Category,Path,Key,Value,Type,Action,Comment
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client,DisabledByDefault,1,DWORD,AddOrModify,Disable TLS v1
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client,Enabled,0,DWORD,AddOrModify,Disable TLS v1
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server,DisabledByDefault,1,DWORD,AddOrModify,Disable TLS v1
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server,Enabled,0,DWORD,AddOrModify,Disable TLS v1
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client,DisabledByDefault,1,DWORD,AddOrModify,Disable TLS v1.1
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client,Enabled,0,DWORD,AddOrModify,Disable TLS v1.1
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server,DisabledByDefault,1,DWORD,AddOrModify,Disable TLS v1.1
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server,Enabled,0,DWORD,AddOrModify,Disable TLS v1.1
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL\,Enabled,0,DWORD,AddOrModify,Disabling NULL
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56,Enabled,0,DWORD,AddOrModify,Disabling DES 56-bit
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128,Enabled,0,DWORD,AddOrModify,Disabling RC2 40-bit
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128,Enabled,0,DWORD,AddOrModify,RC2 56-bit
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128,Enabled,0,DWORD,AddOrModify,RC2 128-bit
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128,Enabled,0,DWORD,AddOrModify,RC4 40-bit
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128,Enabled,0,DWORD,AddOrModify,RC4 56-bit
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128,Enabled,0,DWORD,AddOrModify,RC4 64-bit
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128,Enabled,0,DWORD,AddOrModify,RC4 128-bit
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168,Enabled,0,DWORD,AddOrModify,3DES 168-bit (Triple DES 168)
TLS,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5,Enabled,0,DWORD,AddOrModify,Disable MD5 Hashing Algorithm
Miscellaneous,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search,EnableFindMyFiles,1,DWORD,AddOrModify,Turn on Enhanced mode search for Windows indexer
Miscellaneous,HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062},allowautoupdatesmetered,1,DWORD,AddOrModify,Set Microsoft Edge (Stable) to update over Metered connections
Miscellaneous,HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{2CD8A007-E189-409D-A2C8-9AF4EF3C72AA},allowautoupdatesmetered,1,DWORD,AddOrModify,Set Microsoft Edge (Beta) to update over Metered connections
Miscellaneous,HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{0D50BFEC-CD6A-4F9A-964C-C7416E3ACB10},allowautoupdatesmetered,1,DWORD,AddOrModify,Set Microsoft Edge (Dev) to update over Metered connections
Miscellaneous,HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpClient,SpecialPollInterval,345600,DWORD,AddOrModify,Change Windows time sync interval from every 7 days to every 4 days (= every 345600 seconds)
Miscellaneous,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters,EncryptData,1,DWORD,AddOrModify,Enable SMB Encryption
Miscellaneous,HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config,EnableCertPaddingCheck,1,String,AddOrModify,WinVerifyTrust Signature Validation
Miscellaneous,HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config,EnableCertPaddingCheck,1,String,AddOrModify,WinVerifyTrust Signature Validation
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\Recommended,BlockThirdPartyCookies,1,DWORD,AddOrModify,Recommends to block 3rd party cookies
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,DnsOverHttpsMode,automatic,String,AddOrModify,Sets Edge to use system's DNS over HTTPS. This makes MDAG to work properly too
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,DnsOverHttpsTemplates,Any,String,Delete,Removes Any DNS over HTTPS set in Edge browser by registry because it prevents MDAG from working properly. See the Readme
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,PrimaryPasswordSetting,1,DWORD,Delete,Configures a setting that asks users to enter their device password while using password autofill
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,AutomaticHttpsDefault,2,DWORD,AddOrModify,Automatically upgrade HTTP connections to HTTPS
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,EncryptedClientHelloEnabled,1,DWORD,AddOrModify,Enable Encrypted Client Hello
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,WebRtcLocalhostIpHandling,default_public_interface_only,String,Delete,Allow public interface over http default route. This doesn't expose the local IP address when using WebRTC
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,SSLErrorOverrideAllowed,0,DWORD,Delete,Prevents users from proceeding from the HTTPS warning page
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,BasicAuthOverHttpEnabled,0,DWORD,AddOrModify,Block Basic authentication for HTTP
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,WebRtcRespectOsRoutingTableEnabled,0,DWORD,Delete,Causes problem with Discord Voice Chat in Edge browser - Leads to no route error - when you are using VPN like Mullvad that has tight kill switch feature
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,PDFSecureMode,1,DWORD,Delete,Secure mode and Certificate-based Digital Signature validation in native PDF reader
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,ExperimentationAndConfigurationServiceControl,2,DWORD,AddOrModify,Allow devices using Edge category of the hardening script to receive new features and experimentations like normal devices
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,AudioSandboxEnabled,1,DWORD,AddOrModify,Enforces the audio process to run sandboxed
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\Recommended,DefaultShareAdditionalOSRegionSetting,2,DWORD,AddOrModify,Recommends that the share additional operating system region setting to be set to never.
