mirror of
https://github.com/NexusOne23/noid-privacy.git
synced 2026-03-07 01:20:34 +01:00
815a7e39d0
Some checks failed
CI - PowerShell Quality Checks / PSScriptAnalyzer (push) Has been cancelled
CI - PowerShell Quality Checks / Test on PowerShell 5.1 (push) Has been cancelled
CI - PowerShell Quality Checks / Test on PowerShell 7.4 (push) Has been cancelled
CI - PowerShell Quality Checks / Validate Project Structure (push) Has been cancelled
Pester Tests / test (push) Has been cancelled
Bumps remaining 13 files that still referenced v2.2.2:
- 3 AdvancedSecurity config JSONs (AdminShares, Credentials, RDP)
- 4 AdvancedSecurity PS1 headers (Block-FingerProtocol, Set-SRPRules,
Set-WindowsUpdate, Invoke-AdvancedSecurity)
- 2 AntiAI PS1 headers (Disable-CopilotAdvanced, Test-AntiAICompliance)
- 1 Privacy runtime output (Invoke-PrivacyHardening)
- CONTRIBUTING.md templates + FEATURES.md docs
- bug_report.md issue template
Historical annotations in Backup-PrivacySettings.ps1 ("added in v2.2.2")
intentionally preserved as they document feature introduction dates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
116 lines
3.8 KiB
JSON
116 lines
3.8 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"title": "Administrative Shares Configuration",
|
|
"description": "Configuration for disabling administrative shares (C$, ADMIN$, etc.) to prevent lateral movement",
|
|
"version": "2.2.3",
|
|
|
|
"Administrative_Shares": {
|
|
"description": "Disable automatic creation and remove existing administrative shares",
|
|
"risk_level": "CRITICAL",
|
|
"attack_vectors": [
|
|
"Lateral movement in networks (WannaCry, NotPetya propagation)",
|
|
"Remote file access by attackers with stolen credentials",
|
|
"Pass-the-Hash attacks using admin shares",
|
|
"Automated malware propagation"
|
|
],
|
|
|
|
"shares_affected": {
|
|
"C$": "Root of C: drive",
|
|
"D$": "Root of D: drive (if exists)",
|
|
"E$": "Root of E: drive (if exists)",
|
|
"ADMIN$": "Windows directory (C:\\Windows)",
|
|
"IPC$": "Named pipes - CANNOT be removed (required by Windows)"
|
|
},
|
|
|
|
"registry_settings": {
|
|
"path": "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters",
|
|
"AutoShareWks": {
|
|
"description": "Disable automatic shares on Workstation (Home/Pro editions)",
|
|
"value": 0,
|
|
"type": "DWORD",
|
|
"default": 1
|
|
},
|
|
"AutoShareServer": {
|
|
"description": "Disable automatic shares on Server editions",
|
|
"value": 0,
|
|
"type": "DWORD",
|
|
"default": 1
|
|
}
|
|
},
|
|
|
|
"firewall_protection": {
|
|
"description": "Block SMB on Public network profile",
|
|
"rule_name": "Block Admin Shares (NoID Privacy)",
|
|
"direction": "Inbound",
|
|
"protocol": "TCP",
|
|
"local_port": 445,
|
|
"profile": "Public",
|
|
"action": "Block"
|
|
},
|
|
|
|
"domain_safety": {
|
|
"enabled": true,
|
|
"description": "Automatically detect domain-joined systems and skip unless -Force",
|
|
"check": "Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object PartOfDomain",
|
|
"warnings": [
|
|
"Group Policy management may be affected",
|
|
"SCCM/Management tools may require admin shares",
|
|
"Remote administration tools may stop working"
|
|
],
|
|
"force_required": true,
|
|
"enterprise_recommendation": "Test in staging environment before deployment"
|
|
}
|
|
},
|
|
|
|
"Profiles": {
|
|
"Balanced": {
|
|
"enabled": true,
|
|
"domain_check": true,
|
|
"force_required": false
|
|
},
|
|
"Enterprise": {
|
|
"enabled": "conditional",
|
|
"domain_check": true,
|
|
"force_required": true,
|
|
"note": "Auto-disabled for domain-joined systems unless -Force"
|
|
},
|
|
"Maximum": {
|
|
"enabled": true,
|
|
"domain_check": false,
|
|
"force_required": false,
|
|
"note": "Always enabled for maximum security"
|
|
}
|
|
},
|
|
|
|
"Impact": {
|
|
"positive": [
|
|
"Prevents lateral movement in case of credential theft",
|
|
"Stops automated ransomware propagation",
|
|
"Blocks Pass-the-Hash attack vectors using admin shares"
|
|
],
|
|
"negative": [
|
|
"Remote administration tools may not work",
|
|
"Group Policy remote management affected",
|
|
"Some enterprise monitoring tools may require admin shares",
|
|
"SCCM and similar tools may need explicit shares"
|
|
],
|
|
"recommendations": {
|
|
"home_users": "Recommended - high security benefit",
|
|
"enterprise": "Requires testing - may break management tools",
|
|
"workaround": "Create explicit shares for required management tools"
|
|
}
|
|
},
|
|
|
|
"Important_Notes": [
|
|
"REQUIRES REBOOT to prevent share recreation",
|
|
"Shares will NOT be recreated after reboot (if registry set)",
|
|
"IPC$ cannot be disabled (required by Windows)",
|
|
"File sharing via explicit shares still works",
|
|
"Can be restored by setting AutoShareWks/AutoShareServer = 1 + reboot"
|
|
],
|
|
|
|
"Compatibility": {
|
|
"windows_versions": ["Windows 10", "Windows 11", "Windows Server 2016+"],
|
|
"tested": "Windows 11 25H2 (Nov 16, 2025)"
|
|
}
|
|
}
|