Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 7,491
Post updated in October 2022.
The current build of Windows 11 ver. 22H2 (clean installation) is not fully compatible with Hard_Configurator. The SRP in H_C will work well if Windows has been upgraded from Windows 10 or updated from version 21H2 (or from the prior version). Unfortunately, SRP does not currently work on clean installations of Windows 11 ver. 22H2. See my post:
https://malwaretips.com/threads/simple-windows-hardening.102265/post-1008015
Developer website:
github.com
Hard_Configurator was created after a discussion on the below treads:
https://www.wilderssecurity.com/thr...ith-lua-and-srp-even-without-ultimate.232857/
Secure Windows - Software restriction Policies to Windows Home
Windows Pro owner? Use Software Restriction Policies!
Poll - Do you use security reg tweaks?
Run by Smartscreen utility
Microsoft documentation for Software Restriction Policies (July 2021):
https://docs.microsoft.com/en-us/wi...iction-policies/software-restriction-policies
This documentation was made for Windows Server (2012, 2016, 2019, and 2022), but SRP works the same on Windows 7, 8, 8.1, 10, and 11.
Software Restriction Policies can be applied alongside Applocker policies:
What is Hard_Configurator for?
This program can configure Windows built-in security to harden the system. When you close Hard_Configurator it closes all its processes. The real-time protection comes from the reconfigured Windows settings. Hard_Configurator can be seen as a Medium Integrity Level smart default-deny setup, which is based on SRP + Application Reputation Service (forced SmartScreen) + Windows hardening settings (restricting vulnerable features).
Hard_Configurator makes changes in Windows Registry to accomplish the tasks enumerated below:
Many of the above tasks can be made by using Windows RegEdit. Anyway, with Hard_Configurator, it can be done more quickly and safely.
This program was created for advanced users to secure inexperienced users.
The current build of Windows 11 ver. 22H2 (clean installation) is not fully compatible with Hard_Configurator. The SRP in H_C will work well if Windows has been upgraded from Windows 10 or updated from version 21H2 (or from the prior version). Unfortunately, SRP does not currently work on clean installations of Windows 11 ver. 22H2. See my post:
https://malwaretips.com/threads/simple-windows-hardening.102265/post-1008015
Developer website:
GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS
GUI to Manage Software Restriction Policies and harden Windows Home OS - GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS
Hard_Configurator was created after a discussion on the below treads:
https://www.wilderssecurity.com/thr...ith-lua-and-srp-even-without-ultimate.232857/
Secure Windows - Software restriction Policies to Windows Home
Windows Pro owner? Use Software Restriction Policies!
Poll - Do you use security reg tweaks?
Run by Smartscreen utility
Microsoft documentation for Software Restriction Policies (July 2021):
https://docs.microsoft.com/en-us/wi...iction-policies/software-restriction-policies
This documentation was made for Windows Server (2012, 2016, 2019, and 2022), but SRP works the same on Windows 7, 8, 8.1, 10, and 11.
Software Restriction Policies can be applied alongside Applocker policies:

Use Software Restriction Policies and AppLocker policies (Windows)
This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment.
learn.microsoft.com
What is Hard_Configurator for?
This program can configure Windows built-in security to harden the system. When you close Hard_Configurator it closes all its processes. The real-time protection comes from the reconfigured Windows settings. Hard_Configurator can be seen as a Medium Integrity Level smart default-deny setup, which is based on SRP + Application Reputation Service (forced SmartScreen) + Windows hardening settings (restricting vulnerable features).
Hard_Configurator makes changes in Windows Registry to accomplish the tasks enumerated below:
- Enabling Software Restriction Policies (SRP) in Windows Home editions.
- Changing SRP Security Levels, Enforcement options, and Designated File Types.
- Whitelisting files in SRP by path (also with wildcards) and by hash.
- Blocking the vulnerable system executables via SRP.
- Protecting (deny execution) writable subfolders in "C:\Windows" folder (via SRP).
- Restricting shortcut execution to some folders only (via SRP).
- Enabling Windows Defender advanced settings, like PUA protection, ASR rules, Network Protection etc.
- Blocking outbound connections of many LOLBins and user applications.
- Filtering Windows Event Log for blocked outbound connections.
- Protecting against weaponized documents, when MS Office and Adobe Acrobat Reader XI/DC are used to open them.
- Disabling PowerShell script execution (Windows 7+).
- Securing PowerShell by Constrained Language mode (SRP, PowerShell 5.0+)
- Disabling execution of scripts managed by Windows Script Host.
- Removing "Run as administrator" option from the Explorer right-click context menu.
- Forcing SmartScreen check for files without 'Mark Of The Web' (Windows 8+).
- Disabling Remote Desktop, Remote Assistance, Remote Shell, and Remote Registry.
- Disabling execution of 16-bit applications.
- Securing Shell Extensions.
- Disabling SMB protocols.
- Disabling program elevation on Standard User Account.
- Disabling Cached Logons.
- Filtering Windows Event Log for blocked file execution events (Nirsoft FullEventLogView).
- Filtering autoruns from the User Space, and script autoruns from anywhere (Sysinternals Autorunsc).
- Turning ON/OFF all the above restrictions.
- Restoring Windows Defaults.
- Making System Restore Point.
- Using predefined setting profiles for Windows 7, Windows 8, and Windows 10.
- Saving the chosen restrictions as a profile, and restoring when needed.
- Backup management for Profile Base (whitelist profiles and setting profiles).
- Changing GUI skin.
- Updating application.
- Uninstalling application (Windows defaults restored).
Many of the above tasks can be made by using Windows RegEdit. Anyway, with Hard_Configurator, it can be done more quickly and safely.
This program was created for advanced users to secure inexperienced users.
Last edited: