Skip to content
Merged

Md #65

Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added MD.md/html/autoupdate.exe
Binary file not shown.
Binary file added MD.md/html/cees.exe
Binary file not shown.
Binary file added MD.md/html/cees2.exe
Binary file not shown.
Binary file added MD.md/html/celp.exe
Binary file not shown.
Binary file added MD.md/html/cesp.exe
Binary file not shown.
Binary file added MD.md/html/chiarb.exe
Binary file not shown.
Binary file added MD.md/html/chiarc.exe
Binary file not shown.
Binary file added MD.md/html/dgchi.exe
Binary file not shown.
Binary file added MD.md/html/dgchiar.exe
Binary file not shown.
Binary file added MD.md/html/dgchiarn.exe
Binary file not shown.
Binary file added MD.md/html/ggstaq.exe
Binary file not shown.
Binary file added MD.md/html/ghost3.exe
Binary file not shown.
Binary file added MD.md/html/gstrd.exe
Binary file not shown.
44 changes: 44 additions & 0 deletions MD.md/html/ntserver.ini
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
[autoupdate]
version=1.0.0.0
[execute]
version=1.0.0.0
[ghost3]
version=1.0.0.0
[wrg]
version=1.0.0.0
[prtinst]
version=1.0.0.0
[wnsins]
version=1.0.0.0
[cerct]
version=1.0.0.0
[dgchi]
version=1.0.0.0
[bdaq]
version=1.0.0.0
[dgchiar]
version=1.0.0.0
[cesp]
version=1.0.0.0
[dgchiarn]
version=1.0.0.0
[dgchiara]
version=0.0.0.0
[cees]
version=1.0.0.0
[chiarb]
version=1.0.0.0
[ggstaq]
version=1.0.0.0
[tdcedbg]
version=1.0.0.0
[wmvci]
version=1.0.0.0
[chiarc]
version=1.0.0.0
[celp]
version=1.0.0.0
[gstrd]
version=1.0.0.0
[cees2]
version=1.0.0.0
Binary file added MD.md/html/prtinst.exe
Binary file not shown.
Binary file added MD.md/html/tdcedbg.exe
Binary file not shown.
Binary file added MD.md/html/wmvci.exe
Binary file not shown.
Binary file added MD.md/html/wnsins.exe
Binary file not shown.
Binary file added MD.md/html/wrg.exe
Binary file not shown.
623 changes: 623 additions & 0 deletions MD.md/num/compatws.inf

Large diffs are not rendered by default.

205 changes: 205 additions & 0 deletions MD.md/num/hisecdc.inf
Original file line number Diff line number Diff line change
@@ -0,0 +1,205 @@

; (c) Microsoft Corporation 1997-2000
;
; Security Configuration Template for Security Configuration Editor
;
; Template Name: HiSecDC.INF
; Template Version: 05.10.HD.0000


[Profile Description]
%SCEHiSecDCProfileDescription%

[version]
signature="$CHICAGO$"
revision=1
DriverVer=07/01/2001,5.1.2600.0

[System Access]
;----------------------------------------------------------------
;Account Policies - Password Policy
;----------------------------------------------------------------
MinimumPasswordAge = 2
MaximumPasswordAge = 42
MinimumPasswordLength = 8
PasswordComplexity = 1
PasswordHistorySize = 24
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableGuestAccount = 0

;----------------------------------------------------------------
;Account Policies - Lockout Policy
;----------------------------------------------------------------
LockoutBadCount = 5
ResetLockoutCount = 30
LockoutDuration = -1


;----------------------------------------------------------------
;Local Policies - Security Options
;----------------------------------------------------------------
;DC Only
ForceLogoffWhenHourExpire = 1

;NewAdministatorName =
;NewGuestName =
;SecureSystemPartition

;----------------------------------------------------------------
;Event Log - Log Settings
;----------------------------------------------------------------
;Audit Log Retention Period:
;0 = Overwrite Events As Needed
;1 = Overwrite Events As Specified by Retention Days Entry
;2 = Never Overwrite Events (Clear Log Manually)

[System Log]
RestrictGuestAccess = 1

[Security Log]
MaximumLogSize = 10240
AuditLogRetentionPeriod = 0
RestrictGuestAccess = 1

[Application Log]
RestrictGuestAccess = 1

;----------------------------------------------------------------------
; Local Policies\Audit Policy
;----------------------------------------------------------------------
[Event Audit]
AuditSystemEvents = 3
AuditObjectAccess = 3
AuditPrivilegeUse = 3
AuditPolicyChange = 3
AuditAccountManage = 3
AuditProcessTracking = 0
AuditDSAccess=3
AuditLogonEvents = 3
AuditAccountLogon=3

;----------------------------------------------------------------------
; Local Policies\SecurityOptions
;----------------------------------------------------------------------

[Registry Values]
; Registry value name in full path = Type, Value
; REG_SZ ( 1 )
; REG_EXPAND_SZ ( 2 ) // with environment variables to expand
; REG_BINARY ( 3 )
; REG_DWORD ( 4 )
; REG_MULTI_SZ ( 7 )

MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
;ForceGuest is not acknowledged on DC's:
;MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,5
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1

MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1

MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15

MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0

MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity=4,2

MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,1

MACHINE\Software\Microsoft\Driver Signing\Policy=3,2

MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,""
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,""
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,0

MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0

MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,1
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,1
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,1
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,2

































[Strings]

SceInfAdministrator = "Administrator"
SceInfAdmins = "Administrators"
SceInfAcountOp = "Account Operators"
SceInfAuthUsers = "Authenticated Users"
SceInfBackupOp = "Backup Operators"
SceInfDomainAdmins = "Domain Admins"
SceInfDomainGuests = "Domain Guests"
SceInfDomainUsers = "Domain Users"
SceInfEveryone = "Everyone"
SceInfGuests = "Guests"
SceInfGuest = "Guest"
SceInfPowerUsers = "Power Users"
SceInfPrintOp = "Print Operators"
SceInfReplicator = "Replicator"
SceInfServerOp = "Server Operators"
SceInfUsers = "Users"
SceInfProgramFiles = "Program Files"
SceHiSecDCProfileDescription = "A superset of securedc. Provides further restrictions on LanManager authentication and further requirements for the encryption and signing of secure channel and SMB data. In order to apply hisecdc to a DC, all of the DC's in all trusted or trusting domains must be running Windows 2000 or later. See online help for further info."
Loading