Windows server 2022 安全基线加固 安全加固 仅供参考
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"PortNumber"=dword:0000045a
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableIPSourceRouting"=dword:00000002
[HKEY_LOCAL_MACHINE\System Access]
"MaximumPasswordAge"=dword:0000005a
"MinimumPasswordLength"=dword:00000008
"PasswordComplexity"=dword:00000001
"PasswordHistorySize"=dword:00000002
"LockoutBadCount"=dword:00000001
"ResetLockoutCount"=dword:00000005
"LockoutDuration"=dword:00000005
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths]
"Machine"=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
"NullSessionPipes"=""
"NullSessionShares"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Restrictanonymous"=dword:00000001
"Restrictanonymoussam"=dword:00000001
[HKEY_LOCAL_MACHINE\Privilege Rights]
"SeShutdownPrivilege"="*S-1-5-32-544"
"SeRemoteShutdownPrivilege"="*S-1-5-32-544"
"SeProfileSingleProcessPrivilege"="*S-1-5-32-544"
[HKEY_LOCAL_MACHINE\Event Audit]
"AuditSystemEvents"=dword:00000003
"AuditLogonEvents"=dword:00000003
"AuditObjectAccess"=dword:00000003
"AuditProcessTracking"=dword:00000003
"AuditDSAccess"=dword:00000003
"AuditPrivilegeUse"=dword:00000003
"AuditAccountLogon"=dword:00000003
"AuditAccountManage"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Security]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"SynAttackProtect"=dword:00000001
"TcpMaxPortsExhausted"=dword:00000005
"TcpMaxConnectResponseRetransmissions"=dword:00000002
"TcpMaxHalfOpen"=dword:000001f4
"TcpMaxHalfOpenRetried"=dword:00000190
"EnableICMPRedirect"=dword:00000000
"EnableDeadGWDetect"=dword:00000000
"TcpMaxDataRetransmissions"=dword:00000002
"PerformRouterDiscovery"=dword:00000000
"KeepAliveTime"=dword:000493e0
"EnablePMTUDiscovery"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"Dontdisplaylastusername"=dword:00000001
"DontDisplayLockedUserId"=dword:00000003
"Disablecad"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"PasswordExpiryWarning"=dword:0000000e
"AutoAdminLogon"=dword:00000000
"CachedLogonsCount"=dword:00000005
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
"AutoShareServer"=dword:00000000
"AutoShareWks"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaveActive"="1"
"ScreenSaveTimeOut"="300"
"ScreenSaverIsSecure"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
"Enabled"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers]
"DisableAutoplay"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
"Autodisconnect"=dword:0000000f
"Enableforcedlogoff"=dword:00000001
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International]
"RestrictLanguagePacksAndFeaturesInstall"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers]
"PointAndPrint!RestrictDriverInstallationToAdministrators"=dword:00000001
"EnableDeviceControl"=dword:00000001
"ApprovedUsbPrintDevices"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient]
"DoHPolicy"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer]
"ShowOrHideMostUsedApps"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications]
"WnsEndpoint"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies]
"NtfsForceNonPagedPoolAllocation"=dword:00000001
"NtfsDefaultTier"=dword:00000001
"NtfsParallelFlushThreshold"=dword:00000001
"NtfsParallelFlushWorkers"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\Windows NT\Printers]
"EnableDeviceControl"=dword:00000001
"ApprovedUsbPrintDevices"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters]
"CloudKerberosTicketRetrievalEnabled"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters]
"DnsSrvRecordUseLowerCaseHostNames"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\SAM]
"SamNGCKeyROCAValidation"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\StorageSense]
"AllowStorageSenseGlobal"=dword:00000001
"AllowStorageSenseTemporaryFilesCleanup"=dword:00000001
"ConfigStorageSenseGlobalCadence"=dword:00000001
"ConfigStorageSenseCloudContentDehydrationThreshold"=dword:00000001
"ConfigStorageSenseRecycleBinCleanupThreshold"=dword:00000001
"ConfigStorageSenseDownloadsCleanupThreshold"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx]
"AllowAutomaticAppArchiving"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy]
"LetAppsAccessBackgroundSpatialPerception"=dword:00000001
"LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps"=dword:00000001
"LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps"=""
"LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps"=""
"LetAppsActivateWithVoice"=dword:00000001
"LetAppsActivateWithVoiceAboveLock"=dword:00000001
"LetAppsAccessGraphicsCaptureProgrammatic"=dword:00000001
"LetAppsAccessGraphicsCaptureProgrammatic_UserInControlOfTheseApps"=dword:00000001
"LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps"=""
"LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps"=""
"LetAppsAccessGraphicsCaptureWithoutBorder"=dword:00000001
"LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps"=dword:00000001
"LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps"=""
"LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps"=""
