- sysmon-config
Run as admin:
sysmon.exe -accepteula -c sysmonconfig-export-block.xml
New-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT" -Name DNSClient -ErrorAction SilentlyContinue
New-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" -Name EnableMultiCast -Value 0 -PropertyType DWORD -Force
New-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT" -Name DNSClient -ErrorAction SilentlyContinue
New-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" -Name DisableSmartNameResolution -Value 0 -PropertyType DWORD -Force
- Disable NetBIOS on all network interfaces
$regkey = "HKLM:SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces"
Get-ChildItem $regkey `
| ForEach-Object {Set-ItemProperty -Path "$regkey\$($_.pschildname)" -Name NetbiosOptions -Value 2 -Verbose}
New-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\" -Name WinHttp -ErrorAction SilentlyContinue
New-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\" -Name "DisableWpad" -Value 4 -PropertyType DWORD -Force
Get-NetAdapterBinding `
| Where-Object {$_.ComponentID -EQ 'ms_tcpip6' -and $_.Enabled -EQ 'False'} `
| ForEach-Object {Disable-NetAdapterBinding -Name $_.Name -ComponentID 'ms_tcpip6' -ErrorAction SilentlyContinue -Verbose; Start-Sleep -Seconds 3}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
New-Item "HKLM:\SYSTEM\CurrentControlSet\Control\" -Name DeviceGuard -ErrorAction SilentlyContinue
New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard" -Name "EnableVirtualizationBasedSecurity" -PropertyType DWORD -Value 1 -Force
New-Item "HKLM:\SYSTEM\CurrentControlSet\Control\" -Name Lsa -ErrorAction SilentlyContinue
New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "LsaCfgFlags" -PropertyType DWORD -Value 2 -Force