Q&A Windows' Security Tweaks

  • Thread starter Deleted member 178
  • Start date

Will you use these Windows Security Tweaks?

  • Total voters

Deleted member 178

hi guys,

So i will put here various tweaks (registry, group policy, etc...) i found around the net to secure Windows more tightly. By doing them , you will reduce the attacks vector and may even remove the need of security solutions.

As a basis there is these articles to secure the network and the system

For Win7: Harden Windows 7 SP1 64bit
For Win10 : Harden Windows 10 - A Security Guide. How to secure Windows 10

Be careful some tweaks will cripple some of the OS functions; test before applying definitively.

There are network Tweaks: Windows' Security Tweaks
there System tweaks: Windows' Security Tweaks

To create registry files from the script below:

- open notepad
- copy the lines
- save the file as .reg file (for example "disable unsigned elevation.reg)
- click on the newly made .reg file, you will have 2 prompts, say yes.
- the tweak will be applied.
Last edited by a moderator:

Deleted member 178

System Tweaks

LSA Protection :

Enable LSA protection in Windows 8.1 and Server 2012 R2

Ask password for Admin Account:
If a process ask for elevation , UAC will request your password even in admin account.
Create a registry file with this lines :
Windows Registry Editor Version 5.00

; Created by: Shawn Brink
; http://www.eightforums.com
; Tutorial: http://www.eightforums.com/tutorials/41136-uac-change-prompt-behavior-administrators-windows.html


Blocking Unsigned Elevation :
90% of malware are unsigned and will request an elevation from UAC, this trick will block the request.
Create a registry file with this lines :
Windows Registry Editor Version 5.00


If successfully implemented, the next unsigned process/program; won't be allow to execute, and you will have a error box.
To re-enabled unsigned elevation , use the same line but with "dword:00000000"

Disable Javascript (for Edge)

we all know That javascript is a well-know attack vector .
Create a registry file with this lines :
Windows Registry Editor Version 5.00

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings\Zones\3]

Some tweaks from @ParaXY
;Set SmartScreen to warn:

;Turn off Remote Assistance:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance]

;Turn UAC to max setting:

;Enable PUP in Defender:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]

;Deny elevation of unsigned executables:

;Enable Secure Sign in screen (Ctrl + Alt + Del:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]



;Ask for user name and password at log on screen:

;Disable cmd.exe for SUA account:
Last edited by a moderator:


Level 5
Jan 19, 2015

What kind of file should I create when making these lines?

  • Like
Reactions: Logethica


Level 5
Jan 19, 2015
Block unsigned works, but password tweak doesn't

(unsigned error message when trying to open)

Now it works with password, I guess you need BOTH tweaks (block unsigned & password tweak) for it to work, cause when I used only the password tweak but not the unsigned one, it didn't ask for password, but now that I use both tweaks it does.


Level 53
Content Creator
Aug 2, 2015
I employed the Edge Tweak and the Blocking Unsigned Elevation.
After doing this, any uninstall or install of software is requiring my Admin password.
I'm not complaining for me, now that I have a awesome config that I won't change anytime soon
this is awesome :)
To test it I have a 1year sub to Office so i uninstalled and re-installed it, on both occasions it required
my admin password, there was an update for Macrium Reflect, rather than just updating I did the
same I uninstalled & Re-installed it and both times It again required my Admin Password. My last
install was for GOG Galaxy (Game Client) same results.
This may not be optimal for a user that changes their software often, but man I am loving this
tweak. The weird thing for me is that I only did the code for the blocking, so this will serve
as a "heads up" for anyone else thinking of employing that tweak.
It could be that other tweaks I have done in the past are affecting this too, but either
way I love the results
Your the best Umbra, great share.
Last edited: