Windows server 2022 安全基线加固 安全加固 仅供参考
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"PortNumber"=dword:0000045a
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableIPSourceRouting"=dword:00000002
[HKEY_LOCAL_MACHINE\System Access]
"MaximumPasswordAge"=dword:0000005a
"MinimumPasswordLength"=dword:00000008
"PasswordComplexity"=dword:00000001
"PasswordHistorySize"=dword:00000002
"LockoutBadCount"=dword:00000001
"ResetLockoutCount"=dword:00000005
"LockoutDuration"=dword:00000005
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths]
"Machine"=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
"NullSessionPipes"=""
"NullSessionShares"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Restrictanonymous"=dword:00000001
"Restrictanonymoussam"=dword:00000001
[HKEY_LOCAL_MACHINE\Privilege Rights]
"SeShutdownPrivilege"="*S-1-5-32-544"
"SeRemoteShutdownPrivilege"="*S-1-5-32-544"
"SeProfileSingleProcessPrivilege"="*S-1-5-32-544"
[HKEY_LOCAL_MACHINE\Event Audit]
"AuditSystemEvents"=dword:00000003
"AuditLogonEvents"=dword:00000003
"AuditObjectAccess"=dword:00000003
"AuditProcessTracking"=dword:00000003
"AuditDSAccess"=dword:00000003
"AuditPrivilegeUse"=dword:00000003
"AuditAccountLogon"=dword:00000003
"AuditAccountManage"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Security]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"SynAttackProtect"=dword:00000001
"TcpMaxPortsExhausted"=dword:00000005
"TcpMaxConnectResponseRetransmissions"=dword:00000002
"TcpMaxHalfOpen"=dword:000001f4
"TcpMaxHalfOpenRetried"=dword:00000190
"EnableICMPRedirect"=dword:00000000
"EnableDeadGWDetect"=dword:00000000
"TcpMaxDataRetransmissions"=dword:00000002
"PerformRouterDiscovery"=dword:00000000
"KeepAliveTime"=dword:000493e0
"EnablePMTUDiscovery"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"Dontdisplaylastusername"=dword:00000001
"DontDisplayLockedUserId"=dword:00000003
"Disablecad"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"PasswordExpiryWarning"=dword:0000000e
"AutoAdminLogon"=dword:00000000
"CachedLogonsCount"=dword:00000005
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
"AutoShareServer"=dword:00000000
"AutoShareWks"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaveActive"="1"
"ScreenSaveTimeOut"="300"
"ScreenSaverIsSecure"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
"Enabled"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers]
"DisableAutoplay"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
"Autodisconnect"=dword:0000000f
"Enableforcedlogoff"=dword:00000001
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International]
"RestrictLanguagePacksAndFeaturesInstall"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers]
"PointAndPrint!RestrictDriverInstallationToAdministrators"=dword:00000001
"EnableDeviceControl"=dword:00000001
"ApprovedUsbPrintDevices"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient]
"DoHPolicy"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer]
"ShowOrHideMostUsedApps"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications]
"WnsEndpoint"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies]
"NtfsForceNonPagedPoolAllocation"=dword:00000001
"NtfsDefaultTier"=dword:00000001
"NtfsParallelFlushThreshold"=dword:00000001
"NtfsParallelFlushWorkers"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\Windows NT\Printers]
"EnableDeviceControl"=dword:00000001
"ApprovedUsbPrintDevices"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters]
"CloudKerberosTicketRetrievalEnabled"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters]
