,106 @@ 2 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f + Disable SMB signing requirement + + + 3 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f Allow RDP login with blank password - 3 + 4 reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f Enable option for passwordless sign-in - 4 + 5 cmd /C wmic useraccount where name="Docker" set PasswordExpires=false Password Never Expires - 5 + 6 cmd /C POWERCFG -H OFF Disable Hibernation - 6 + 7 cmd /C POWERCFG -X -monitor-timeout-ac 0 Disable monitor blanking - 7 + 8 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f Disable first-run experience in Edge - 8 + 9 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f Show file extensions in Explorer - 9 + 10 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f Zero Hibernation File - 10 + 11 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f Disable Hibernation - 11 + 12 cmd /C POWERCFG -X -standby-timeout-ac 0 Disable Sleep - 12 + 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f Enable RemoteAPP to launch unlisted programs - 13 + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 16 + 17 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 17 + 18 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 19 + 20 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 20 + 21 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 21 + 22 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win11x64-enterprise.xml b/assets/win11x64-enterprise.xml index 9800436..88983f0 100644 --- a/assets/win11x64-enterprise.xml +++ b/assets/win11x64-enterprise.xml @@ -346,101 +346,106 @@ 2 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f + Disable SMB signing requirement + + + 3 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f Allow RDP login with blank password - 3 + 4 reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f Enable option for passwordless sign-in - 4 + 5 cmd /C wmic useraccount where name="Docker" set PasswordExpires=false Password Never Expires - 5 + 6 cmd /C POWERCFG -H OFF Disable Hibernation - 6 + 7 cmd /C POWERCFG -X -monitor-timeout-ac 0 Disable monitor blanking - 7 + 8 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f Disable first-run experience in Edge - 8 + 9 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f Show file extensions in Explorer - 9 + 10 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f Zero Hibernation File - 10 + 11 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f Disable Hibernation - 11 + 12 cmd /C POWERCFG -X -standby-timeout-ac 0 Disable Sleep - 12 + 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f Enable RemoteAPP to launch unlisted programs - 13 + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 16 + 17 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 17 + 18 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 19 + 20 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 20 + 21 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 21 + 22 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists @@ -448,3 +453,4 @@ + diff --git a/assets/win11x64-iot.xml b/assets/win11x64-iot.xml index eeef008..79fc392 100644 --- a/assets/win11x64-iot.xml +++ b/assets/win11x64-iot.xml @@ -352,101 +352,106 @@ 2 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f + Disable SMB signing requirement + + + 3 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f Allow RDP login with blank password - 3 + 4 reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f Enable option for passwordless sign-in - 4 + 5 cmd /C wmic useraccount where name="Docker" set PasswordExpires=false Password Never Expires - 5 + 6 cmd /C POWERCFG -H OFF Disable Hibernation - 6 + 7 cmd /C POWERCFG -X -monitor-timeout-ac 0 Disable monitor blanking - 7 + 8 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f Disable first-run experience in Edge - 8 + 9 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f Show file extensions in Explorer - 9 + 10 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f Zero Hibernation File - 10 + 11 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f Disable Hibernation - 11 + 12 cmd /C POWERCFG -X -standby-timeout-ac 0 Disable Sleep - 12 + 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f Enable RemoteAPP to launch unlisted programs - 13 + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 16 + 17 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 17 + 18 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 19 + 20 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 20 + 21 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 21 + 22 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win11x64-ltsc.xml b/assets/win11x64-ltsc.xml index c4c35db..584ff9e 100644 --- a/assets/win11x64-ltsc.xml +++ b/assets/win11x64-ltsc.xml @@ -352,101 +352,106 @@ 2 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f + Disable SMB signing requirement + + + 3 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f Allow RDP login with blank password - 3 + 4 reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f Enable option for passwordless sign-in - 4 + 5 cmd /C wmic useraccount where name="Docker" set PasswordExpires=false Password Never Expires - 5 + 6 cmd /C POWERCFG -H OFF Disable Hibernation - 6 + 7 cmd /C