Entry Level Windows 11 Hardening

[Ste]

Acting like it's your first day of windows Cyber security I thought it would be fun for me to post just the first 1-2 hours of what I do on a Fresh install!.

EDIT: none of this is NEW or news but you generally have to do a lot of Microsoft forum reading or googling to find all the information and it isn't all in one spot.

Bypass internet setup on install screens in 11/10: Once in the install process it asks you to connect to a network or connect to wifi you then do SHIFT + F10

and type: oobe /byppassnro ( forget exact spacing sorry, play with it)

Then you can connect to a network later or plug in Ethernet after doing security setup and basic hardening.

First remove a lot of unused or unneeded programs and services through PowerShell.

Get-AppxPackage *WebExperience* | Remove-AppxPackage

winget uninstall –id 9MSSGKG348SP

get-appxpackage -allusers *xboxapp* | Remove-AppxPackage

Get-AppxPackage -AllUsers -PackageTypeFilter Bundle -Name "*Windows.DevHome*" | Remove-AppxPackage -AllUsers

Get-AppxPackage *Microsoft.People* | Remove-AppxPackage

Get-AppxPackage *Windows.DevHome* | Remove-AppxPackage

Get-AppxPackage Microsoft.Getstarted | Remove-AppxPackage

Get-AppxPackage *WindowsSoundRecorder* | Remove-AppxPackage

Get-AppxPackage *Xbox* | Remove-AppxPackage

Get-AppxPackage *YourPhone* | Remove-AppxPackage


Get-AppxPackage *Windows.Photos* | Remove-AppxPackage

Get-AppxPackage *OneDriveSync* | Remove-AppxPackage


Get-AppxPackage *Microsoft.549981C3F5F10* | Remove-AppxPackage

Get-AppxPackage *Microsoft.GetHelp* -AllUsers | Remove-AppxPackage

Get-AppxPackage *windowsstore*|Remove-AppxPackage


Get-AppxPackage *CrossDevice* | Remove-AppxPackage

obviously IF your sure that you use them, then don't remove that package/service.

Then restart and see if you broke anything.


Step 2: Go through all windows Services in Services and disable anything your sure you don't use. Since this is specific to the user I will not put a full list but you can Private message me for my known ones.

restart and see if you broke anything.

Step 3: go into the registry: windows menu > run > regedit > and then

in both HKEY_Local_Machine>System>Controlset001>Services

and

HKEY_Local_Machine>System>CurrentControlSet>Services

You go through each service and for each one within Services GUI that would not allow you to disable and your sure you do not use, you go into each one and under the label "start" type Reg_Dword change the value to 4.

Restart and see if you broke anything.

Step 4: start menu > search >security > click Local Security policy > Local Policies > Go through each side folder GUI Audit Policy, User rights Assignment and Security Options and remove/decline as many options for remote access as possible or if you know what your doing make custom entries for your specific need.

Restart and see if you broke anything

Step 5: In Control Panel for Permissions and Privacy disable as much automatic access to camera and microphone as possible and customize each entry to your need.

Restart and see if you broke anything.

Automatically delete PageFile on restart/shutdown:

Open Local Security Policy (secpol.msc).


2 Click/tap to open Local Policies and Security Options in the left pane of Local Security Policy. (see screenshot below step 3)

3 In the right pane of Security Options, double click/tap on the Shutdown: Clear virtual memory pagefile policy to open its properties. (see screenshot below).

Also Turn off auto updates: Just so you can do them at a optimum time of when you're not needing to do anything and can closely monitor what's going on. I have also turned off " Get the latest updates as soon as they're available"

I have noticed that this helps keep Microsoft away from just installing things that are mostly Unnecessary or unused; in addition to more forcing them to have their testers and paid people to figure bugs out and not the general user.

Edited: To include removal of Widgets. ( Unless you use them of Course! )

 

[Ste]

OPPSIE! I forgot to paste my whole procedure. My Apologies!

before doing that set a BIOS, CMOS and HDD Password/access Control ( to get into BIOS setup it's usually delete of F2 for most computers) in BIOS/CMOS thats completely different than log in and admin access privs and passwords.