"DnsSrvRecordUseLowerCaseHostNames"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\SAM]
"SamNGCKeyROCAValidation"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\StorageSense]
"AllowStorageSenseGlobal"=dword:00000001
"AllowStorageSenseTemporaryFilesCleanup"=dword:00000001
"ConfigStorageSenseGlobalCadence"=dword:00000001
"ConfigStorageSenseCloudContentDehydrationThreshold"=dword:00000001
"ConfigStorageSenseRecycleBinCleanupThreshold"=dword:00000001
"ConfigStorageSenseDownloadsCleanupThreshold"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx]
"AllowAutomaticAppArchiving"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy]
"LetAppsAccessBackgroundSpatialPerception"=dword:00000001
"LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps"=dword:00000001
"LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps"=""
"LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps"=""
"LetAppsActivateWithVoice"=dword:00000001
"LetAppsActivateWithVoiceAboveLock"=dword:00000001
"LetAppsAccessGraphicsCaptureProgrammatic"=dword:00000001
"LetAppsAccessGraphicsCaptureProgrammatic_UserInControlOfTheseApps"=dword:00000001
"LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps"=""
"LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps"=""
"LetAppsAccessGraphicsCaptureWithoutBorder"=dword:00000001
"LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps"=dword:00000001
"LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps"=""
"LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps"=""
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DataCollection]
"DisableOneSettingsDownloads"=dword:00000001
"EnableOneSettingsAuditing"=dword:00000001
"LimitDiagnosticLogCollection"=dword:00000001
"LimitDumpCollection"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode]
"AllowSaveTargetAsInIEMode"=dword:00000001
"EnableExtendedIEModeHotkeys"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender]
"SupportLogLocation"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Exclusions]
"Exclusions_IpAddresses"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"AllowNetworkProtectionOnWinServer"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\NIS]
"DisableDatagramProcessing"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableScriptScanning"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Signature Updates]
"MeteredConnectionUpdates"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"UseCloudTrustForOnPremAuth"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Sandbox]
"AllowAudioInput"=dword:00000001
"AllowClipboardRedirection"=dword:00000001
"AllowNetworking"=dword:00000001
"AllowPrinterRedirection"=dword:00000001
"AllowVGPU"=dword:00000001
"AllowVideoInput"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"AutoSubscription"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Printers]
"EnableDeviceControl"=dword:00000001
"ApprovedUsbPrintDevices"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\International]
"RestrictLanguagePacksAndFeaturesInstall"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HideSCAMeetNow"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
"ShowOrHideMostUsedApps"=dword:00000000
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode]
"AllowSaveTargetAsInIEMode"=dword:00000001
"EnableExtendedIEModeHotkeys"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PassportForWork]
"UseCloudTrustForOnPremAuth"=dword:00000001
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"PortNumber"=dword:0000045a // 设置RDP(远程桌面协议)端口为0x45a(1130十进制)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableIPSourceRouting"=dword:00000002 // 禁用IP源路由(增强安全性)
