ADMX Templates vs Registry files

W

w1r3d

New member
Local time
2:15 PM
Messages
6
Hi all,

I'm working on hardening a Windows 7 host. I was given a spreadsheet with all the settings that it needs to be hardened with, so I went ahead and applied those. However, it sounds like in the future we will have more Win7 hosts that will also need to be hardened, so I'd like to try and automate/streamline this process somehow.

What I've done so far (and now I'm not sure I'm doing the right thing) is create a Security Template (.inf file) using MMC. For the rest of the settings, I've downloaded the ADMX templates from the Microsoft website, and I've been "configuring" those with the settings that are outlined in the spreadsheet given to me.

That said, I haven't actually tested the templates. I'm currently working on converting an old .adm file to .admx. Then it hit me: is this even the best way to go about this? Should I just create a big .reg file containing all these keys, and then run them on the target boxes?

What do y'all think? What has been your experience with Windows 7 hardening? Am I going down the right path?


Thanks in advance!
Pedro
 

My Computer My Computer

OS
Windows 7 Professional
Hi Pedro and welcome to W7 Forums :party:

It all depends. Many of the settings will have an equivalent in the Registry, but not all. In addition, some Registry settings will need to be applied from an administrative account whereas others will need applying separately for each user. Without knowing the settings you're working with, we cannot say for sure what your best cause of action will be.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dwarf Dwf/11/2012 r09/2013
OS
Windows 8.1 Pro RTM x64
CPU
Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Bridge) (OC 4.4GHz)
Motherboard
ASRock Z77 Extreme4-M
Memory
4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2A1600C9B (16GB)
Graphics Card(s)
MSI GeForce GTX770 Gaming OC 2GB
Sound Card
Realtek High Definition on board solution (ALC 898)
Monitor(s) Displays
ViewSonic VA1912w Widescreen (VGA)
Screen Resolution
1440x900
Hard Drives
OCZ Agility 3 SSD 120GB SATA III x2 (RAID 0)
Samsung HD501LJ 500GB SATA II x2
Hitachi HDS721010CLA332 1TB SATA II
Iomega 1.5TB Ext USB 2.0
WD 2.0TB Ext USB 3.0
PSU
XFX Pro Series 850W Semi-Modular
Case
Gigabyte IF233
Cooling
1 x 120mm Front Inlet 1 x 120mm Rear Exhaust
Keyboard
Microsoft Comfort Curve Keyboard 3000 (USB)
Mouse
Microsoft Comfort Mouse 3000 for Business (USB)
Internet Speed
NetGear DG834Gv3 ADSL Modem/Router (Ethernet) ~4.0 Mb/s (O2)
Antivirus
Avast! 8.0.1497
Browser
IE 11
Other Info
Optical Drive: HL-DT-ST BD-RE BH10LS30 SATA Bluray
Lexmark S305 Printer/Scanner/Copier (USB)
WEI Score: 8.1/8.1/8.5/8.5/8.25
Asus Eee PC 1011PX Netbook (Windows 7 x86 Starter)
I see. Well, it is comforting to know that there's a chance I didn't waste ~4 hours today setting up templates. I'll test out the templates I've been working on and see if they work, and depending on how that goes I may just try to "automate" as much as I can using registry values (since, to my current knowledge, are easier to apply than a template).

That makes sense that some values may need to be set for individual users. I believe all of what I'm dealing with are admin-side policies/settings, so I think I'm off the hook on that.


Y'know, it's taken me a lot of time to try and "automate" all this. I hope that whenever I'm done, the amount of time it took me to work on this is still less than the amount of time that it would take to configure the computers manually! :/

Thanks for your reply, and for welcoming me to the forums :)
Pedro
 

My Computer My Computer

OS
Windows 7 Professional
You must log in or register to reply here.

Similar threads

Solved Text (.txt) files behaving like registry files
Replies
4
Views
3K
Infinite
Infinite
Solved Temporary Profile - Registry
2
Replies
20
Views
17K
Shafski
S
Need Ready made Group Policy Templates
Replies
2
Views
4K
sevenxbmc
S
Solved fix registry files
Replies
1
Views
3K
windude99
windude99
Repeated Events warning re something open in my registry file
Replies
1
Views
6K
Arc
Arc
Back
Top