-
Notifications
You must be signed in to change notification settings - Fork 31
/
Copy pathpolicies_windows.go
85 lines (84 loc) · 9.43 KB
/
policies_windows.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package main
// secpolToKey contains a large mapping of securityPolicy names or keys to
// registry locations.
var secpolToKey = map[string]string{
"LimitBlankPasswordUse": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\LimitBlankPasswordUse",
"AuditBaseObjects": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\AuditBaseObjects",
"FullPrivilegeAuditing": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FullPrivilegeAuditing",
"SCENoApplyLegacyAuditPolicy": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\SCENoApplyLegacyAuditPolicy",
"CrashOnAuditFail": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\CrashOnAuditFail",
"MachineAccessRestriction": "MACHINE\\SOFTWARE\\policies\\Microsoft\\windows NT\\DCOM\\MachineAccessRestriction",
"MachineLaunchRestriction": "MACHINE\\SOFTWARE\\policies\\Microsoft\\windows NT\\DCOM\\MachineLaunchRestriction",
"UndockWithoutLogon": "MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\UndockWithoutLogon",
"AllocateDASD": "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\AllocateDASD",
"AddPrinterDrivers": "MACHINE\\System\\CurrentControlSet\\Control\\Print\\Providers\\LanMan Print Services\\Servers\\AddPrinterDrivers",
"AllocateCDRoms": "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\AllocateCDRoms",
"AllocateFloppies": "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\AllocateFloppies",
"SubmitControl": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\SubmitControl",
"LDAPServerIntegrity": "MACHINE\\System\\CurrentControlSet\\Services\\NTDS\\Parameters\\LDAPServerIntegrity",
"RefusePasswordChange": "MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\RefusePasswordChange",
"RequireSignOrSeal": "MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\RequireSignOrSeal",
"SealSecureChannel": "MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\SealSecureChannel",
"SignSecureChannel": "MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\SignSecureChannel",
"DisablePasswordChange": "MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\DisablePasswordChange",
"RequireStrongKey": "MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\RequireStrongKey",
"DontDisplayLockedUserId": "MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System, value=DontDisplayLockedUserId",
"DisableCAD": "MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableCAD",
"DontDisplayLastUserName": "MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DontDisplayLastUserName",
"LegalNoticeText": "MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\LegalNoticeText",
"LegalNoticeCaption": "MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\LegalNoticeCaption",
"CachedLogonsCount": "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\CachedLogonsCount",
"PasswordExpiryWarning": "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\PasswordExpiryWarning",
"ForceUnlockLogon": "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ForceUnlockLogon",
"ScForceOption": "MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ScForceOption",
"ScRemoveOption": "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ScRemoveOption",
"RequireSecuritySignature": "MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters\\RequireSecuritySignature",
"EnablePlainTextPassword": "MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters\\EnablePlainTextPassword",
"AutoDisconnect": "MACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\AutoDisconnect",
"EnableSecuritySignature": "MACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\EnableSecuritySignature",
"EnableForcedLogOff": "MACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\EnableForcedLogOff",
"SmbServerNameHardeningLevel": "MACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\SmbServerNameHardeningLevel",
"RestrictAnonymousSAM": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\RestrictAnonymousSAM",
"RestrictAnonymous": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\RestrictAnonymous",
"DisableDomainCreds": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\DisableDomainCreds",
"EveryoneIncludesAnonymous": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\EveryoneIncludesAnonymous",
"NullSessionPipes": "MACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\NullSessionPipes",
"Machine": "MACHINE\\System\\CurrentControlSet\\Control\\SecurePipeServers\\Winreg\\AllowedPaths\\Machine",
"ForceGuest": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\ForceGuest",
"UseMachineId": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\UseMachineId",
"allownullsessionfallback": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\allownullsessionfallback",
"AllowOnlineID": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\pku2u\\AllowOnlineID",
"SupportedEncryptionTypes": "MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters\\SupportedEncryptionTypes",
"NoLMHash": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\NoLMHash",
"LmCompatibilityLevel": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\LmCompatibilityLevel",
"LDAPClientIntegrity": "MACHINE\\System\\CurrentControlSet\\Services\\LDAP\\LDAPClientIntegrity",
"NTLMMinClientSec": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\NTLMMinClientSec",
"NTLMMinServerSec": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\NTLMMinServerSec",
"RestrictNTLMInDomain": "MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\RestrictNTLMInDomain",
"ClientAllowedNTLMServers": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\ClientAllowedNTLMServers",
"DCAllowedNTLMServers": "MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\DCAllowedNTLMServers",
"AuditReceivingNTLMTraffic": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\AuditReceivingNTLMTraffic",
"AuditNTLMInDomain": "MACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\AuditNTLMInDomain",
"RestrictReceivingNTLMTraffic": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\RestrictReceivingNTLMTraffic",
"RestrictSendingNTLMTraffic": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\RestrictSendingNTLMTraffic",
"SecurityLevel": "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Setup\\RecoveryConsole\\SecurityLevel",
"SetCommand": "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Setup\\RecoveryConsole\\SetCommand",
"ShutdownWithoutLogon": "MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ShutdownWithoutLogon",
"ClearPageFileAtShutdown": "MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Memory Management\\ClearPageFileAtShutdown",
"ForceKeyProtection": "MACHINE\\Software\\Policies\\Microsoft\\Cryptography\\ForceKeyProtection",
"FIPSAlgorithmPolicy": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FIPSAlgorithmPolicy",
"NoDefaultAdminOwner": "MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\NoDefaultAdminOwner",
"ObCaseInsensitive": "MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Kernel\\ObCaseInsensitive",
"ProtectionMode": "MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\ProtectionMode",
"optional": "MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\SubSystems\\optional",
"AuthenticodeEnabled": "MACHINE\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\AuthenticodeEnabled",
"FilterAdministratorToken": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\FilterAdministratorToken",
"EnableUIADesktopToggle": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableUIADesktopToggle",
"ConsentPromptBehaviorAdmin": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin",
"ConsentPromptBehaviorUser": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorUser",
"EnableInstallerDetection": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableInstallerDetection",
"ValidateAdminCodeSignatures": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ValidateAdminCodeSignatures",
"EnableSecureUIAPaths": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableSecureUIAPaths",
"EnableLUA": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\PromptOnSecureDesktop",
"PromptOnSecureDesktop": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
}