POWERCFG -X -monitor-timeout-ac 0 Disable monitor blanking - 7 + 8 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f Disable first-run experience in Edge - 8 + 9 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f Show file extensions in Explorer - 9 + 10 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f Zero Hibernation File - 10 + 11 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f Disable Hibernation - 11 + 12 cmd /C POWERCFG -X -standby-timeout-ac 0 Disable Sleep - 12 + 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f Enable RemoteAPP to launch unlisted programs - 13 + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 16 + 17 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 17 + 18 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 19 + 20 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 20 + 21 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 21 + 22 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win11x64.xml b/assets/win11x64.xml index 4877868..71ecdf9 100644 --- a/assets/win11x64.xml +++ b/assets/win11x64.xml @@ -346,101 +346,106 @@ 2 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f + Disable SMB signing requirement + + + 3 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f Allow RDP login with blank password - 3 + 4 reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f Enable option for passwordless sign-in - 4 + 5 cmd /C wmic useraccount where name="Docker" set PasswordExpires=false Password Never Expires - 5 + 6 cmd /C POWERCFG -H OFF Disable Hibernation - 6 + 7 cmd /C POWERCFG -X -monitor-timeout-ac 0 Disable monitor blanking - 7 + 8 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f Disable first-run experience in Edge - 8 + 9 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f Show file extensions in Explorer - 9 + 10 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f Zero Hibernation File - 10 + 11 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f Disable Hibernation - 11 + 12 cmd /C POWERCFG -X -standby-timeout-ac 0 Disable Sleep - 12 + 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f Enable RemoteAPP to launch unlisted programs - 13 + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 16 + 17 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 17 + 18 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 19 + 20 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 20 + 21 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 21 + 22 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2025-eval.xml b/assets/win2025-eval.xml index 1ee2b54..70aa09c 100644 --- a/assets/win2025-eval.xml +++ b/assets/win2025-eval.xml @@ -242,96 +242,101 @@ 2 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f + Disable SMB signing requirement + + + 3 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f Allow RDP login with blank password - 3 + 4 reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f Enable option for passwordless sign-in - 4 + 5 cmd /C wmic useraccount where name="Docker" set PasswordExpires=false Password Never Expires - 5 + 6 cmd /C POWERCFG -H OFF Disable Hibernation - 6 + 7 cmd /C POWERCFG -X -monitor-timeout-ac 0 Disable monitor blanking - 7 + 8 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f Disable first-run experience in Edge - 8 + 9 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f Show file extensions in Explorer - 9 + 10 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f Zero Hibernation File - 10 + 11 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f Disable Hibernation - 11 + 12 cmd /C POWERCFG -X -standby-timeout-ac 0 Disable Sleep - 12 + 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f Enable RemoteAPP to launch unlisted programs - 13 + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 17 + 18 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 20 + 21 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2025.xml b/assets/win2025.xml index c0801b0..66871a5 100644 --- a/assets/win2025.xml +++ b/assets/win2025.xml @@ -245,96 +245,101 @@ 2 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f + Disable SMB signing requirement + + + 3 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f Allow RDP login with blank password - 3 + 4 reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f Enable option for passwordless sign-in - 4 + 5 cmd /C wmic useraccount where name="Docker" set PasswordExpires=false Password Never Expires - 5 + 6 cmd /C POWERCFG -H OFF Disable Hibernation - 6 + 7 cmd /C POWERCFG -X -monitor-timeout-ac 0 Disable monitor blanking - 7 + 8 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f Disable first-run experience in Edge - 8 + 9 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f Show file extensions in Explorer - 9 + 10 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f Zero Hibernation File - 10 + 11 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f Disable Hibernation - 11 + 12 cmd /C POWERCFG -X -standby-timeout-ac 0 Disable Sleep - 12 + 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f Enable RemoteAPP to launch unlisted programs - 13 + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 17 + 18 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 20 + 21 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists