yoh
/
AME-10
1
0
Fork 0
Code Issues 1 Pull Requests 0 Projects 1 Releases 4 Wiki Activity
Windows 10 AME playbook for AME Wizard.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18 Commits
1 Branch
363 MiB
 
 
 
Tree: 1e7da77e98
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1e7da77e98'
${ noResults }
AME-10/src/Configuration/features/base/config.yml

53 lines
2.6 KiB
Raw Blame History

title: Configuration
privilege: TrustedInstaller
actions:
# Sync time and set to more reliable time servers
- !service: {name: "w32time", operation: start, ignoreErrors: true}
- !run: {exe: 'w32tm', args: '/config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org"'}
- !run: {exe: 'w32tm', args: '/config /update'}
- !run: {exe: 'w32tm', args: '/resync'}
- !writeStatus: {status: 'Cleaning user interface'}
- !service:
name: "WpnService"
operation: stop
ignoreErrors: true
- !service:
name: "WpnUserService*"
operation: stop
ignoreErrors: true
- !run:
exeDir: true
exe: "CLEANUP.bat"
weight: 30
- !run: {exe: "explorer.exe", wait: false, runas: currentUser}
- !writeStatus: {status: 'Configuring permissions', option: "security-enhanced"}
- !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', value: 'ConsentPromptBehaviorAdmin', type: REG_DWORD, data: '5', option: "security-enhanced"}
- !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', value: 'ConsentPromptBehaviorUser', type: REG_DWORD, data: '3', option: "security-enhanced"}
- !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', value: 'EnableInstallerDetection', type: REG_DWORD, data: '1', option: "security-enhanced"}
- !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', value: 'EnableLUA', type: REG_DWORD, data: '1', option: "security-enhanced"}
- !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', value: 'EnableVirtualization', type: REG_DWORD, data: '1', option: "security-enhanced"}
- !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', value: 'PromptOnSecureDesktop', type: REG_DWORD, data: '1', option: "security-enhanced"}
- !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', value: 'ValidateAdminCodeSignatures', type: REG_DWORD, data: '0', option: "security-enhanced"}
- !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', value: 'FilterAdministratorToken', type: REG_DWORD, data: '0', option: "security-enhanced"}
- !run:
exeDir: true
exe: "ADMIN.bat"
weight: 10
option: "security-enhanced"
- !writeStatus: {status: 'Implementing SFC mitigation', option: "ame-tools"}
- !run:
exeDir: true
exe: "SFCDEPLOY.bat"
weight: 5
option: "ame-tools"
- !writeStatus: {status: 'Modifying login screen', option: "ui"}
- !run:
exeDir: true
exe: "LOGIN.bat"
option: "ui"