Windows Registry Editor Version 5.00
; 设置密码策略
[HKEY_LOCAL_MACHINE\SECURITY\Policies\PasswordPolicy]
"MinimumPasswordLength"=dword:00000008
"MaximumPasswordAge"=dword:00000030
"PasswordComplexity"=dword:00000001
"PasswordHistorySize"=dword:00000005
"LockoutBadCount"=dword:00000003
"ResetLockoutCount"=dword:00000030
; 配置账户锁定策略
[HKEY_LOCAL_MACHINE\SECURITY\Policies\AccountLockout]
"LockoutDuration"=dword:0000000a
"ResetLockoutCount"=dword:00000003
"LockoutBadCount"=dword:00000005
; 远程关机权限设置
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"DisableDomainCreds"=dword:00000001
; 取得文件或对象的所有权设置
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
"AutoShareWks"=dword:00000000
; 设置从本地登录此计算机
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
"DefaultUserName"="Administrator"
"DefaultPassword"="password"
; 设置从网络访问此计算机
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000001
; 日志配置
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security]
"MaxSize"=dword:0001e000
; IP协议安全
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSec]
"Start"=dword:00000002
; 加密文件系统(EFS)设置
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\EFS]
"EfsConfiguration"=dword:00000001
; 硬盘驱动器加密(BitLocker)设置
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=dword:00000001
"EncryptionMethod"=dword:00000004
"RequireTPM"=dword:00000001
"TPMAndPIN"=dword:00000001
; 安全更新设置
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
; 远程桌面连接设置
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:00000000
; 安全审计配置
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"FullPrivilegeAuditing"=dword:00000001
;禁用账户通知
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications]
"DisableAccountNotifications"=dword:00000001
;控制应用程序是否可以访问人类存在状态
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy]
"LetAppsAccessHumanPresence"=dword:00000000
"LetAppsAccessHumanPresence_UserInControlOfTheseApps"=dword:00000000
"LetAppsAccessHumanPresence_ForceAllowTheseApps"=dword:00000000
"LetAppsAccessHumanPresence_ForceDenyTheseApps"=dword:00000000
;启用组织消息
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CloudContent]
"EnableOrganizationalMessages"=dword:00000001
;控制传递优化功能在VPN上的行为
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization]
"DODisallowCacheServerDownloadsOnVPN"=dword:00000001
"DOVpnKeywords"=""
;控制设备驱动器的附加策略、启用FS(文件系统)驱动器支持和允许杀毒软件筛选驱动器
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies]
"FltmgrDevDriveAttachPolicy"=dword:00000002
"FsEnableDevDrive"=dword:00000001
"FltmgrDevDriveAllowAntivirusFilter"=dword:00000001
;禁用Internet Explorer应用程序通知策略
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main]
"DisableIEAppNotificationPolicy"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main]
"DisableIEAppNotificationPolicy"=dword:00000001
;控制服务器和工作站上的数据压缩
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LanmanServer]
"EnableCompressedTraffic"=dword:00000000
"DisableCompression"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LanmanWorkstation]
"EnableCompressedTraffic"=dword:00000000
"DisableCompression"=dword:00000001
;用于Local Administrator Password Solution(LAPS)的各种设置
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS]
"BackupDirectory"=""
"PasswordComplexity"=dword:00000000
"PasswordLength"=dword:0000000a
"PasswordAgeDays"=dword:0000001e
"AdministratorAccountName"="Administrator"
"PwdExpirationProtectionEnabled"=dword:00000001
"ADPasswordEncryptionEnabled"=dword:00000001
"ADPasswordEncryptionPrincipal"=""
"ADEncryptedPasswordHistorySize"=dword:00000003
"ADBackupDSRMPassword"=dword:00000001
"PostAuthenticationResetDelay"=dword:00000000
"PostAuthenticationActions"=dword:00000000
;控制任务栏上的搜索框是否可见
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Search]
"SearchOnTaskbarMode"=dword:00000002
;启用打印机RPC隐私认证级别
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print]
"RpcAuthnLevelPrivacyEnabled"=dword:00000001
;启用证书填充检查
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"=dword:00000001
;控制人类存在感应功能的行为
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\HumanPresence]
"ForceDisableWakeWhenBatterySaverOn"=dword:00000000
"ForceAllowWakeWhenExternalDisplayConnected"=dword:00000001
"ForceAllowLockWhenExternalDisplayConnected"=dword:00000001
"ForceAllowDimWhenExternalDisplayConnected"=dword:00000001
;禁用语言设置同步
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SettingSync]
"DisableLanguageSettingSync"=dword:00000001
"DisableLanguageSettingSyncUserOverride"=dword:00000001
;隐藏推荐个性化站点
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer]
"HideRecommendedPersonalizedSites"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
"HideRecommendedPersonalizedSites"=dword:00000001
;启用Windows威胁检测服务中的“捕获威胁窗口”组件
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WTDS\Components]
"CaptureThreatWindow"=dword:00000001
;禁用Windows Copilot
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot]
"TurnOffWindowsCopilot"=dword:00000001
;禁用Windows Defender的打包EXE文件扫描
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Scan]
"DisablePackedExeScanning"=dword:00000001
;控制Windows更新功能的行为
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate]
"AllowTemporaryEnterpriseFeatureControl"=dword:00000000
"SetAllowOptionalContent"=dword:00000001
"AllowOptionalContent"=dword:00000001
标签:11,10,Windows,HKEY,MACHINE,00000001,dword,LOCAL From: https://www.cnblogs.com/suv789/p/17999881