Then after disabling services and deleting registry entries you don't need. and turning registry entries to off for entries you should not overall delete. then next;

start menu type "Security -

open Local Security Policy

go through every single entry and folder and delete/ revoke and remove ANY and ALL remote access privileges, connections or enabling.

Set lock out timer to be a very long random number like 42 to 69 minutes or some BS like that and give only 1-2 attempts before lockout or lockout engagement done.


Delete, restart or disable any kind of remote account, guess account and make your log in screen and text cryptic, weird and difficult to understand. Giving password hints such as correcthorsebatterystampler ( or some such non-sense) but have the password be nothing to do with it. _ thanks RANDELL Menroe your the BESTEST! xkcd.com = password hints and opinions on security and encryption.

Through the use of Synergistic learning, awareness and mental partitioning you will create an encryption key and password that is only symbolically easy for you to remember and engage on that access device.

disable all external and USB connections until account is logged in and admin password given. Disable Floppy disk etc etc. Set all UAC or control panel, registry entry, power shell and cmd prompts settings changing to always ask first/need password.



Then of course once all yours drivers, security programs OS updates are done you then set auto updates to OFF/manual. Disable any kind of beta testing/ get the latest updates ASAP.

Always ask first, warn of restarting or needing restarts. Get updates for other devices/programs: on. But ask/prompt before installing so you can review all of it and investigate.


some other stuff probably. it's difficult to remember a 3+ hour procedure before updates or whatever. ( ok make 55 mins if I had tea, Shrug.emoji )

AND NOW. Take a DEEP breath, you probably can browse your adorable kitten pics in peace. Maybe.. Mostly at Night...

 

[Ste]

Addendum to Level 1/Entry level windows Hardening:

More Widget removals en such:

You can also use Group Policy Editor on non-Home editions of Windows to apply this value under Computer Configuration > Policies > Administrative Templates > Windows Components > Widgets, then set “Allow Widgets” to “Disabled“.

If all the other power shell and registry changes still fight you.

 

[Ste]

Entry Level Windows 10/11 Hardening Continued.



Minor System performance changes that also make it harder for polymorphic Remote access Trojans and Viruses ti work/Penetrate.



Set Page file to a Static amount: Control Panel> System > Advanced System Settings > Performance Settings > Advanced > Virtual Memory Change > Uncheck Set automatically manage



click custom size

Set initial amount and max amount to same number say: 1512 just as a example.

You'll have to make this amount much bigger if you have low RAM but now that everyone today usually has 8 GB plus its not usually a problem. In addition to that most programs are coded to not use Page file anymore. ( I mean it is 2025 and Pagefile was like what Windows 1995??)

set > ok restart.



Same spot in control panel. System Properties/Advanced > System Protection > System restore tab > Configure > Disable System Protection. Set / Ok. Restart

Should be manually backing up your data anyways so you can screen it yourself and not getting who KNOWS what MS junk/crap ware in it. ( get a DVD/Blue ray burner for manual back ups).



Same spot in control panel > System Properties/ Advanced Settings > Remote > Remote assistance > Uncheck > Remote Desk top ./= Don't allow remote connections to this computer.



For obvious reasons. Entry level Criminals like to break access/use any operating systems built in/default tools and lines.



hrmm what else what else..

 

[Ste]

CONGRATULATIONS!! You have reached the End of Level 1 Windows 10/11 Security Hardening. You found all the weird colored Skeleton keys even though they were in um questionable places or you had to smack birds/dogs to make the keys drop. BUT YOU did it!

You did the quests and the missions and you got to the Elevator on to the next level.


LEVEL 2: How many levels are there anyways? Unknown!

Control Panel; Turn on ALL windows Security protocols to their highest degree.

