rem Making modifications to .DEFAULT
rem Disable Screen Saver at Logon/Welcome Screen
reg ADD “HKU\.DEFAULT\Control Panel\Desktop” /v ScreenSaveActive /d “0” /f
rem Set Wallpaper to blank at Logon/Welcome Screen
reg ADD “HKU\.DEFAULT\Control Panel\Desktop” /v Wallpaper /d “ “ /f
rem Disable Address space layout randomization
reg ADD “HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management” /v MoveImages /t REG_DWORD /d 0x0 /f
rem Enable “Automatically Reboot”
reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\CrashControl” /v AutoReboot/t REG_DWORD /d 0x1 /f
rem Disable “Write an event to the system log”
reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\CrashControl” /v LogEvent /t REG_DWORD /d 0x0 /f
rem Disable “Send an alert”
reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\CrashControl” /v SendAlert /t REG_DWORD /d 0x0 /f
rem Disable IPv6
reg Add “HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters” /v DisabledComponents /t REG_DWORD /d 0xffffffff /f
rem Increase Service Startup Timeout – Allows up to 120 seconds before timing out waiting for a service
reg Add “HKLM\System\CurrentControlSet\Control” /v ServicesPipeTimeout /t REG_DWORD /d 120000 /f
rem Don’t buffer UDP packets less than 1500 Bytes – improves high bandwidth video performance
reg Add “HKLM\System\CurrentControlSet\Services\Afd” /v FastSendDatagramThreshold /t REG_DWORD /d 1500 /f
rem Disable View agent debug
reg Add “HKLM\software\VMware, Inc.\VMware VDM\” /v DebugEnabled /t REG_SZ /d False /f
rem Disable View agent trace
reg Add “HKLM\software\VMware, Inc.\VMware VDM\” /v TraceEnabled /t REG_SZ /d False /f
rem Disable Background Layout Service
reg ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout” /v EnableAutoLayout /t reg_dword /d 0 /f
rem Disable Machine Account Password Changes
reg ADD “HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters” /v DisablePasswordChange /t reg_dword /d 0 /f
Rem Disable TCP/IP Task Offload
Reg ADD “HKLM \SYSTEM\CurrentControlSet\Services\TCPIP\Parameters” /v DisableTaskOffload /t REG_DWORD /d 1 /f
Rem Hide Hard Error Messages
Reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\Windows” /v ErrorMode /t REG_DWORD /d 0 /f
Rem Disable CIFS Change Notifications
reg ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer” /v NoRemoteRecursiveEvents /t Reg_dword /d 1 /f
rem Disable customer experience improvement program
Reg ADD “HKLM\Software\Microsoft\SQMClient\Windows” /v CEIPEnable /t REG_DWORD /d 0 /frem Using Powershell to perform Windows Services modifications
rem Application Experience Lookup Service
Powershell Set-Service ‘AeLookupSvc’ -startuptype “disabled”
Rem BranchCache
Powershell Set-Service ‘PeerDistSvc’ -startuptype “disabled”
rem Computer Browser
Powershell Set-Service ‘Browser’ -startuptype “disabled”
rem Diagnostic Service Host
Powershell Set-Service ‘WdiServiceHost’ -startuptype “disabled”
rem Diagnostic System Host
Powershell Set-Service ‘WdiSystemHost’ -startuptype “disabled”
rem Problem Reports and Solutions Control Panel Support
Powershell Set-Service ‘wercplsupport’ -startuptype “disabled”
rem Parental Controls
Powershell Set-Service ‘wpcsvc’ -startuptype “disabled”
rem Windows Media Center Sharing Service
Powershell Set-Service ‘WMPNetworkSvc’ -startuptype “disabled”
Rem Disable Interactive Services Detection
Powershell Set-Service ‘UI0Detect’ -startuptype “disabled”
Rem Background Intelligent Transfer
Powershell Set-Service ‘bits’ -startuptype “disabled”
rem Function Discovery Resource Publication
Powershell Set-Service ‘FDResPub’ -startuptype “disabled”
rem Media Center Extender Service
Powershell Set-Service ‘Mcx2Svc’ -startuptype “disabled”rem Making miscellaneous modifications
rem **********************************************************************************
rem *** Set Firewall Domain profile off
rem *** Set Firewall Private profile on
rem *** Set Firewall Public profile on
netsh advfirewall set publicprofile state on
netsh advfirewall set privateprofile state on
netsh advfirewall set domainprofile state off
rem **********************************************************************************
rem Disable the Language Bar
Regsvr32.exe /u/s msutb.dll
rem *** Delete hidden Windows Update uninstall files
del /A:H /S /F /Q %WINDIR%\$NT*
rem disable Customer Experience Improvement Program tasks
schtasks /change /tn “microsoft\windows\Application Experience\AitAgent”/disable
schtasks /change /tn “microsoft\windows\Application Experience\ ProgramDataUpdater” /disable
schtasks /change /tn “microsoft\windows\Customer Experience Improvement Program\Consolidator” /disable
schtasks /change /tn “microsoft\windows\Customer Experience Improvement Program\KernelCeipTask” /disable
schtasks /change /tn “microsoft\windows\Customer Experience Improvement Program\UsbCeip” /disable
