Windows Security Documentation

**Snma** · 09-07-2005

Figured these could be of some use in some projects -Snma

Windows Security Documentation
Written by John Hall
http://pscode.com/vb/scripts/ShowCod...d=573&lngWId=7

Documentation Notes

Improvements - Originally, I released this documentation in a format that was a little odd/wild, so, as requested, I've cleaned it up and added more notes about using it. Hopefully this new organization and these notes will help you better understand how to use this information and its limitations. I, however, have not added any additional information to this documentation because of the limited amount of security information that is redily available for the newer operating systems.
Known Limitations - This information does have some limitations of use. Those are mentioned below:
Operating Systems - This information will most likely not work with Microsoft Windows XP or Millennium Edition. It's not been tested, so I don't recommend trying it. It's known that a lot of this doesn't work with Microsoft Windows NT 4.0 and below, so I also don't recommend its application there. If you do decide to try to use it, remember, I'm not responsible for your actions and you are doing this on your own accord.
Setting Overrides - Some settings, none that are noted, have been known to override other settings on certain operating systems. This is most likely because Microsoft didn't spend the required amount of time making the Windows 98 security system(probably the most vulnerable to this problem) a high-performance or very reliable work. If you find that some of these settings have "holes" or something and it bothers you, I suggest you switch to a more securified operating system in the Windows class, such as Microsoft Windows 2000 Professional or greater.
Special Information - I've reviewed the comments that were posted on the original copy of this documentation and this section is here to answer some of the questions that I noticed.
Disabling these Settings - To disable any of the settings that are shown in this documentation, simply reverse your process. Just delete anything that you added to lock or disable a feature or you can make the value the inverse. If it's a DWORD value, make it "00000000" instead of "00000001", or a string value "yes" instead of "no" or vice versa.
Blocking Internet Applications - To disable an application's internet access, I suggest you download any free firewall available. A firewall will monitor what information is sent and recieved to your computer through any network connection and filter it according to rules. The most popular, free firewall that is available is ZoneAlarm, by ZoneLabs, Inc. It's actually the most secure when it comes to application internet access prevention.
Reversing Application Lock - As far as I know, there's not a way to reverse the application locking method. You might want to experiment with it by making a seperate user account on your computer and applying the settings to that user only. Basically, that's what I did throughout the period that I wrote this documentation and it doesn't harm any of your stuff and it helps you uncover the truth. Don't afraid to be creative with this information, just remember my disclaimer about it from above.

Windows System Security Settings
All the information that is included in this section affects the main Windows system. These alter actual system functions and/or settings that it uses to display certain items.

Disable Wallpaper Change
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallPap er
Data Type
DWORD (set value of 0x00000001)

Disable All Active Desktop Changes
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges
Data Type
DWORD (set value of 0x00000001)

Disable All Desktop Icons
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDesktop
Data Type
DWORD (set value of 0x00000001)

Disable Active Desktop
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktop
Data Type
DWORD (set value of 0x00000001)

Disable HTML Wallpaper
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoHTMLWallPaper
Data Type
DWORD (set value of 0x00000001)

Disable Closing Active Desktop Components
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoClosingComponen ts
Data Type
DWORD (set value of 0x00000001)

Disable Deleting Active Desktop Components
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoDeletingCompone nts
Data Type
DWORD (set value of 0x00000001)

Disable Editing Active Desktop Components
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoEditingComponen ts
Data Type
DWORD (set value of 0x00000001)

Disable Adding Active Desktop Components
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoAddingComponent s
Data Type
DWORD (set value of 0x00000001)

Disable Desktop Internet Icon
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoInternetIcon
Data Type
DWORD (set value of 0x00000001)

Disable Desktop Network Neighborhood Icon
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoNetHood
Data Type
DWORD (set value of 0x00000001)

Disable Disk Drive Autorun
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDrvieTypeAutoRun
Data Type
DWORD (set value of 0xb5000000)

