Hard_Configurator - Windows Hardening Configurator

Sunshine-boy said:
@Andy Ful
Can I still use this tool on windows 10 pro version?or it doesn't work on pro?
Click to expand...
I use it on Windows 10 Pro without issues. But, one should not activate Software Restriction Policies using gpedit.msc or secpol.msc. The policies configured by Group Policy Editor are refreshed periodically and can overwrite Hard_Configuration settings in the Registry. This is true for any shared policy of Hard_Configurator and Group Policy Editor.
 
Last edited:
  • Like
Reactions: Sunshine-boy, AlanOstaszewski and ForgottenSeer
I changed some setting in grp policy via tips I found on google but didn't touch software restriction policy.
That group policy changes will go if I install your tool??
 
  • Like
Reactions: Andy Ful
Sunshine-boy said:
I changed some setting in grp policy via tips I found on google but didn't touch software restriction policy.
That group policy changes will go if I install your tool??
Click to expand...
Simply install Hard_Configurator and activate the options from the right panel. The next day look which of them has been changed.:)
 
Last edited:
  • Like
Reactions: Deleted member 65228, Sunshine-boy and AlanOstaszewski
Sunshine-boy said:
I changed some setting in grp policy via tips I found on google but didn't touch software restriction policy.
That group policy changes will go if I install your tool??
Click to expand...
Also, the default Windows policy setting is shown in Hard_Configurator as 'OFF'. So, after the first Hard_Configurator run, the shared policies changed by Group Editor to non default, will be shown in Hard_Configurator as 'ON' or '?'.

Edit
Added '?' in the last sentence.
 
Last edited:
  • Like
Reactions: Deleted member 65228, AlanOstaszewski and Sunshine-boy
@Andy Ful
If I run this program and only apply Validate Signatures reg tweak and add some portable apps in whitelist will it work?
(is this a solution for question from other theme, you know what I mean)
 
askalan said:
...
More Windows Defender tweaks will came to the next update! I can't wait for this!
Click to expand...
This is a good proposition from @askalan, to add the option for activating Defender's highest detection level (extended cloud check). :)
 
  • Like
Reactions: oldschool, AlanOstaszewski and Sunshine-boy
Av Gurus said:
@Andy Ful
If I run this program and only apply Validate Signatures reg tweak and add some portable apps in whitelist will it work?
(is this a solution for question from other theme, you know what I mean)
Click to expand...

There is no problem to run Hard_Configurator. You have to temporarily turn OFF Validate Signatures, as with your portable applications. The same is true when installing new programs, because of Run As SmartScreen executable which forces SmartScreen check. When Validate Signatures is turned ON, then 'Run As SmartScreen' option is not available.

Edit.
For the daily work (no configuration changes, no installing new programs), Hard_Configurator settings coexist peacefully with Validate Signatures. This is possible because no Hard_Configurator executable is required to maintain the settings, they are saved in the Registry.
 
Last edited:
  • Like
Reactions: Parsh, Sunshine-boy and Av Gurus
One thing should be remembered. The Validate Signatures UAC setting, can be bypassed via any UAC bypass, so it is much stronger on SUA, as compared to Administrator Account. The strongest setup is Disable Elevation on SUA. In this case, all admin work + installing new programs have to be done on Administrator Account.

Edit.
In the Validate Signatures setting only signed and validated programs can elevate on all type of accounts, but can be baypassed on Admin Account. The Disable Elevation on SUA setting applies only to SUA (has no impact to Admin Account).
 
Last edited:
  • Like
Reactions: ForgottenSeer 85179, Parsh, Sunshine-boy and 2 others
askalan said:
"Program nie jest dla mnie, tylko dla użytkowników.:)" - @Andy Ful
The program is not for me. It is only for users.

More Windows Defender tweaks will came to the next update! I can't wait for this!
Click to expand...
I have bad news about Defender tweaks. I planned to add the Defender CloudBlockLevel option, which makes use of more aggressive scanning in the cloud. But it seems, that this option will be redesigned and unavailable for home users in Fall Creators Update.
Policy CSP - Defender
Also, Defender EnableControlledFolderAccess option (anti-ransomware), will be probably unavailable for home users.
Policy CSP - Defender
The good news is that the AllowIntrusionPreventionSystem will be introduced as default for home users (related to Exploit Guard) , like other older options (Script Scanning, Behavior Monitoring).
So, there won't be any changes, in the next Hard_Configurator version, related to Defender tweaks. :(
 
  • Like
Reactions: Sunshine-boy, plat1098, Parsh and 2 others
For now, Hard_Configurator is directed to Windows Home users, who cannot configure Windows hardening settings via GPO. All Hard_Configurator settings can be set on Windows Home, only via the reg tweaks. Messing with the Registry is inconvenient and dangerous for most home users, so I created Hard_Configurator. But, I will keep your suggestion in mind.:)
 
  • Like
Reactions: oldschool, Sunshine-boy, Deleted member 178 and 2 others
  • Like
Reactions: ForgottenSeer 85179, Tiny, Av Gurus and 2 others

You may also like...