Control panel > internet options > firewall ( or windows security center) Fire wall > Advanced > go through each protocol and select BLOCK for anything you know for sure you do not use. Which is actually most of it. At this point you haven't even done windows updates in any regard so you don't have to restart yet! ( Oh Sorry I guess it's Called Windows Defender Firewall now, I get confused by windows 98 Stuff).

Open Microsoft edge and the other browsers you installed off of a USB drive or disk and harden all those protocols and policies in the GUI menu's for everything.


Control Panel > Internet Properties > Security Tab > Custom Level tab/button > go through this menu and turn off or disable everything you don't use or set it to its highest decline/off level.

Control Panel > Internet Properties > Advanced Tab > Rinse and repeat the procedure above > go through the whole GUI interface and put everything to it's highest level of disable or off-ness.

If you have not already done so now: Start Menu Type > User Acc > click Change User Account Control Settings >Set to Always notify Me.

Control Panel > Filer Explorer Options > View Tab > Under Hidden Files and Folders> Show Hidden.

Windows Start Menu ( or if there is a folder icon in control panel I didn't see it) > Windows Security > on left side App & Browser control > Turn on all of it to it's highest level.


Windows Start Menu ( or if there is a folder icon in control panel I didn't see it) > Windows Security > Device Security > Turn on all of it to it's highest Level .

Core Isolation may not work for older CPU's or some windows 10 configurations but you know mess around with it sense you have not even installed any programs back or carried over data at this point.


NOW. VERY IMPORTANT. On " Data Encryption" or Bit Locker.

YOU may only want to enable this with recovery key and Encrypt the entire drive either once the Operating system is fully hardened to your highest security preference and/or After all Security Hardening and Security Programs And carry over/copy of all data.

Since you don't even know if your going to break it yet, and as well I have Experimented with this myself and found that if it's not fully setup the way you want or not all windows updates have been done Bit locker may not work correctly or it'll just brick the current install attempt.


Oh YEA! And if you have not yet, go through every folder in your registry and anything your sure you don't use go ahead and delete! ( if this is on a "has been live system" for some time, just back up all your data before doing so and make a list of programs to reinstall when you break something )

Specifically: Computer> Hkey Current USer > System and Computer> Hkey Current USer >

and

Computer > Hkey Local Machine > Software and Computer > Hkey Local Machine > System


Sure is going to be A LOT of fun.

Hrmmm What else what else,. Edits to come!

 

[Ste]

SECRET LEVEL! ( AKA Sea-Krit )

So you were just roaming around, Cruising and enjoying the nice lush forests and castles and stuff AND your eye catches a odd Shiny Glimmer where there shouldn't be one!

You Approach and it's like a Shiny gold crown that obviously bait in a video game! You decide to click bait it because you bored!

YOU ARE NOW IN LEVEL 7: Remote Access Trojans, spyware polymorphic viruses! BOI Willy gee this isn't what you signed up for!!

You take 3-6 periods of 4-6 hours each of re-coding the base windows System, system 32, registry and services GUI in and out of reformatting when things break too much.

This Shiney Click bait which brought you to this lovely level of learning Polymorphic sleep calls itself Panther, Squirrel, rundll32.exe and nlansp_c.dll.


Was more fun than I thought. But next time I get warped to a secret level I hope the difficulty is not 5 levels up from current. PSSSH!!.


So yea that was my weekend, starting at 03:30 hours on Saturday 02/22/2025 kicked off with my Blue Sky account getting hacked or at least someone booted me off and then interfered with the log in and 2FA.

SOOOOO Long Story short. Is if you have any file or folder or registry entry named "Panther", "Squirrel", Rundll32.exe or "nlansp_c.dll"

You should probably just Nuke it From Orbit.


Edit: Edit: Welp the Remote Access Trojan is still there. GOOD JOB Windows Update. But thats ok I'm smacking the shit out of it as soon as it spawns.

 

[Ste]

Red Alert: a odd wormhole like structure appears and warps you to Level 13: If you have any files or folders, or registry entries containing any of the follow: Panther, Squirrel or Rundll32.exe then more than likely your system is comprimised and you should nuke it from orbit.

Nukes are so fun!