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DataCollection]
"DisableOneSettingsDownloads"=dword:00000001
"EnableOneSettingsAuditing"=dword:00000001
"LimitDiagnosticLogCollection"=dword:00000001
"LimitDumpCollection"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode]
"AllowSaveTargetAsInIEMode"=dword:00000001
"EnableExtendedIEModeHotkeys"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender]
"SupportLogLocation"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Exclusions]
"Exclusions_IpAddresses"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"AllowNetworkProtectionOnWinServer"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\NIS]
"DisableDatagramProcessing"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableScriptScanning"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Signature Updates]
"MeteredConnectionUpdates"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"UseCloudTrustForOnPremAuth"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Sandbox]
"AllowAudioInput"=dword:00000001
"AllowClipboardRedirection"=dword:00000001
"AllowNetworking"=dword:00000001
"AllowPrinterRedirection"=dword:00000001
"AllowVGPU"=dword:00000001
"AllowVideoInput"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"AutoSubscription"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Printers]
"EnableDeviceControl"=dword:00000001
"ApprovedUsbPrintDevices"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\International]
"RestrictLanguagePacksAndFeaturesInstall"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HideSCAMeetNow"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
"ShowOrHideMostUsedApps"=dword:00000000
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode]
"AllowSaveTargetAsInIEMode"=dword:00000001
"EnableExtendedIEModeHotkeys"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PassportForWork]
"UseCloudTrustForOnPremAuth"=dword:00000001
Windows Registry Editor Version 5.00
; =============================================
; RDP 远程桌面配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
; 修改RDP默认端口为1114 (0x45a = 1114)
"PortNumber"=dword:0000045a
; =============================================
; TCP/IP 网络配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
; 禁用IP源路由,防止IP欺骗攻击
"DisableIPSourceRouting"=dword:00000002
; =============================================
; 密码策略配置
; =============================================
[HKEY_LOCAL_MACHINE\System Access]
; 密码最长使用期限:90天 (0x5a = 90)
"MaximumPasswordAge"=dword:0000005a
; 密码最小长度:8个字符
"MinimumPasswordLength"=dword:00000008
; 启用密码复杂性要求
"PasswordComplexity"=dword:00000001
; 密码历史记录大小:2个密码
"PasswordHistorySize"=dword:00000002
; 账户锁定阈值:1次失败尝试
"LockoutBadCount"=dword:00000001
; 重置锁定计数器时间:5分钟
"ResetLockoutCount"=dword:00000005
; 账户锁定时间:5分钟
"LockoutDuration"=dword:00000005
; =============================================
; 注册表安全配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths]
; 清空允许远程访问注册表的路径列表
"Machine"=""
; =============================================
; 文件和打印机共享安全配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
; 清空空会话管道列表
"NullSessionPipes"=""
; 清空空会话共享列表
"NullSessionShares"=""
; =============================================
; 本地安全认证配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
; 限制匿名访问:1=不允许枚举SAM账户和共享
"Restrictanonymous"=dword:00000001
; 限制匿名SAM访问:1=不允许匿名枚举SAM账户
"Restrictanonymoussam"=dword:00000001
; =============================================
; 用户权限分配
; =============================================
[HKEY_LOCAL_MACHINE\Privilege Rights]
; 关闭系统权限:授予管理员组 (S-1-5-32-544)
"SeShutdownPrivilege"="*S-1-5-32-544"
; 从远程系统强制关机权限:授予管理员组
"SeRemoteShutdownPrivilege"="*S-1-5-32-544"
; 配置单一进程权限:授予管理员组
"SeProfileSingleProcessPrivilege"="*S-1-5-32-544"
; =============================================
; 审计策略配置
; =============================================
[HKEY_LOCAL_MACHINE\Event Audit]
; 审计系统事件:3=成功和失败
"AuditSystemEvents"=dword:00000003
; 审计登录事件:3=成功和失败
"AuditLogonEvents"=dword:00000003
; 审计对象访问:3=成功和失败
"AuditObjectAccess"=dword:00000003
; 审计进程跟踪:3=成功和失败
"AuditProcessTracking"=dword:00000003
; 审计目录服务访问:3=成功和失败
"AuditDSAccess"=dword:00000003
; 审计特权使用:3=成功和失败
"AuditPrivilegeUse"=dword:00000003
; 审计账户登录:3=成功和失败
"AuditAccountLogon"=dword:00000003
; 审计账户管理:3=成功和失败
"AuditAccountManage"=dword:00000003
; =============================================
; 事件日志配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System]
; 事件日志保留策略:0=按需要覆盖事件
"Retention"=dword:00000000
; 最大日志大小:8MB (0x800000 = 8388608 bytes)
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Security]
"Retention"=dword:00000000
"MaxSize"=dword:00800000
; =============================================
; Windows防火墙配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
; 启用Windows防火墙
"EnableFirewall"=dword:00000001
; =============================================
; TCP/IP 协议栈安全加固
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
; SYN洪水攻击保护
"SynAttackProtect"=dword:00000001
; TCP最大端口耗尽保护
"TcpMaxPortsExhausted"=dword:00000005
; TCP最大连接响应重传次数
"TcpMaxConnectResponseRetransmissions"=dword:00000002
; TCP半开连接最大值
"TcpMaxHalfOpen"=dword:000001f4
