From 1d862da128ddae4ab7c0bb5f19efbf7e6cfa0e46 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 10 Oct 2024 21:09:27 +0200 Subject: [PATCH] Update win11x64-enterprise.xml --- assets/win11x64-enterprise.xml | 44 +++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/assets/win11x64-enterprise.xml b/assets/win11x64-enterprise.xml index 98004363f..88983f0cf 100644 --- a/assets/win11x64-enterprise.xml +++ b/assets/win11x64-enterprise.xml @@ -346,101 +346,106 @@ 2 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f + Disable SMB signing requirement + + + 3 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f Allow RDP login with blank password - 3 + 4 reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f Enable option for passwordless sign-in - 4 + 5 cmd /C wmic useraccount where name="Docker" set PasswordExpires=false Password Never Expires - 5 + 6 cmd /C POWERCFG -H OFF Disable Hibernation - 6 + 7 cmd /C POWERCFG -X -monitor-timeout-ac 0 Disable monitor blanking - 7 + 8 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f Disable first-run experience in Edge - 8 + 9 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f Show file extensions in Explorer - 9 + 10 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f Zero Hibernation File - 10 + 11 reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f Disable Hibernation - 11 + 12 cmd /C POWERCFG -X -standby-timeout-ac 0 Disable Sleep - 12 + 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f Enable RemoteAPP to launch unlisted programs - 13 + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 16 + 17 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 17 + 18 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 19 + 20 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 20 + 21 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 21 + 22 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists @@ -448,3 +453,4 @@ +