mirror of
https://github.com/NexusOne23/noid-privacy.git
synced 2026-03-07 01:20:34 +01:00
815a7e39d0
Some checks failed
CI - PowerShell Quality Checks / PSScriptAnalyzer (push) Has been cancelled
CI - PowerShell Quality Checks / Test on PowerShell 5.1 (push) Has been cancelled
CI - PowerShell Quality Checks / Test on PowerShell 7.4 (push) Has been cancelled
CI - PowerShell Quality Checks / Validate Project Structure (push) Has been cancelled
Pester Tests / test (push) Has been cancelled
Bumps remaining 13 files that still referenced v2.2.2:
- 3 AdvancedSecurity config JSONs (AdminShares, Credentials, RDP)
- 4 AdvancedSecurity PS1 headers (Block-FingerProtocol, Set-SRPRules,
Set-WindowsUpdate, Invoke-AdvancedSecurity)
- 2 AntiAI PS1 headers (Disable-CopilotAdvanced, Test-AntiAICompliance)
- 1 Privacy runtime output (Invoke-PrivacyHardening)
- CONTRIBUTING.md templates + FEATURES.md docs
- bug_report.md issue template
Historical annotations in Backup-PrivacySettings.ps1 ("added in v2.2.2")
intentionally preserved as they document feature introduction dates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
64 lines
2.4 KiB
JSON
64 lines
2.4 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"title": "RDP Hardening Configuration",
|
|
"description": "Configuration for RDP (Remote Desktop Protocol) hardening including NLA enforcement and optional complete disable",
|
|
"version": "2.2.3",
|
|
|
|
"NLA_Enforcement": {
|
|
"description": "Network Level Authentication (NLA) enforcement settings",
|
|
"enabled": true,
|
|
"registry_path": "HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp",
|
|
"settings": {
|
|
"UserAuthentication": {
|
|
"description": "Require NLA (Network Level Authentication) before session establishment",
|
|
"value": 1,
|
|
"type": "DWORD",
|
|
"attack_prevention": "Prevents brute-force attacks before login screen appears",
|
|
"impact": "Minimal - NLA is Windows 7+ standard. May affect pre-Vista RDP clients."
|
|
},
|
|
"SecurityLayer": {
|
|
"description": "Require SSL/TLS encryption for all RDP connections",
|
|
"value": 2,
|
|
"type": "DWORD",
|
|
"attack_prevention": "Forces SSL/TLS encryption, prevents plaintext RDP traffic",
|
|
"impact": "Minimal - SSL/TLS is standard since Windows Vista"
|
|
}
|
|
}
|
|
},
|
|
|
|
"Complete_Disable": {
|
|
"description": "Complete RDP disable for air-gapped/high-security environments",
|
|
"enabled_by_default": false,
|
|
"profiles": {
|
|
"Balanced": false,
|
|
"Enterprise": false,
|
|
"Maximum": "optional"
|
|
},
|
|
"registry_path": "HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server",
|
|
"settings": {
|
|
"fDenyTSConnections": {
|
|
"description": "Completely disable Remote Desktop",
|
|
"value": 1,
|
|
"type": "DWORD",
|
|
"attack_prevention": "Complete RDP attack surface removal",
|
|
"impact": "HIGH - Remote administration will not work. Windows automatically adjusts firewall rules."
|
|
}
|
|
},
|
|
"requires": {
|
|
"force_parameter": true,
|
|
"domain_check": true,
|
|
"warning": "This will completely disable RDP. Remote administration will not be possible."
|
|
}
|
|
},
|
|
|
|
"Compatibility": {
|
|
"windows_versions": ["Windows 10", "Windows 11", "Windows Server 2016+"],
|
|
"minimum_rdp_client": "Windows Vista+",
|
|
"notes": [
|
|
"NLA is standard since Windows Vista / Server 2008",
|
|
"Pre-Vista clients will not be able to connect with NLA enforcement",
|
|
"Complete disable affects all remote management via RDP",
|
|
"Domain-joined systems should NOT disable RDP without explicit -Force"
|
|
]
|
|
}
|
|
}
|