; TCP重试半开连接最大值
"TcpMaxHalfOpenRetried"=dword:00000190
; 禁用ICMP重定向
"EnableICMPRedirect"=dword:00000000
; 禁用死网关检测
"EnableDeadGWDetect"=dword:00000000
; TCP数据重传次数
"TcpMaxDataRetransmissions"=dword:00000002
; 禁用路由器发现
"PerformRouterDiscovery"=dword:00000000
; KeepAlive时间:300,000毫秒 (5分钟)
"KeepAliveTime"=dword:000493e0
; 禁用路径MTU发现
"EnablePMTUDiscovery"=dword:00000000
; =============================================
; 系统策略配置
; =============================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
; 不显示最后登录用户名
"Dontdisplaylastusername"=dword:00000001
; 锁定屏幕上不显示用户ID
"DontDisplayLockedUserId"=dword:00000003
; 禁用Ctrl+Alt+Del安全注意序列 (0=启用)
"Disablecad"=dword:00000000
; =============================================
; Windows登录配置
; =============================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
; 密码过期警告:14天
"PasswordExpiryWarning"=dword:0000000e
; 禁用自动管理员登录
"AutoAdminLogon"=dword:00000000
; 缓存登录次数:5次
"CachedLogonsCount"=dword:00000005
; =============================================
; 服务器共享配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
; 禁用服务器自动共享
"AutoShareServer"=dword:00000000
; 禁用工作站自动共享
"AutoShareWks"=dword:00000000
; =============================================
; 桌面和屏幕保护程序配置
; =============================================
[HKEY_CURRENT_USER\Control Panel\Desktop]
; 启用屏幕保护程序
"ScreenSaveActive"="1"
; 屏幕保护程序超时:300秒 (5分钟)
"ScreenSaveTimeOut"="300"
; 屏幕保护程序需要密码
"ScreenSaverIsSecure"="1"
; =============================================
; 时间服务配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
; 禁用NTP服务器
"Enabled"=dword:00000000
; =============================================
; 自动播放配置
; =============================================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers]
; 禁用自动播放
"DisableAutoplay"=dword:00000001
; =============================================
; 服务器连接配置
; =============================================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
; 自动断开连接时间:15分钟
"Autodisconnect"=dword:0000000f
; 启用强制注销
"Enableforcedlogoff"=dword:00000001
; =============================================
; 区域和语言设置限制
; =============================================
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International]
; 限制语言包和功能安装
"RestrictLanguagePacksAndFeaturesInstall"=dword:00000001
; =============================================
; 打印机策略配置
; =============================================
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers]
; 限制驱动程序安装仅限于管理员
"PointAndPrint!RestrictDriverInstallationToAdministrators"=dword:00000001
; 启用设备控制
"EnableDeviceControl"=dword:00000001
; 批准的USB打印设备
"ApprovedUsbPrintDevices"=dword:00000001
; =============================================
; DNS客户端配置
; =============================================
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient]
; DNS over HTTPS策略
"DoHPolicy"=dword:00000001
; =============================================
; Windows资源管理器配置
; =============================================
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer]
; 隐藏最常用应用
"ShowOrHideMostUsedApps"=dword:00000000
; =============================================
; 推送通知配置
; =============================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications]
; WNS端点配置
"WnsEndpoint"=dword:00000001
; =============================================
; 文件系统策略配置
; =============================================
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies]
; NTFS强制非分页池分配
"NtfsForceNonPagedPoolAllocation"=dword:00000001
; NTFS默认层
"NtfsDefaultTier"=dword:00000001
; NTFS并行刷新阈值
"NtfsParallelFlushThreshold"=dword:00000001
; NTFS并行刷新工作线程
"NtfsParallelFlushWorkers"=dword:00000001
; =============================================
; 沙盒配置
; =============================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Sandbox]
; 允许音频输入
"AllowAudioInput"=dword:00000001
; 允许剪贴板重定向
"AllowClipboardRedirection"=dword:00000001
; 允许网络连接
"AllowNetworking"=dword:00000001
; 允许打印机重定向
"AllowPrinterRedirection"=dword:00000001
; 允许虚拟GPU
"AllowVGPU"=dword:00000001
; 允许视频输入
"AllowVideoInput"=dword:00000001
; =============================================
; 终端服务配置
; =============================================
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
; 自动订阅
"AutoSubscription"=dword:00000001
; =============================================
; 当前用户策略配置
; =============================================
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Printers]
"EnableDeviceControl"=dword:00000001
"ApprovedUsbPrintDevices"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\International]
"RestrictLanguagePacksAndFeaturesInstall"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
; 隐藏Meet Now按钮
"HideSCAMeetNow"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
"ShowOrHideMostUsedApps"=dword:00000000
; =============================================
; 备注说明:
; 1. 此注册表文件包含系统安全加固配置
; 2. 修改RDP端口为1114,增强安全性
; 3. 配置密码策略和账户锁定策略
; 4. 限制匿名访问和空会话
; 5. 启用详细的审计策略
; 6. 配置TCP/IP协议栈安全参数
; 7. 启用Windows防火墙
; 8. 配置各种系统安全策略
; 9. 应用前请备份当前注册表
; 10. 部分设置可能需要重启生效
; =============================================
浙公网安备 33010602011771号