[HKEY_LOCAL_MACHINE\System Access]
"MaximumPasswordAge"=dword:0000005a // 设置密码的最大有效期为90天
"MinimumPasswordLength"=dword:00000008 // 设置密码最小长度为8个字符
"PasswordComplexity"=dword:00000001 // 启用密码复杂性要求(密码必须符合复杂性要求)
"PasswordHistorySize"=dword:00000002 // 保留2个旧密码
"LockoutBadCount"=dword:00000001 // 错误登录次数超过1次时锁定账户
"ResetLockoutCount"=dword:00000005 // 锁定计数器重置的时间周期为5分钟
"LockoutDuration"=dword:00000005 // 锁定账户时长为5分钟
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths]
"Machine"="" // 没有指定受信任的计算机路径(默认设置)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
"NullSessionPipes"="" // 禁用空会话管道
"NullSessionShares"="" // 禁用空会话共享
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Restrictanonymous"=dword:00000001 // 限制匿名访问
"Restrictanonymoussam"=dword:00000001 // 限制匿名SAM访问(安全账户管理器)
[HKEY_LOCAL_MACHINE\Privilege Rights]
"SeShutdownPrivilege"="*S-1-5-32-544" // 启用关闭系统的权限
"SeRemoteShutdownPrivilege"="*S-1-5-32-544" // 启用远程关闭系统的权限
"SeProfileSingleProcessPrivilege"="*S-1-5-32-544" // 启用单进程配置文件权限
[HKEY_LOCAL_MACHINE\Event Audit]
"AuditSystemEvents"=dword:00000003 // 启用系统事件审计
"AuditLogonEvents"=dword:00000003 // 启用登录事件审计
"AuditObjectAccess"=dword:00000003 // 启用对象访问审计
"AuditProcessTracking"=dword:00000003 // 启用进程跟踪审计
"AuditDSAccess"=dword:00000003 // 启用目录服务访问审计
"AuditPrivilegeUse"=dword:00000003 // 启用权限使用审计
"AuditAccountLogon"=dword:00000003 // 启用帐户登录审计
"AuditAccountManage"=dword:00000003 // 启用帐户管理审计
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System]
"Retention"=dword:00000000 // 禁用日志保留(无限期保留)
"MaxSize"=dword:00800000 // 设置日志最大大小为8MB
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application]
"Retention"=dword:00000000 // 禁用日志保留(无限期保留)
"MaxSize"=dword:00800000 // 设置日志最大大小为8MB
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Security]
"Retention"=dword:00000000 // 禁用日志保留(无限期保留)
"MaxSize"=dword:00800000 // 设置日志最大大小为8MB
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001 // 启用防火墙
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"SynAttackProtect"=dword:00000001 // 启用SYN攻击保护
"TcpMaxPortsExhausted"=dword:00000005 // 设置最大端口耗尽数为5
"TcpMaxConnectResponseRetransmissions"=dword:00000002 // 设置最大TCP连接响应重传次数为2
"TcpMaxHalfOpen"=dword:000001f4 // 设置最大半开连接数为500
"TcpMaxHalfOpenRetried"=dword:00000190 // 设置最大半开连接重试次数为400
"EnableICMPRedirect"=dword:00000000 // 禁用ICMP重定向
"EnableDeadGWDetect"=dword:00000000 // 禁用死网关检测
"TcpMaxDataRetransmissions"=dword:00000002 // 设置最大TCP数据重传次数为2
"PerformRouterDiscovery"=dword:00000000 // 禁用路由发现
"KeepAliveTime"=dword:000493e0 // 设置TCP连接的保持活动时间为300000(5分钟)
"EnablePMTUDiscovery"=dword:00000000 // 禁用PMTU(路径最大传输单元)发现
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"Dontdisplaylastusername"=dword:00000001 // 禁用显示最后登录的用户名
"DontDisplayLockedUserId"=dword:00000003 // 禁用显示锁定用户ID
"Disablecad"=dword:00000000 // 启用Ctrl+Alt+Del组合键(0表示启用,1表示禁用)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"PasswordExpiryWarning"=dword:0000000e // 设置密码到期前警告时间为14天
"AutoAdminLogon"=dword:00000000 // 禁用自动管理员登录(0表示禁用,1表示启用)
"CachedLogonsCount"=dword:00000005 // 设置缓存登录次数为5次
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
"AutoShareServer"=dword:00000000 // 禁用自动共享服务器(禁用C$和IPC$共享)
"AutoShareWks"=dword:00000000 // 禁用自动共享工作站(禁用默认的共享)
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaveActive"="1" // 启用屏幕保护程序(1表示启用,0表示禁用)
"ScreenSaveTimeOut"="300" // 设置屏幕保护程序超时时间为300秒(5分钟)
"ScreenSaverIsSecure"="1" // 启用安全屏幕保护程序(要求用户在恢复时输入密码)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
"Enabled"=dword:00000000 // 禁用NTP时间服务器功能(0表示禁用,1表示启用)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers]
"DisableAutoplay"=dword:00000001 // 禁用自动播放功能(1表示禁用,0表示启用)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