rem Disable Screen Saver at Logon/Welcome Screen
reg ADD “HKU\.DEFAULT\Control Panel\Desktop” /v ScreenSaveActive /d “0” /f
rem Set Wallpaper to blank at Logon/Welcome Screen
reg ADD “HKU\.DEFAULT\Control Panel\Desktop” /v Wallpaper /d “ “ /f
rem Disable Address space layout randomization
reg ADD “HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management” /v MoveImages /t REG_DWORD /d 0x0 /f
rem Enable “Automatically Reboot”
reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\CrashControl” /v AutoReboot/t REG_DWORD /d 0x1 /f
rem Disable “Write an event to the system log”
reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\CrashControl” /v LogEvent /t REG_DWORD /d 0x0 /f
rem Disable “Send an alert”
reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\CrashControl” /v SendAlert /t REG_DWORD /d 0x0 /f
rem Disable IPv6
reg Add “HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters” /v DisabledComponents /t REG_DWORD /d 0xffffffff /f
rem Increase Service Startup Timeout – Allows up to 120 seconds before timing out waiting for a service
reg Add “HKLM\System\CurrentControlSet\Control” /v ServicesPipeTimeout /t REG_DWORD /d 120000 /f
rem Don’t buffer UDP packets less than 1500 Bytes – improves high bandwidth video performance
reg Add “HKLM\System\CurrentControlSet\Services\Afd” /v FastSendDatagramThreshold /t REG_DWORD /d 1500 /f
rem Disable View agent debug
reg Add “HKLM\software\VMware, Inc.\VMware VDM\” /v DebugEnabled /t REG_SZ /d False /f
rem Disable View agent trace
reg Add “HKLM\software\VMware, Inc.\VMware VDM\” /v TraceEnabled /t REG_SZ /d False /f
rem Disable Background Layout Service
reg ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout” /v EnableAutoLayout /t reg_dword /d 0 /f
rem Disable Machine Account Password Changes
reg ADD “HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters” /v DisablePasswordChange /t reg_dword /d 0 /f
Rem Disable TCP/IP Task Offload
Reg ADD “HKLM \SYSTEM\CurrentControlSet\Services\TCPIP\Parameters” /v DisableTaskOffload /t REG_DWORD /d 1 /f
Rem Hide Hard Error Messages
Reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\Windows” /v ErrorMode /t REG_DWORD /d 0 /f
Rem Disable CIFS Change Notifications
reg ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer” /v NoRemoteRecursiveEvents /t Reg_dword /d 1 /f
rem Disable customer experience improvement program
Reg ADD “HKLM\Software\Microsoft\SQMClient\Windows” /v CEIPEnable /t REG_DWORD /d 0 /frem Using Powershell to perform Windows Services modifications
rem Application Experience Lookup Service
Powershell Set-Service ‘AeLookupSvc’ -startuptype “disabled”
Rem BranchCache
Powershell Set-Service ‘PeerDistSvc’ -startuptype “disabled”
rem Computer Browser
Powershell Set-Service ‘Browser’ -startuptype “disabled”
rem Diagnostic Service Host
Powershell Set-Service ‘WdiServiceHost’ -startuptype “disabled”
rem Diagnostic System Host
Powershell Set-Service ‘WdiSystemHost’ -startuptype “disabled”
rem Problem Reports and Solutions Control Panel Support
Powershell Set-Service ‘wercplsupport’ -startuptype “disabled”
rem Parental Controls
Powershell Set-Service ‘wpcsvc’ -startuptype “disabled”
rem Windows Media Center Sharing Service
Powershell Set-Service ‘WMPNetworkSvc’ -startuptype “disabled”
Rem Disable Interactive Services Detection
Powershell Set-Service ‘UI0Detect’ -startuptype “disabled”
Rem Background Intelligent Transfer
Powershell Set-Service ‘bits’ -startuptype “disabled”
rem Function Discovery Resource Publication
Powershell Set-Service ‘FDResPub’ -startuptype “disabled”
rem Media Center Extender Service
Powershell Set-Service ‘Mcx2Svc’ -startuptype “disabled”rem Making miscellaneous modifications
rem **********************************************************************************
rem *** Set Firewall Domain profile off
rem *** Set Firewall Private profile on
rem *** Set Firewall Public profile on
netsh advfirewall set publicprofile state on
netsh advfirewall set privateprofile state on
netsh advfirewall set domainprofile state off
rem **********************************************************************************
rem Disable the Language Bar
Regsvr32.exe /u/s msutb.dll
rem *** Delete hidden Windows Update uninstall files
del /A:H /S /F /Q %WINDIR%\$NT*
rem disable Customer Experience Improvement Program tasks
schtasks /change /tn “microsoft\windows\Application Experience\AitAgent”/disable
schtasks /change /tn “microsoft\windows\Application Experience\ ProgramDataUpdater” /disable
schtasks /change /tn “microsoft\windows\Customer Experience Improvement Program\Consolidator” /disable
schtasks /change /tn “microsoft\windows\Customer Experience Improvement Program\KernelCeipTask” /disable
schtasks /change /tn “microsoft\windows\Customer Experience Improvement Program\UsbCeip” /disable
Comments
Post a Comment