Back

Automating Local Security Policy, Firewall, and Services.

A LOT of menus on windows has an import/export button, which can also be used to import/export security options. Because of this, you dont need to know how to script, and you can accurately and easily configure settings for the Cyber Patriots round before it starts.
All of these methods involve "Exporting" which makes a file with all your settings. You can then save this, then "Import" it in the destination VM.
If any part of this is confusing, Email the writer at admin@datadeer.net and I will clarify, and update the page.

Table Of Contents

Chapter One: Local Security Policies Importing/Exporting
Chapter Two: Firewall Importing/Exporting
Chapter Three: Services Importing/Exporting
Chapter Four: Example Templates
Chapter Five: Reviewing Templates

Chapter One: Local Security Policies Importing/Exporting

Step One: Set your rules - Open up Security Policy (Just search SecPol on your task bar, it's the grey box with the lock icon). Then, change rules so the computer becomes more secure.
Some example settings you could set include:
  • "Account Policies > Password Policy > Minimum password length" to 14 characters (New passwords have to be long)
  • "Account Policies > Password Policy > Minimum password age" to 9 days
  • "Account Policies > Password Policy > Maximum password age" to 30 days (The users will have to change their password monthly)
  • "Account Policies > Account Lockout Policy > Account Lockout Duration" to 30 minutes
  • "Account Policies > Account Lockout Policy > Account lockout threshold" to 4 invalid logon attempts
  • "Account Policies > Account Lockout Policy > Reset account lockout counter after" to 30 minutes
  • "Local Policies > Audit Policies > Audit account logon events" to Success,Failure (This will let the computer log when people sign in, or if they get the wrong password)
  • "Local Policies > Security Options > Accounts: Guest account status" to Disabled (This disables the Guest account)
  • "Local Policies > Security Options > Devices: Prevent users from installing printer drivers" to Enabled
Step Two: Export your policies - In the top bar, under "Action", click "Export Policy". This will make a file that holds all of your SecPol settings. If you open it in Notepad, you can see all the things it sets.
Step Three: Import your policies - In the VM click "Import Policy" and select the file you made earlier. You'll automatically have all your settings transferred over.
Step Four: Review the template - This is optional, but if before applying the template you want to review it, see Chapter Five, Reviewing Templates

Chapter Two: Firewall Importing/Exporting

Luckily, Windows Firewall can also be imported and exported to, just like in Local Security Policy.
If you open "Windows Defender Firewall with Advanced Security" (Just search firewall and click the long name), you'll be able to right click as shown in the image and Import/Export to other systems.
Step One: Delete All Existing Rules - First just do a good 'ol "CTRL+A" to select all rules, and delete them all (do this for inbound and outbound rules). The reason you can delete them all is because as long as your firewall is on, there should be no inbound "holes", and all outbound traffic is implicitly allowed, so all "Allow" rules for that are useless.
Step Two: Make a TCP Rule - Make a new rule (Right click, new rule). Check the "Port" option, because we want to block ports. Ports are numbers used to say what can go through, like EMail or web browsing.
Select "TCP" and under specific remote ports put "20,21,23,25,69,110,137-139,445". This includes many insecure protocols, such as FTP, Telnet, EMail, TFTP, NetBios, and SMB. These ports are commonly seen as important to close because they are commonly insecure.
Then go through the menu, selecting "Block the connection" and applying it to all networks (Domain, Private, and Public) because we want it to always be on. Name it "Block TCP Ports"
Step Three: Make a UDP Rule - Go through the rule-adding process again, but this time, select "UDP" and for specific remote ports put the same numbers as before. Some of these are only one or the other (TCP or UDP), but it's fine to block it on both. Name this "Block UDP ports".
Step Four: Export your template (Shown in image above) - Right click in the place shown in the image above and click "Export Policy". This makes a text file holding all your cool rules.
Step Five: Import your template - Move your rules file to a new computer (you could use DataDeer Share), then right click in the same place and click "Import Policy". Then, your rules will be applied.