"Autodisconnect"=dword:0000000f // 设置自动断开连接的空闲时间为15分钟
"Enableforcedlogoff"=dword:00000001 // 启用强制注销(强制注销没有活动的会话)
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International]
"RestrictLanguagePacksAndFeaturesInstall"=dword:00000001 // 限制安装语言包和其他功能(1表示启用限制)
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers]
"PointAndPrint!RestrictDriverInstallationToAdministrators"=dword:00000001 // 限制只有管理员能安装打印机驱动
"EnableDeviceControl"=dword:00000001 // 启用设备控制
"ApprovedUsbPrintDevices"=dword:00000001 // 仅允许经批准的USB打印设备
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient]
"DoHPolicy"=dword:00000001 // 启用DNS over HTTPS(DoH)策略(1表示启用)
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer]
"ShowOrHideMostUsedApps"=dword:00000000 // 禁用在开始菜单显示最常用应用(0表示禁用,1表示启用)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications]
"WnsEndpoint"=dword:00000001 // 启用Windows推送通知服务(1表示启用,0表示禁用)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies]
"NtfsForceNonPagedPoolAllocation"=dword:00000001 // 强制NTFS在非分页池中分配空间
"NtfsDefaultTier"=dword:00000001 // 设置NTFS文件系统默认层级
"NtfsParallelFlushThreshold"=dword:00000001 // 设置NTFS并行刷新阈值
"NtfsParallelFlushWorkers"=dword:00000001 // 设置NTFS并行刷新工作线程数量
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\Windows NT\Printers]
"EnableDeviceControl"=dword:00000001 // 启用打印机设备控制
"ApprovedUsbPrintDevices"=dword:00000001 // 仅允许经批准的USB打印设备
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters]
"CloudKerberosTicketRetrievalEnabled"=dword:00000001 // 启用云Kerberos票证检索功能(1表示启用,0表示禁用)
备注: 此项配置允许系统从云端检索Kerberos认证票证,以便更好地支持混合身份验证。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters]
"DnsSrvRecordUseLowerCaseHostNames"=dword:00000001 // 使用小写主机名进行DNS服务记录
备注: 此项配置可确保在DNS记录中使用小写字母,以避免与其他系统产生不兼容的情况。
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\SAM]
"SamNGCKeyROCAValidation"=dword:00000001 // 启用SAM(Security Accounts Manager)中NGC密钥ROCA验证
备注: 该项配置启用了对密码加密密钥ROCA的验证,增强了安全性。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\StorageSense]
"AllowStorageSenseGlobal"=dword:00000001 // 启用全局存储感知功能(1表示启用)
"AllowStorageSenseTemporaryFilesCleanup"=dword:00000001 // 启用临时文件清理
"ConfigStorageSenseGlobalCadence"=dword:00000001 // 配置存储感知功能的全局周期
"ConfigStorageSenseCloudContentDehydrationThreshold"=dword:00000001 // 配置云内容的脱水阈值
"ConfigStorageSenseRecycleBinCleanupThreshold"=dword:00000001 // 配置回收站清理阈值
"ConfigStorageSenseDownloadsCleanupThreshold"=dword:00000001 // 配置下载文件夹清理阈值
备注: 这些设置与Windows的存储感知功能相关,用于自动清理临时文件和未使用的内容,释放磁盘空间。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx]
"AllowAutomaticAppArchiving"=dword:00000001 // 启用应用程序自动归档
备注: 启用此功能后,未使用的应用将自动归档以节省存储空间。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy]
"LetAppsAccessBackgroundSpatialPerception"=dword:00000001 // 允许应用访问背景空间感知
"LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps"=dword:00000001 // 用户可以控制哪些应用访问背景空间感知
"LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps"="" // 强制允许特定应用访问背景空间感知
"LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps"="" // 强制拒绝特定应用访问背景空间感知
"LetAppsActivateWithVoice"=dword:00000001 // 启用应用语音激活功能
"LetAppsActivateWithVoiceAboveLock"=dword:00000001 // 允许在锁屏状态下通过语音激活应用
"LetAppsAccessGraphicsCaptureProgrammatic"=dword:00000001 // 允许应用访问图形捕获
"LetAppsAccessGraphicsCaptureProgrammatic_UserInControlOfTheseApps"=dword:00000001 // 用户控制哪些应用可以访问图形捕获
"LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps"="" // 强制允许特定应用访问图形捕获
"LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps"="" // 强制拒绝特定应用访问图形捕获
"LetAppsAccessGraphicsCaptureWithoutBorder"=dword:00000001 // 允许应用访问无边框图形捕获
"LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps"=dword:00000001 // 用户控制哪些应用可以访问无边框图形捕获
"LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps"="" // 强制允许特定应用访问无边框图形捕获
"LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps"="" // 强制拒绝特定应用访问无边框图形捕获
备注: 这些设置影响Windows 10/11上应用程序访问图形和空间感知能力的权限,主要涉及增强语音和图形捕获功能。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DataCollection]
"DisableOneSettingsDownloads"=dword:00000001 // 禁用OneSettings下载功能
"EnableOneSettingsAuditing"=dword:00000001 // 启用OneSettings审计
"LimitDiagnosticLogCollection"=dword:00000001 // 限制诊断日志收集
"LimitDumpCollection"=dword:00000001 // 限制转储文件收集
备注: 这些设置主要涉及限制Windows 10/11的诊断数据收集功能,增加隐私保护。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode]
"AllowSaveTargetAsInIEMode"=dword:00000001 // 允许在IE模式下使用“另存为”功能
"EnableExtendedIEModeHotkeys"=dword:00000001 // 启用IE模式下扩展热键功能
备注: 这些设置配置Internet Explorer在企业模式下的行为,以便更好地兼容企业应用程序。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender]
"SupportLogLocation"=dword:00000001 // 启用Windows Defender支持日志
备注: 此项配置启用Windows Defender的支持日志,帮助记录和分析安全事件。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Exclusions]
"Exclusions_IpAddresses"=dword:00000001 // 排除指定的IP地址
备注: 允许用户配置Windows Defender的排除项,避免对指定IP地址进行扫描。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"AllowNetworkProtectionOnWinServer"=dword:00000001 // 允许在Windows Server上启用网络保护
备注: 此项配置用于在Windows Server上启用网络保护功能,防止恶意网络攻击。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\NIS]
"DisableDatagramProcessing"=dword:00000001 // 禁用数据报处理
备注: 禁用数据报处理可以减少某些类型的攻击风险。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableScriptScanning"=dword:00000001 // 禁用脚本扫描
备注: 禁用脚本扫描可以提高性能,但可能降低安全性。
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Signature Updates]
"MeteredConnectionUpdates"=dword:00000001 // 允许在计量连接下更新签名
备注: 该配置允许Windows Defender在计量连接(如移动数据网络)下自动更新病毒签名。
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"UseCloudTrustForOnPremAuth"=dword:00000001 // 启用使用云信任进行本地身份验证
备注: 该配置启用了混合身份验证,结合了本地和云身份验证,提升了灵活性和安全性。
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Sandbox]
"AllowAudioInput"=dword:00000001 // 允许沙盒中输入音频
"AllowClipboardRedirection"=dword:00000001 // 允许沙盒中剪贴板重定向
"AllowNetworking"=dword:00000001 // 允许沙盒中网络连接
"AllowPrinterRedirection"=dword:00000001 // 允许沙盒中打印机重定向
"AllowVGPU"=dword:00000001 // 允许沙盒中使用虚拟GPU
"AllowVideoInput"=dword:00000001 // 允许沙盒中输入视频
备注: 这些设置允许沙盒环境中进行更多的硬件和网络交互,适用于测试和开发。
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"AutoSubscription"=dword:00000001 // 启用自动订阅
备注: 允许在Windows远程桌面会话中启用自动订阅功能。
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Printers]
"EnableDeviceControl"=dword:00000001 // 启用打印机设备控制
"ApprovedUsbPrintDevices"=dword:00000001 // 仅允许经批准的USB打印设备
Windows Registry Editor Version 5.00
; =============================================
; RDP 远程桌面配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
; 修改RDP默认端口为1114 (0x45a = 1114)
"PortNumber"=dword:0000045a
; =============================================
; TCP/IP 网络配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
; 禁用IP源路由,防止IP欺骗攻击
"DisableIPSourceRouting"=dword:00000002
; =============================================
; 密码策略配置
; =============================================
[HKEY_LOCAL_MACHINE\System Access]
; 密码最长使用期限:90天 (0x5a = 90)
"MaximumPasswordAge"=dword:0000005a
; 密码最小长度:8个字符
"MinimumPasswordLength"=dword:00000008
; 启用密码复杂性要求
"PasswordComplexity"=dword:00000001
; 密码历史记录大小:2个密码
"PasswordHistorySize"=dword:00000002
; 账户锁定阈值:1次失败尝试
"LockoutBadCount"=dword:00000001
; 重置锁定计数器时间:5分钟
"ResetLockoutCount"=dword:00000005
; 账户锁定时间:5分钟
"LockoutDuration"=dword:00000005
; =============================================
; 注册表安全配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths]
