https://git.reactos.org/?p=reactos.git;a=commitdiff;h=497ca5420514c63bdcd4c… commit 497ca5420514c63bdcd4cb77fd63a03519f1340a Author: Eric Kohl <eric.kohl(a)reactos.org> AuthorDate: Sun Jan 17 15:12:18 2021 +0100 Commit: Eric Kohl <eric.kohl(a)reactos.org> CommitDate: Sun Jan 17 15:12:18 2021 +0100 [INF] Add default security settings for ReactOS Server --- media/inf/defltsv.inf | 161 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) diff --git a/media/inf/defltsv.inf b/media/inf/defltsv.inf new file mode 100644 index 00000000000..d64c30d339a --- /dev/null +++ b/media/inf/defltsv.inf @@ -0,0 +1,161 @@ +; defltsv.inf +; Default security settings for ReactOS Server + +[Version] +Signature = "$Windows NT$" + +[Application Log] +MaximumLogSize = 16384 +AuditLogRetentionPeriod = 0 +;RetentionDays = 7 +RestrictGuestAccess = 1 + +[Security Log] +MaximumLogSize = 16384 +AuditLogRetentionPeriod = 0 +;RetentionDays = 7 +RestrictGuestAccess = 1 + +[System Log] +MaximumLogSize = 16384 +AuditLogRetentionPeriod = 0 +;RetentionDays = 7 +RestrictGuestAccess = 1 + +[Event Audit] +AuditSystemEvents = 0; +AuditObjectAccess = 0; +AuditPrivilegeUse = 0; +AuditPolicyChange = 0; +AuditAccountManage = 0; +AuditProcessTracking = 0; +AuditAccountLogon = 1; +AuditLogonEvents = 1; + +[Privilege Rights] +SeAssignPrimaryTokenPrivilege = *S-1-5-19, *S-1-5-20 +SeAuditPrivilege = *S-1-5-19, *S-1-5-20 +SeBackupPrivilege = *S-1-5-32-544, *S-1-5-32-551 +SeBatchLogonRight = +SeChangeNotifyPrivilege = *S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-547, *S-1-5-32-551 +SeCreateGlobalPrivilege = *S-1-5-6, *S-1-5-32-544 +SeCreatePagefilePrivilege = *S-1-5-32-544 +SeCreatePermanentPrivilege = +SeCreateTokenPrivilege = +SeDebugPrivilege = *S-1-5-32-544 +SeDenyBatchLogonRight = +SeDenyInteractiveLogonRight = +SeDenyNetworkLogonRight = +SeDenyRemoteInteractiveLogonRight = +SeDenyServiceLogonRight = +SeEnableDelegationPrivilege = +SeImpersonatePrivilege = *S-1-5-6, *S-1-5-32-544 +SeIncreaseBasePriorityPrivilege = *S-1-5-32-544 +SeIncreaseQuotaPrivilege = *S-1-5-19, *S-1-5-20, *S-1-5-32-544 +SeInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-547, *S-1-5-32-551 +SeLoadDriverPrivilege = *S-1-5-32-544 +SeLockMemoryPrivilege = +SeMachineAccountPrivilege = +SeManageVolumePrivilege = *S-1-5-32-544 +SeNetworkLogonRight = *S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-547, *S-1-5-32-551 +SeProfileSingleProcessPrivilege = *S-1-5-32-544, *S-1-5-32-547 +SeRemoteInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-555 +SeRemoteShutdownPrivilege = *S-1-5-32-544 +SeRestorePrivilege = *S-1-5-32-544, *S-1-5-32-551 +SeSecurityPrivilege = *S-1-5-32-544 +SeServiceLogonRight = +SeShutdownPrivilege = *S-1-5-32-544, *S-1-5-32-547, *S-1-5-32-551 +SeSyncAgentPrivilege = +SeSystemEnvironmentPrivilege = *S-1-5-32-544 +SeSystemProfilePrivilege = *S-1-5-32-544 +SeSystemTimePrivilege = *S-1-5-19, *S-1-5-32-544, *S-1-5-32-547 +SeTakeOwnershipPrivilege = *S-1-5-32-544 +SeTcbPrivilege = +SeUndockPrivilege = *S-1-5-32-544, *S-1-5-32-547 + +[Group Membership] +%SceInfUsers%__Memberof = +%SceInfUsers%__Members = %SceInfAuthUsers%, %SceInfInteractive% + +[Registry Values] +; Full registry path = Type, Value +; +; Type: +; 1: REG_SZ +; 2: REG_EXPAND_SZ +; 3: REG_BINARY +; 4: REG_DWORD +; 7: REG_MULTI_SZ + +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD = 4, 0 +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName = 4, 0 +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption = 1, "" +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText = 7, "" +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon = 4, 0 +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon = 4, 1 + +[Strings] +SceInfAuthUsers = "Authenticated Users" +SceInfInteractive = "INTERACTIVE" +SceInfGuest = "Guest" +SceInfUsers = "Users" + +[Strings.0404] +SceInfAuthUsers = "經過身份驗證的使用者" +SceInfInteractive = "INTERACTIVE" +SceInfGuest = "來賓" +SceInfUsers = "使用者" + +[Strings.0407] +SceInfAuthUsers = "Authentifizierte Benutzer" +SceInfInteractive = "INTERAKTIV" +SceInfGuest = "Gast" +SceInfUsers = "Benutzer" + +[Strings.0410] +SceInfAuthUsers = "Utenti autenticati" +SceInfInteractive = "INTERATTIVO" +SceInfGuest = "Guest" +SceInfUsers = "Utenti" + +[Strings.0415] +SceInfAuthUsers = "Użytkownicy uwierzytelnieni" +SceInfInteractive = "INTERAKTYWNA" +SceInfGuest = "Gość" +SceInfUsers = "Użytkownicy" + +[Strings.0418] +SceInfAuthUsers = "Utilizatori autentificați" +SceInfInteractive = "INTERACTIV" +SceInfGuest = "Oaspete" +SceInfUsers = "Utilizatori" + +[Strings.0419] +SceInfAuthUsers = "Авторизованные пользователи" +SceInfInteractive = "INTERACTIVE" +SceInfGuest = "Гость" +SceInfUsers = "Пользователи" + +[Strings.041c] +SceInfAuthUsers = "Përdorues vërtetuar" +SceInfInteractive = "INTERAKTIVE" +SceInfGuest = "Vizitorë" +SceInfUsers = "Përdoruesit" + +[Strings.041f] +SceInfAuthUsers = "Kimliği Doğrulanmış Kullanıcılar" +SceInfInteractive = "ETKLİEŞİMLİ" +SceInfGuest = "Konuk" +SceInfUsers = "Kullanıcılar" + +[Strings.0804] +SceInfAuthUsers = "经过身份验证的用户" +SceInfInteractive = "INTERACTIVE" +SceInfGuest = "来宾" +SceInfUsers = "用户" + +[Strings.0816] +SceInfAuthUsers = "Utilizadores autenticados" +SceInfInteractive = "INTERACTIVE" +SceInfGuest = "Convidado" +SceInfUsers = "Utilizadores"