Windows Registry Editor Version 5.00 ;;; Windows 10 Home Hardening ;;; Repository: https://github.com/teusink/Home-Security-by-W10-Hardening/ ;;; Registry target: HKEY_LOCAL_MACHINE ;;; Source: Various online sources ;;; Author: Joram Teusink ;;; NOTICE: THE SETTINGS BELOW CAN BE UNDONE THROUGH A GUI! ;;; Startup and Recovery - Debug Information: None [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl] "AutoReboot"=dword:00000001 "LogEvent"=dword:00000001 "MinidumpsCount"=dword:00000005 "Overwrite"=dword:00000001 "CrashDumpEnabled"=dword:00000000 "AlwaysKeepMemoryDump"=dword:00000000 ;;; Remote Assistance: Disable [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance] "CreateEncryptedOnlyTickets"=dword:00000001 "fAllowFullControl"=dword:00000001 "fAllowToGetHelp"=dword:00000000 "fEnableChatControl"=dword:00000001 "MaxTicketExpiry"=dword:00000001 "MaxTicketExpiryUnits"=dword:00000001 ;;; Find my device: On [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Settings\FindMyDevice] ; 0 = Off (Default) ; 1 = On (Secure) "LocationSyncEnabled"=dword:00000001 ;;; App Advertising ID: Off [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo] ; 0 = Off (Secure) ; 1 = On (Default) "Enabled"=dword:00000000 ;;; Project to this PC: Off [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MiracastReceiver] "NetworkQualificationEnabled"=dword:00000000 "ConsentToast"=dword:00000002 "Primary Authorization Method"=dword:00000003 "Secondary Authorization Method"=dword:00000000 "Tertiary Authorization Method"=dword:00000000 "EnabledOnACOnly"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PlayToReceiver] ; 0 = Off (Secure) ; 1 = On (Default) "AutoEnabled"=dword:00000000 ;;; Hotspots 2.0 networks: Off [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WlanSvc\AnqpCache] ; 0 = Off (Secure) ; 1 = On (Default) "OsuRegistrationStatus"=dword:00000000 ;;; SmartScreen Apps and Files: Warn [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] ; Block: Block execution/opening (Secure) ; Warn: Warn before execution/opening (Default) ; Off: Turn off "SmartScreenEnabled"="Warn" ;;; Sign-in after Windows Update: On [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] ; 0 = Off (Secure) ; 1 = On (Default) "ARSOUserConsent"=dword:00000001 ;;; LMHOSTS lookup: Off [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] ; 0 = Off (Secure) ; 1 = On (Default) "EnableLMHOSTS"=dword:00000000 ;;; WARNING: THE SETTINGS BELOW CANNOT BE UNDONE THROUGH A GUI! ;;; Wi-Fi services Hotspots: Off ;;; NOTE: This disables resetting it through GUI [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config\] ; 0 = Off (Secure) ; 1 = On (Default) "AutoConnectAllowedOEM"=dword:00000000 ;;; Windows Error Reporting: Off [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting] ; 0 = Off (Default) ; 1 = On (Secure) "Disabled"=dword:00000001 ;;; DLL search path algorithm: Strict DLL search order ;; All scenarios ; = (Default) ; 0xFFFFFFFF: Removes the current working directory from the default DLL search order ;; Scenario 1: The application is started from a local folder, such as C:\Program Files ; 0: Uses the default DLL search path that was mentioned earlier ; 1: Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder ; 2: Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder (such as a WebDAV or UNC location) (most Secure) ;; Scenario 2: The application is started from a remote folder, such as \\remote\shareremote\share) ; 0: Uses the default DLL search path that was mentioned earlier ; 1: Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder ; 2: Allows DLL Load from the current working directory if the current working directory is set to a remote folder (such as a WebDAV or UNC location) (most Secure) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "CWDIllegalInDllSearch"=dword:00000000