; 清空允许远程访问注册表的路径列表
"Machine"=""
; =============================================
; 文件和打印机共享安全配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
; 清空空会话管道列表
"NullSessionPipes"=""
; 清空空会话共享列表
"NullSessionShares"=""
; =============================================
; 本地安全认证配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
; 限制匿名访问:1=不允许枚举SAM账户和共享
"Restrictanonymous"=dword:00000001
; 限制匿名SAM访问:1=不允许匿名枚举SAM账户
"Restrictanonymoussam"=dword:00000001
; =============================================
; 用户权限分配
; =============================================
[HKEY_LOCAL_MACHINE\Privilege Rights]
; 关闭系统权限:授予管理员组 (S-1-5-32-544)
"SeShutdownPrivilege"="*S-1-5-32-544"
; 从远程系统强制关机权限:授予管理员组
"SeRemoteShutdownPrivilege"="*S-1-5-32-544"
; 配置单一进程权限:授予管理员组
"SeProfileSingleProcessPrivilege"="*S-1-5-32-544"
; =============================================
; 审计策略配置
; =============================================
[HKEY_LOCAL_MACHINE\Event Audit]
; 审计系统事件:3=成功和失败
"AuditSystemEvents"=dword:00000003
; 审计登录事件:3=成功和失败
"AuditLogonEvents"=dword:00000003
; 审计对象访问:3=成功和失败
"AuditObjectAccess"=dword:00000003
; 审计进程跟踪:3=成功和失败
"AuditProcessTracking"=dword:00000003
; 审计目录服务访问:3=成功和失败
"AuditDSAccess"=dword:00000003
; 审计特权使用:3=成功和失败
"AuditPrivilegeUse"=dword:00000003
; 审计账户登录:3=成功和失败
"AuditAccountLogon"=dword:00000003
; 审计账户管理:3=成功和失败
"AuditAccountManage"=dword:00000003
; =============================================
; 事件日志配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System]
; 事件日志保留策略:0=按需要覆盖事件
"Retention"=dword:00000000
; 最大日志大小:8MB (0x800000 = 8388608 bytes)
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Security]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
; =============================================
; Windows防火墙配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
; 启用Windows防火墙
"EnableFirewall"=dword:00000001
; =============================================
; TCP/IP 协议栈安全加固
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
; SYN洪水攻击保护
"SynAttackProtect"=dword:00000001
; TCP最大端口耗尽保护
"TcpMaxPortsExhausted"=dword:00000005
; TCP最大连接响应重传次数
"TcpMaxConnectResponseRetransmissions"=dword:00000002
; TCP半开连接最大值
"TcpMaxHalfOpen"=dword:000001f4
; TCP重试半开连接最大值
"TcpMaxHalfOpenRetried"=dword:00000190
; 禁用ICMP重定向
"EnableICMPRedirect"=dword:00000000
; 禁用死网关检测
"EnableDeadGWDetect"=dword:00000000
; TCP数据重传次数
"TcpMaxDataRetransmissions"=dword:00000002
; 禁用路由器发现
"PerformRouterDiscovery"=dword:00000000
; KeepAlive时间:300,000毫秒 (5分钟)
"KeepAliveTime"=dword:000493e0
; 禁用路径MTU发现
"EnablePMTUDiscovery"=dword:00000000
; =============================================
; 系统策略配置
; =============================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
; 不显示最后登录用户名
"Dontdisplaylastusername"=dword:00000001
; 锁定屏幕上不显示用户ID
"DontDisplayLockedUserId"=dword:00000003
; 禁用Ctrl+Alt+Del安全注意序列 (0=启用)
"Disablecad"=dword:00000000
; =============================================
; Windows登录配置
; =============================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
; 密码过期警告:14天
"PasswordExpiryWarning"=dword:0000000e
; 禁用自动管理员登录
"AutoAdminLogon"=dword:00000000
; 缓存登录次数:5次
"CachedLogonsCount"=dword:00000005
; =============================================
; 服务器共享配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
; 禁用服务器自动共享
"AutoShareServer"=dword:00000000
; 禁用工作站自动共享
"AutoShareWks"=dword:00000000
; =============================================
; 桌面和屏幕保护程序配置
; =============================================
[HKEY_CURRENT_USER\Control Panel\Desktop]
; 启用屏幕保护程序
"ScreenSaveActive"="1"
; 屏幕保护程序超时:300秒 (5分钟)
"ScreenSaveTimeOut"="300"
; 屏幕保护程序需要密码
"ScreenSaverIsSecure"="1"