Disable Environment Appearance Properties Access
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDispAppearancePage
Data Type
DWORD (set value of 0x00000001)

Disable Desktop Background Properties Access
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDispBackgroundPage
Data Type
DWORD (set value of 0x00000001)

Disable Display Icon from Control Panel
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDispCPL
Data Type
DWORD (set value of 0x00000001)

Disable Screen Saver Properties Access
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDispScrSavPage
Data Type
DWORD (set value of 0x00000001)

Disable All But Selected Applications from Running
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\RestrictRun
Data Type
DWORD (set value of 0x00000001)

Special Notes - For this setting to work, you will need to make a list of programs that you want to allow to run. You can do this by creating a Key inside the Explorer Key and calling it RestrictRun and adding string values as demonstrated below:
String Value
Name "1"
Value "mspaint.exe"
This will allow any program named mspaint.exe to run on the system

String Value
Name "2"
Value "iexplore.exe"
This will allow any program named iexplore.exe to run on the system

Disable Start Menu Shut Down Command
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoClose
Data Type
DWORD (set value of 0x00000001)

Disable Start Menu Log Off Command
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoLogoff
Data Type
DWORD (set value of 0x00000001)

Disable Start Menu Find Command
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoFind
Data Type
DWORD (set value of 0x00000001)

Disable Start Menu Documents Menu
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoRecentDocsMenu
Data Type
DWORD (set value of 0x00000001)

Disable Start Menu Favorites Menu
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoFavoritesMenu
Data Type
DWORD (set value of 0x00000001)

Disable Settings Menu Folder Options
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoFolderOptions
Data Type
DWORD (set value of 0x00000001)

Disable Desktop Update
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoDesktopUpdate
Data Type
DWORD (set value of 0x00000001)

Disable Settings Menu Active Desktop Settings
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoSetActiveDesktop
Data Type
DWORD (set value of 0x00000001)

Disable Settings Menu Folder Settings
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoSetFolders
Data Type
DWORD (set value of 0x00000001)

Disable Settings Menu Taskbar Settings
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoSetTaskbar
Data Type
DWORD (set value of 0x00000001)

Disable Saving Changed Settings
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoSaveSettings
Data Type
DWORD (set value of 0x00000001)

Disable Right-Click on the Taskbar
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoTrayContextMenu
Data Type
DWORD (set value of 0x00000001)

Disable Right-Click on the Desktop
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\NoViewContextMenu
Data Type
DWORD (set value of 0x00000001)

Disable Microsoft Office Tune Up
This only applies to Microsoft Office 2000
Location
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0\C ommon\TuneUp\Disabled
Data Type
DWORD (set value of 0x00000001)

Disable AutoComplete in Explorer
Location
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\AutoComplete\Use
Data Type
String (set value of "no")

Internet Explorer System Settings
All the information that is included in this section affects the operation of Internet Explorer. Please note that these only affect Internet Explorer's operation and will not work with any other browsers that may be installed on your computer.

Disable Closing Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserClose
Data Type
DWORD (set value of 0x00000001)

Disable Right-Click in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu
Data Type
DWORD (set value of 0x00000001)

Disable Options in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions
Data Type
DWORD (set value of 0x00000001)

Disable Saving Pages in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs
Data Type
DWORD (set value of 0x00000001)

Disable Favorites in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFavorites
Data Type
DWORD (set value of 0x00000001)

Disable File Menu New Object in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFileNew
Data Type
DWORD (set value of 0x00000001)

Disable File Menu Open Object in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFileOpen
Data Type
DWORD (set value of 0x00000001)

Disable Finding Files in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFindFiles
Data Type
DWORD (set value of 0x00000001)

Disable Opening Files in New Window from Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoOpenInNewWnd
Data Type
DWORD (set value of 0x00000001)

Disable Selectable Download Directory in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoSelectDownloadDir
Data Type
DWORD (set value of 0x00000001)

