HarborFront

Level 46
Verified
Content Creator

WinXPert

Level 24
Verified
Trusted
Malware Hunter

TairikuOkami

Level 23
Verified
Content Creator
Can you add code to have it kill Cortana also?
Killing off Cortana is easy, but it is too entwined into the system, so the consequences might be severe.

Code:
takeown /f "%WinDir%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" /a /r /d y
icacls "%WinDir%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" /inheritance:r /grant:r Administrators:(OI)(CI)F /t /l /q /c
taskkill /im SearchUI.exe /f
rd "%WinDir%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" /s /q
 

DavidLMO

Level 4
Sorry - If posted here I missed it.

I created a Restore point first. Does this app do that?
I did that cause I have changed quite a few settings on my own previously. I could never remember all that I have done. :)

If Resetting to Defaults set them back to M$ defaults - then I would be hosed. So I wanted to save My current settings. Restore point does that.

Anyway - found a couple of things that I wanted to change which were not checked and I checked them.

Ran last evening. So far I have not encountered anything weird - so fingers crossed.

And - Yes - I would like to remove all Telemetry too. It is such a pain.
 

jelson

Level 2
Blocking Windows telemetry is not just an option. It is a big thing.

I think the software is more of hardening Windows security rather than its privacy

For privacy you can look to freeware like O&O Shut Up 10

O&O ShutUp10: download free antispy tool for Windows 10

or follow the below to improve your privacy

Windows 10 Privacy Guide - Fall Creators Update
An alternative [but not for the faint of heart] would be to consider a Windows 7 solution by abbodi1406 on MyDigitalLife Forums
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Released SysHardener v1.1:
Harden Windows Settings with SysHardener | NoVirusThanks

Screenshots of the new tabs:

syshardener-1.1.png


Here is the changelog:

+ Fixed tweaks related to Foxit Reader
+ Fixed "Set Macros Security to "Very High" in Kingsoft WPS Office"
+ Enabled "Turn Off WinHTTP Web Proxy Auto-Discovery Service":
*** References: Project Zero: aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
+ Added an "info" icon that on click it opens a web page
+ Ask to create a system restore point
+ Support parameter "/createrestorepoint" from command-line
+ New option "Disable PowerShell Script Execution (Windows 7+)"
+ New option "Restric PowerShell (v3+) to Constrained Language Mode"
+ New option "Configure Behavior of UAC Prompt for Administrators"
+ New option "Configure Behavior of UAC Prompt for Users"
+ Added "System Tools" tab to open useful system tools
+ Minor fixes and optimizations
+ Updated help file
 

Slyguy

Level 41
Verified
Careful with this. It hardened my server so much I can't even login anymore. RDP doesn't work as well.

I've unchecked everything I can find relating to remote access, but where does this kill RDP? I need to know or I am going to have to restore backups on the server to fix it. :unsure:

@NoVirusThanks Can you tell me what part of this disables RDP or potentially damages RDP access? I can't find it.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
@Slyguy

What tweaks did you apply? Only the default ones or all of them?

Only these two tweaks should be related to RDP:

Turn Off Remote Desktop Connection to This PC (unchecked by default)
Turn Off Remote Desktop Services (unchecked by default)

Try this:

1) Unselect all tweaks
2) Then check\select only the following tweaks:

Turn Off Remote Desktop Connection to This PC
Turn Off Windows Remote Assistance
Turn Off Helper IP (IPv6) Service
Turn Off TCP/IP NetBIOS Helper Service
Turn Off WinHTTP Web Proxy Auto-Discovery Service
Turn Off Radio Management Service
Turn Off Remote Desktop Services
Block Inbound Connections

3) Now click on "Restore Selected"
4) Reboot

Let me know if that works.

In case it doesn't, try to select also all Windows Firewall rules and click "Restore Selected" and reboot.
 
Last edited:

Slyguy

Level 41
Verified
@Slyguy

What tweaks did you apply? Only the default ones or all of them?

Only these two tweaks should be related to RDP:

Turn Off Remote Desktop Connection to This PC (unchecked by default)
Turn Off Remote Desktop Services (unchecked by default)

Try this:

1) Unselect all tweaks
2) Then check\select only the following tweaks:

Turn Off Remote Desktop Connection to This PC
Turn Off Windows Remote Assistance
Turn Off Helper IP (IPv6) Service
Turn Off TCP/IP NetBIOS Helper Service
Turn Off WinHTTP Web Proxy Auto-Discovery Service
Turn Off Radio Management Service
Turn Off Remote Desktop Services
Block Inbound Connections

3) Now click on "Restore Selected"
4) Reboot

Let me know if that works.

In case it doesn't, try to select also all Windows Firewall rules and click "Restore Selected" and reboot.
Thanks, I will give it a look when I get home. For now I setup a VPN and Secured Portal to the server. This is more secure, so maybe it's a good think RDP was trashed on it anyway. But I still want to putz around getting RDP to work.

The old method to secure RDP was to change the default RDP port in registry to something like 5389 instead of 3389 then referencing that port in the RDP connection. That, combined with changing the admin name (BroADMIN instead of admin) combined with a strong password was generally always considered 'enough' RDP security. But given the prevalence of RDP hacking maybe I should just move away from RDP altogether...
 

Slyguy

Level 41
Verified
Speaking of this. There is real potential for a 'server' version of this to be used under commercial conditions. Server lockdowns are becoming problematic, simply finding all of the potential holes is ridiculously time consuming. Something to consider I guess. If it locked down my own damn server so much I couldn't even get into it using a variety of methods and had to physically connect a monitor and keyboard to get in, then it probably has some potential in the corporate world.

Also, I am feeling this might be effective against state-actors, as they tend to exploit a good number of holes this plugs up.
 
  • Like
Reactions: oldschool