; =============================================
; 时间服务配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
; 禁用NTP服务器
"Enabled"=dword:00000000
; =============================================
; 自动播放配置
; =============================================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers]
; 禁用自动播放
"DisableAutoplay"=dword:00000001
; =============================================
; 服务器连接配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
; 自动断开连接时间:15分钟
"Autodisconnect"=dword:0000000f
; 启用强制注销
"Enableforcedlogoff"=dword:00000001
; =============================================
; 区域和语言设置限制
; =============================================
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International]
; 限制语言包和功能安装
"RestrictLanguagePacksAndFeaturesInstall"=dword:00000001
; =============================================
; 打印机策略配置
; =============================================
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers]
; 限制驱动程序安装仅限于管理员
"PointAndPrint!RestrictDriverInstallationToAdministrators"=dword:00000001
; 启用设备控制
"EnableDeviceControl"=dword:00000001
; 批准的USB打印设备
"ApprovedUsbPrintDevices"=dword:00000001
; =============================================
; DNS客户端配置
; =============================================
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient]
; DNS over HTTPS策略
"DoHPolicy"=dword:00000001
; =============================================
; Windows资源管理器配置
; =============================================
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer]
; 隐藏最常用应用
"ShowOrHideMostUsedApps"=dword:00000000
; =============================================
; 推送通知配置
; =============================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications]
; WNS端点配置
"WnsEndpoint"=dword:00000001
; =============================================
; 文件系统策略配置
; =============================================
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies]
; NTFS强制非分页池分配
"NtfsForceNonPagedPoolAllocation"=dword:00000001
; NTFS默认层
"NtfsDefaultTier"=dword:00000001
; NTFS并行刷新阈值
"NtfsParallelFlushThreshold"=dword:00000001
; NTFS并行刷新工作线程
"NtfsParallelFlushWorkers"=dword:00000001
; =============================================
; 沙盒配置
; =============================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Sandbox]
; 允许音频输入
"AllowAudioInput"=dword:00000001
; 允许剪贴板重定向
"AllowClipboardRedirection"=dword:00000001
; 允许网络连接
"AllowNetworking"=dword:00000001
; 允许打印机重定向
"AllowPrinterRedirection"=dword:00000001
; 允许虚拟GPU
"AllowVGPU"=dword:00000001
; 允许视频输入
"AllowVideoInput"=dword:00000001
; =============================================
; 终端服务配置
; =============================================
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
; 自动订阅
"AutoSubscription"=dword:00000001
; =============================================
; 当前用户策略配置
; =============================================
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Printers]
"EnableDeviceControl"=dword:00000001
"ApprovedUsbPrintDevices"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\International]
"RestrictLanguagePacksAndFeaturesInstall"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
; 隐藏Meet Now按钮
"HideSCAMeetNow"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
"ShowOrHideMostUsedApps"=dword:00000000
; =============================================
; 备注说明:
; 1. 此注册表文件包含系统安全加固配置
; 2. 修改RDP端口为1114,增强安全性
; 3. 配置密码策略和账户锁定策略
; 4. 限制匿名访问和空会话
; 5. 启用详细的审计策略
; 6. 配置TCP/IP协议栈安全参数
; 7. 启用Windows防火墙
; 8. 配置各种系统安全策略
; 9. 应用前请备份当前注册表
; 10. 部分设置可能需要重启生效
; =============================================
浙公网安备 33010602011771号