Loading Registry/TODO_Win10sec_1.0.cmd +0 −7 Original line number Diff line number Diff line Echo. Echo *** Telemetry und Data Collection *** Echo ************************************* Echo Deaktivieren von "Windows Treibersoftware und darstellungs getreue Symbole fuer die Geraete herunterladen?" Loading @@ -11,11 +9,6 @@ Echo Deaktivieren des monatlichen Viren-Scans (Malicious Software Removal Tool w reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f Echo Deakivieren von "Online suchen und Webergebnisse einbeziehen" (Cortana und Sucheinstellungen) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchUseWeb" /t REG_DWORD /d 0 /f Echo. Echo *** Passwort Sicherheit *** Loading Registry/limit_Telemetry.reg +4 −0 Original line number Diff line number Diff line Loading @@ -2,3 +2,7 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection] "AllowTelemetry"=dword:00000000 ;Windows Treibersoftware und darstellungsgetreue Symbole fuer die Geraete herunterladen [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata] "PreventDeviceMetadatafromNetwork":00000001 Software/firefox.ps1 +23 −14 Original line number Diff line number Diff line Loading @@ -2,6 +2,9 @@ # Install Firefox policies.json # [Console]::OutputEncoding = [Text.UTF8Encoding]::UTF8 if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) $policy_file = ".\policies.json" Loading @@ -10,7 +13,8 @@ $firefox_folder = "C:\Program Files\Mozilla Firefox" $DistributionDirectory = "$firefox_folder\distribution" if ( Test-Path -Path $firefox_folder -PathType Container ) { if ( Test-Path -Path $firefox_folder -PathType Container ) { if (-not (Test-Path -LiteralPath $DistributionDirectory )) { Loading @@ -25,5 +29,10 @@ if ( Test-Path -Path $firefox_folder -PathType Container ) { } #"'$DistributionDirectory' exists" Copy-Item $policy_file $DistributionDirectory -force } } else { Write-Host “The script is not running as administrator and cannot automatically import the certificate into the root store. You should Right-click the exported certificate file and install it into the trusted root store.” } installers/setup_ww8kd-ca.ps1 0 → 100644 +37 −0 Original line number Diff line number Diff line # # Download the WW8KD root CA # and install it # [Console]::OutputEncoding = [Text.UTF8Encoding]::UTF8 if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) # Bypass Powershell certificate validation, so that we can download any untrusted certificate. [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} $url = "http://idm1.ww8kd.fau.de/ipa/config/ca.crt" $ocsp = "http://idm1.ww8kd.fau.de:80/ca/ocsp" # get a temporary file reference $filename = [System.IO.Path]::GetTempFileName() $pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store('Root','LocalMachine') # Download the cert file Invoke-WebRequest -Uri $url -OutFile $filename $pfx.Import($filename) $store.Open('MaxAllowed') $store.Add($pfx) $store.Close() # clean up Remove-Item $filename } else { Write-Host “The script is not running as administrator and cannot automatically import the certificate into the root store. You should Right-click the exported certificate file and install it into the trusted root store.” } installers/ssh_client.ps1 +9 −1 Original line number Diff line number Diff line # install the OpenSSH Client [Console]::OutputEncoding = [Text.UTF8Encoding]::UTF8 if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 } else { Write-Host “The script is not running as administrator and cannot automatically import the certificate into the root store. You should Right-click the exported certificate file and install it into the trusted root store.” } Loading
Registry/TODO_Win10sec_1.0.cmd +0 −7 Original line number Diff line number Diff line Echo. Echo *** Telemetry und Data Collection *** Echo ************************************* Echo Deaktivieren von "Windows Treibersoftware und darstellungs getreue Symbole fuer die Geraete herunterladen?" Loading @@ -11,11 +9,6 @@ Echo Deaktivieren des monatlichen Viren-Scans (Malicious Software Removal Tool w reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f Echo Deakivieren von "Online suchen und Webergebnisse einbeziehen" (Cortana und Sucheinstellungen) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchUseWeb" /t REG_DWORD /d 0 /f Echo. Echo *** Passwort Sicherheit *** Loading
Registry/limit_Telemetry.reg +4 −0 Original line number Diff line number Diff line Loading @@ -2,3 +2,7 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection] "AllowTelemetry"=dword:00000000 ;Windows Treibersoftware und darstellungsgetreue Symbole fuer die Geraete herunterladen [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata] "PreventDeviceMetadatafromNetwork":00000001
Software/firefox.ps1 +23 −14 Original line number Diff line number Diff line Loading @@ -2,6 +2,9 @@ # Install Firefox policies.json # [Console]::OutputEncoding = [Text.UTF8Encoding]::UTF8 if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) $policy_file = ".\policies.json" Loading @@ -10,7 +13,8 @@ $firefox_folder = "C:\Program Files\Mozilla Firefox" $DistributionDirectory = "$firefox_folder\distribution" if ( Test-Path -Path $firefox_folder -PathType Container ) { if ( Test-Path -Path $firefox_folder -PathType Container ) { if (-not (Test-Path -LiteralPath $DistributionDirectory )) { Loading @@ -25,5 +29,10 @@ if ( Test-Path -Path $firefox_folder -PathType Container ) { } #"'$DistributionDirectory' exists" Copy-Item $policy_file $DistributionDirectory -force } } else { Write-Host “The script is not running as administrator and cannot automatically import the certificate into the root store. You should Right-click the exported certificate file and install it into the trusted root store.” }
installers/setup_ww8kd-ca.ps1 0 → 100644 +37 −0 Original line number Diff line number Diff line # # Download the WW8KD root CA # and install it # [Console]::OutputEncoding = [Text.UTF8Encoding]::UTF8 if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) # Bypass Powershell certificate validation, so that we can download any untrusted certificate. [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} $url = "http://idm1.ww8kd.fau.de/ipa/config/ca.crt" $ocsp = "http://idm1.ww8kd.fau.de:80/ca/ocsp" # get a temporary file reference $filename = [System.IO.Path]::GetTempFileName() $pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store('Root','LocalMachine') # Download the cert file Invoke-WebRequest -Uri $url -OutFile $filename $pfx.Import($filename) $store.Open('MaxAllowed') $store.Add($pfx) $store.Close() # clean up Remove-Item $filename } else { Write-Host “The script is not running as administrator and cannot automatically import the certificate into the root store. You should Right-click the exported certificate file and install it into the trusted root store.” }
installers/ssh_client.ps1 +9 −1 Original line number Diff line number Diff line # install the OpenSSH Client [Console]::OutputEncoding = [Text.UTF8Encoding]::UTF8 if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 } else { Write-Host “The script is not running as administrator and cannot automatically import the certificate into the root store. You should Right-click the exported certificate file and install it into the trusted root store.” }