Disable Viewing in Theater Mode in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoTheaterMode
Data Type
DWORD (set value of 0x00000001)

Disable Viewing Source in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoViewSource
Data Type
DWORD (set value of 0x00000001)

Disable Adding Channels in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingChannel s
Data Type
DWORD (set value of 0x00000001)

Disable Adding Subscriptions in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubscri ptions
Data Type
DWORD (set value of 0x00000001)

Disable Removing Channels in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingChann els
Data Type
DWORD (set value of 0x00000001)

Disable Removing Subscriptions in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingSubsc riptions
Data Type
DWORD (set value of 0x00000001)

Disable Search Customization in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoSearchCustomi zation
Data Type
DWORD (set value of 0x00000001)

Disable Running the Connection Wizard
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel\Restrictions\Connwiz Admin Lock
Data Type
DWORD (set value of 0x00000001)

Disable Importing or Exporting Favorites in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DisableImportExportFavorites
Data Type
DWORD (set value of 0x00000001)

Disable Using the Microsoft Script Debugger in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
Data Type
String (set value of "yes")

Disable Using AutoComplete Forms in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use FormSuggest
Data Type
String (set value of "no")

Disable Using AutoComplete Passwords in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FormSuggest Passwords
Data Type
String (set value of "no")

Disable Using Download Notification in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NotifyDownloadComplete
Data Type
String (set value of "no")

Disable Error Notification in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Err Dlg Displayed On Every Error
Data Type
String (set value of "no")

Disable Go Button in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ShowGoButton
Data Type
String (set value of "no")

Disable Using a Custom Search Page in Web Browser
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Custom Search URL
Data Type
DWORD (set value of 0x00000000)

Disable Custom Title for Web Browser Windows
Location
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
Data Type
String (set value of "custom title text")

Disable Installation of ISP Distribution Kit for Internet Explorer
This only applies to Internet Explorer 5.0 and up
Location
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Connection Wizard\CanInstallISPKit5
Data Type
String (set value of "no")

Windows Media Player System Settings
All the information that is included in this section affects the operation of Windows Media Player and components. Please note that these only affect Windows Media Player's operation and will not work with any other players that may be installed on your computer.

Disable Finding New Stations in Media Player
Location
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMedia Player\NoFindNewStations
Data Type
DWORD (set value of 0x00000001)

Disable Media Favorites from Media Player
Location
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMedia Player\NoMediaFavorites
Data Type
DWORD (set value of 0x00000001)

Disable Radio Bar for Media Player
Location
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMedia Player\NoRadioBar
Data Type
DWORD (set value of 0x00000001)

Disable Media Player Upgrade Message
Location
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\ PlayerUpgrade\AskMeAgain
Data Type
String (set value of "no")

**LttCoder** · 09-07-2005

These can be added to "lame functions" in a RAT.

**Snma** · 10-07-2005

yea, most of them...but some could be of use. The first one that pops into my head is disable the auto-fillin fields in browser that means they must TYPE everything in (keylogger time)...

**LttCoder** · 10-07-2005

Yes you got a point there.

**HaCKyS** · 25-10-2005

How the following registry key should be manipulated in order to include an application into it ?

Disable Wallpaper Change
Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallPap er
Data Type
DWORD (set value of 0x00000001)

ratws · 25-10-2005

Hi HaCKyS,
I didn't read the whole thing again and i may be missing something but it doesn't mean you can include an app into the key above,if what you're looking for is a startup method this is not the one.

Thread: Windows Security Documentation

LinkBack

Thread Tools

Display

Windows Security Documentation

Thread Information

Users Browsing this Thread

Similar Threads

Hidden Binder Tools In Windows Xp [100% undetectable]

Formatting by MooreR

Send keys

Hidden binder in Windows....

delphi 6 bug in Fast Net with windows XP ... I needdddd helpppp

Posting Permissions