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\Recommended,NewPDFReaderEnabled,1,DWORD,Delete,Recommends the new Adobe PDF reader be used in Edge for PDFs
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,1,0xc013,String,AddOrModify,Disable TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - (CBC - SHA1)
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,2,0xc014,String,AddOrModify,Disable TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - (CBC - SHA1)
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,3,0x0035,String,AddOrModify,Disable TLS_RSA_WITH_AES_256_CBC_SHA - (NO PFS - CBC - SHA1)
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,4,0x002f,String,AddOrModify,Disable TLS_RSA_WITH_AES_128_CBC_SHA - (NO PFS - CBC - SHA1)
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,5,0x009c,String,AddOrModify,Disable TLS_RSA_WITH_AES_128_GCM_SHA256 - (NO PFS)
Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,6,0x009d,String,AddOrModify,Disable TLS_RSA_WITH_AES_256_GCM_SHA384 - (NO PFS)
NonAdmin,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,HideFileExt,0,DWORD,AddOrModify,Show known file extensions in File explorer
NonAdmin,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Hidden,1,DWORD,AddOrModify,Show hidden files and folders and drives toggles the control panel folder options item
NonAdmin,HKEY_CURRENT_USER\Control Panel\International\User Profile,HttpAcceptLanguageOptOut,1,DWORD,AddOrModify,Disable websites accessing local language list
NonAdmin,HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings,SafeSearchMode,0,DWORD,AddOrModify,turn off safe search in Windows search. from Windows settings > privacy and security > search permissions > safe search
NonAdmin,HKEY_CURRENT_USER\Software\Microsoft\Input\Settings,EnableHwkbTextPrediction,1,DWORD,AddOrModify,turn on Show text suggestions when typing on the physical keyboard for the current user toggles the option in Windows settings
NonAdmin,HKEY_CURRENT_USER\Software\Microsoft\Input\Settings,MultilingualEnabled,1,DWORD,AddOrModify,turn on Multilingual text suggestions for the current user toggles the option in Windows settings
NonAdmin,HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys,Flags,506,String,AddOrModify,turn off sticky key shortcut of pressing shift key 5 time fast
NonAdmin,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings,NOC_GLOBAL_SETTING_ALLOW_CRITICAL_TOASTS_ABOVE_LOCK,0,DWORD,AddOrModify,Disables show reminders and incoming VoIP calls on the lock screen in Settings > System > Notifications
NonAdmin-ClipboardSync,HKEY_CURRENT_USER\Software\Microsoft\Clipboard,EnableClipboardHistory,1,DWORD,AddOrModify,Enable Clipboard History for the current user
NonAdmin-ClipboardSync,HKEY_CURRENT_USER\Software\Microsoft\Clipboard,CloudClipboardAutomaticUpload,1,DWORD,AddOrModify,2nd commands to enable sync of Clipboard history in Windows between devices
NonAdmin-ClipboardSync,HKEY_CURRENT_USER\Software\Microsoft\Clipboard,EnableCloudClipboard,1,DWORD,AddOrModify,last one to enable Clipboard sync