Splitting Rocks

Windows Security

Quick Security Change for Windows 10, Windows 2k8r2 Server, and ???

Open an administrator CMD window Watch Video
Export the old configuration: Watch Video


C:\Windows\System32\SecEdit.exe /export /cfg "C:\%COMPUTERNAME%-Config-Export.inf"

In the cmd terminal as ADMINISTRATOR:
Create file C:\newsecurity.inf with the following AND "SAVE AS" UNICODE!!!!:


[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 2
MaximumPasswordAge = 42
MinimumPasswordLength = 8
PasswordComplexity = 1
PasswordHistorySize = 5
LockoutBadCount = 5
RequireLogonToChangePassword = 0
ForceLogoffWhenHourExpire = 0
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableAdminAccount = 0
EnableGuestAccount = 0
[Event Audit]
AuditSystemEvents = 3
AuditLogonEvents = 3
AuditObjectAccess = 3
AuditPrivilegeUse = 3
AuditPolicyChange = 3
AuditAccountManage = 3
AuditProcessTracking = 3
AuditDSAccess = 3
AuditAccountLogon = 3
[Version]
signature="$CHICAGO$"
Revision=1

Run C:\Windows\System32\secedit.exe /configure /db C:\Windows\security\new.sdb /cfg C:\newsecurity.inf /areas SECURITYPOLICY

Stuff to Check

Is the firewall enabled?
Is Anti-Virus (Windows Defender) Enabled

Hidden Files

Find Hidden Files

Passwords

Recommeded Password Settings

Windows 10 Services

Windows 10

Win2k16

Windows Win2k16

GodMode

Windows 7 Update

Download File IIS - Internet Information Server (HTTP or FTP) - Turn on or off in Control Panel (Turn Windows Features on or off)

Local Policy - Audit Policy
1	Audit account logon events	Success, Failure
2	Audit logon events	Success, Failure
3	Audit policy change	Success, Failure
Local Policy - Security Options
4	Accounts: Guest account status	Disabled
Account Policies - Password Policy
5	Enforce password history	Any value from 3 to 24
6	Maximum password age	Any value from 30 to 90
7	Minimum password age	Any value from 1 to 1
8	Minimum password length	Any value from 8 to 14
9	Password must meet complexity requirements	Enabled
10	Automatic Updates	Install updates automatically
Firewall Profiles
11	Domain Profile	Firewall State: On
12	Domain Profile	Inbound connections: Block
13	Private Profile	Firewall State: On
14	Private Profile	Inbound connections: Block
15	Public Profile	Firewall State: On
16	Public Profile	Inbound connections: Block all connections
Firewall - Inbound Rules
17	Apache HTTP Server	Profile:Domain Enabled:True Protocol: UDP Action:Block the connection LocalAddress:Any RemoteAddress:Any LocalPort:Any RemotePort:Any
18	Apache HTTP Server	Profile:Domain Enabled:True Protocol: TCP Action:Block the connection LocalAddress:Any RemoteAddress:Any LocalPort:Any RemotePort:Any
19	Apache HTTP Server	Profile:Public,Private Enabled:True Protocol: UDP Action:Block the connection LocalAddress:Any RemoteAddress:Any LocalPort:Any RemotePort:Any
20	Apache HTTP Server	Profile:Public,Private Enabled:True Protocol: TCP Action:Block the connection LocalAddress:Any RemoteAddress:Any LocalPort:Any RemotePort:Any
21	BranchCache Content Retrieval (HTTP-In)	Profile:Public,Private,Domain Enabled:False Protocol: TCP Action:Block the connection LocalAddress:Any RemoteAddress:Any LocalPort:80 RemotePort:Any
22	BranchCache Hosted Cache Server (HTTP-In)	Profile:Public,Private,Domain Enabled:False Protocol: TCP Action:Block the connection LocalAddress:Any RemoteAddress:Any LocalPort:80,443 RemotePort:Any
23	Core Networking - IPv8 Master	Profile:Public,Private,Domain Enabled:True Protocol: TCP Action:Block the connection LocalAddress:Any RemoteAddress:Any LocalPort:80,8080,8888 RemotePort:Any
Services
24	Apache2.2	Stopped - Disabled
Roles and Features
25	FTP Server	ItemDisabled
Other
26	Remote Desktop	Don't allow connections to this computer
27	Files to be removed from the system	C:\Users\Elliot\Downloads\httpd-2.2.25-win32-x86-no_ssl.msi