Chapter Three: Services Importing/Exporting

Exporting Services is a bit harder than the other ones, but not too bad.
Step One: Open "Security Templates" - Open MMC (Search it in the taskbar), then go to "File > Add/Remove Snap In". Scroll to then select Security Templates, then click "Add". Once it's on the right side, click "OK". You then see in MMC you have a tab called "Security Templates".
Step Two: Open a Template - In your tool, right click "Security Templates" and click "New Template Search Path". Then, choose the directory your templates are/will be in (such as your Desktop).
You can then either open a template (.inf file) you have already made (Such as in Chapter One), or just make a new template (Right click, new template).
Step Three: Change the template - In the template, open the System Services page. Here, you can set services' startup type. Services have four startup types:
  • Automatic: The service is always running, and starts in bootup.
  • Automatic (Delayed Start): The service is always running, but starts later to speed up startup.
  • Manual: The service is only running when it's needed. An example of this is Windows Backup, which only runs during backups.
  • Disabled: The service never runs, even when requested. This could cause dependency problems.
Some services you could set include:
  • Print Spooler: Disable - This service is used by printers, which could be used for sharing confidential information.
  • Fax: Disable - The fax service could be used for sharing confidential information.
  • SNMP Trap: Disable - This service is used for getting EMail, which could leak confidential information.
  • Xbox Services: Disable - These could be used for unnecessary gaming. There are about 5 of them.
  • Windows Update: Automatic - This is vital for security.
  • DNS Client: Automatic - This is necessary for caching DNS, which can improve internet speeds.
Step Four: Export the template - To export the template, right click it, then click "Save As". You can save this to your Desktop.
Step Five: Import the template - Open SecPol (Search it in the taskbar), then click "Action > Import Policy", as shown in the image to the left.
Step Six: Review the template - This is optional, but if before applying the template you want to review it, see Chapter Five, Reviewing Templates

Chapter Four: Example Templates

Here's some templates I would recommend using. You could either use them plainly, or add on to them your own ideas!
Recommended SecPol Configuration - This currently contains about 130 Security Policy settings, along with around 20 Windows service startup configurations. To use/edit it, see Local Security Policies Importing/Exporting.
Recommended Firewall Configuration - This contains all necessary ports to block, and doesn't leave a million open ports. Remember, if the readme needs SSH or HTTP, to enable that.
Recommended MMC menu - An MMC SnapIn with all the tools you should need, in order, such as user management, shared folders, firewall, GPEdit, and more!

Chapter Five: Reviewing Templates

Reviewing templates is optional, but if you have multiple conflicting templates, it can be helpful. You can compare the template to your currently applied settings, and see how they differ.
Step One: Open Security Configuration and Analysis - SCA is a snap-in, so to open it, open MMC (search it in the taskbar) and click "File > Add/Remove Snap-in" (as shown in the image. Then add the "Security Configuration and Analysis" snap in by scrolling to it, clicking it, then clicking "Add". Once you added it, click "OK".
Step Two: Make a new Database -With the snap-in opened, this is where it starts to get confusing, so listen closely, and read ahead before starting. Right click it, and click "Open Database". Make a database on your Desktop by making up a new name, such as "asdf.sdb", and click "Open". You don't need to find an existing database.
Step Three: Import your Templates - It will prompt you to "Import Templates". If you don't have a template, either consult Chapter One or Chapter Three to make a template, or Chapter Four to use a premade template.
If you want to import more templates, right click the "Security Configuration and Analysis" again, and click "Import Template".
Step Four: Analyze the template - Right click the "Security Configuration Analysis" again, and click "Analyze Computer Now". Click "OK" for the error log file path. Now, when you go into the tabs inside SCA, you can see check marks if your computer is set to the same thing, or an X if they are different. An example of this is in the image above where the Max password age on the computer is 30 days, but in my database (AKA template), it's 29 (which is slightly more secure).
If you want to change the template, double click the row in the view, and change it. Remember that this will change the database only, so to change the template, right click the "Security Configuration and Analysis", and click "Export Template".
Step Five: Apply the template - After analyzing the template, if it looks good, right click "Security Configuration and Analysis", and click "Configure Computer Now". This will set the computer's settings to what you just reviewed as acceptable.