Disable insecure remote administration access
Overview
This category contains privacy scripts for Windows.
These changes use Windows system commands to update your settings.
This category improves security by disabling insecure remote administration features. Organizations use remote administration tools to manage multiple systems from a central location, performing tasks such as software updates, system checks, and configuration changes.
However, if not properly secured, unauthorized users could exploit these tools to access sensitive data or control systems. This category addresses such vulnerabilities by disabling outdated or insecure remote access methods, thus securing systems against potential cyber threats.
While these measures maintain information confidentiality and integrity, they may restrict some remote management functionalities.
This may lead to reduced functionality or connectivity issues, particularly in enterprise environments where remote administration is necessary.
Be careful running these scripts. This category includes scripts with high impact:
- 🔴 Some not recommended scripts. They should only be used by advanced users. They may break important functionality.
- 🟡 Some recommended scripts only if you understand its implications. Some non-critical or features may no longer function correctly after running this this category.
- 🟢 Some safely recommended scripts. Safe-to use for any user.
Implementation Details
-
Language: batch
-
Scripts Count: 8 scripts
-
Required Privileges: Administrator rights
-
Compatibility: Windows only
-
Reversibility: All changes can be reverted
Apply now
These scripts are written using Batch (batchfile) scripting language.
Choose one of two ways to apply:
- Automatically via privacy.sexy: The easiest and safest option.
- Manually by downloading: Requires downloading a file.
Alternative 1. Apply with Privacy.sexy
privacy.sexy is free and open-source application that lets securely apply this action easily.
It allows selectively choose parts of this action to conduct. You can fully restore this action (revert back to the original behavior) using the application. Additionally, you can apply only the recommended scripts, instead of applying all of the scripts.
privacy.sexy instructions
- Open or download the desktop application
- Search for the category name:
Disable insecure remote administration access
. - Check the category by clicking on the checkbox of the category.
- Click on Run button at the bottom of the page.
Alternative 2. Download
You can choose to apply only scripts with less impact or also those with higher impact:
Strict
Recommended if you understand its implications. It may cause some non-critical features to no longer function correctly.
All
Not recommended for daily use as it breaks important functionality. It provides military-grade privacy, for special use-cases. Do not run it without having backups and system snapshots.
Consider restarting your computer for all changes to take affect.
This action is completely reversible, you can restore your changes to the initial/default state. The restore/revert methods provided here can help you fix issues.
If something goes wrong, use the Revert script provided above.
Standard
This script includes only Standard recommendation level.
Standard scripts in this category is recommended for all users. They help to improve privacy without affecting stability.
Download only standard scripts by clicking on the button:
Restore these changes if you decide to revert them by downloading the restore script:
Strict
This script includes Standard and Strict recommendation levels.
This script is only recommended if you understand their implications of every single change. Some non-critical or features may no longer function correctly after running this script.
Download Strict scripts:
Restore these changes if you decide to revert them by downloading the restore script:
All
This script includes Standard, Strict recommendation levels along with unrecommended scripts.
This script should only be used by advanced users. Some of these changes are NOT recommended for daily use as it breaks important functionality. Do not run it without having backups and system snapshots.
Download all scripts:
Restore these changes if you decide to revert them by downloading the restore script:
Explore further
This category includes total of 8 scripts but no subcategories.
Explore its 8 scripts:
Disable basic authentication in WinRM
This script configures the Windows Remote Management (WinRM) client to disable basic authentication. Basic authentication is a security protocol where a user provides a username and password in plain text for verification. It improves security by preventing the interception and misuse of plain text passwords. It achieves this by modifying the "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Client!AllowBasic" registry key. While WinRM clients do not use Basic authentication by default, this s...
Disable unauthorized user account discovery (anonymous SAM enumeration)
This script increases your system's security by preventing unauthorized users from seeing account names in the Security Accounts Manager (SAM). The Security Accounts Manager (SAM) is a database in Windows that stores user account information and is critical for user authentication processes. When account names are exposed, attackers might use them for guessing passwords or tricking people into revealing sensitive information. This is a security action recommended by organizations like the Depart...
Disable anonymous access to named pipes and shares
This script restricts anonymous access to Named Pipes and Shares. It reduces security risks by preventing unauthorized access. Named Pipes allow programs on a computer or network to communicate with each other. Anonymous access lets users connect to services without a username or password, increasing the risk of unauthorized access. It configures the "HKLM\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters!restrictnullsessaccess" registry setting to control null session access, which ...
Disable hidden remote file access via administrative shares (breaks remote system management software)
This script improves your privacy and security by disabling Windows administrative shares, which are typically used for remote access to your computer's file system. Windows automatically creates hidden administrative shares, such as "C$" and "D$", that allow system administrators remote access to every disk volume on your computer. These shares are often targeted as potential attack vectors. Disabling administrative shares is generally a good practice for enhancing security. It is recommended b...
Disable anonymous enumeration of shares
This script disables the anonymous enumeration of shares to prevent unauthorized users from listing account names and shared resources, which could serve as a roadmap for attackers. It configures the "HKLM\\SYSTEM\\CurrentControlSet\\Control\\LSA!restrictanonymous" registry key to ensure that such enumeration is blocked, improving system security against potential breaches.
Disable "Telnet Client" feature
This script disables the Telnet Client feature in Windows. The Telnet Client enables remote server connections. It is inherently insecure because it transmits all data, including sensitive credentials, in clear text without encryption. This lack of encryption makes it vulnerable to interception and misuse. Due to these security flaws, entities such as NIST, Department of Defense and Microsoft recommend removing or disabling this feature. Although this feature is disabled by default in newer ...
Remove "RAS Connection Manager Administration Kit (CMAK)" capability
This script removes the "RAS Connection Manager Administration Kit (CMAK)" ("RasCMAK.Client") capability. CMAK is a tool that allows the creation of profiles for connecting to remote servers and networks. Though useful for remote connections, this capability might be unnecessary for many users. Removing it can simplify the system's network configuration and enhance security by reducing potential attack vectors. This capability is not included in the standard installation of Windows.
Disable Windows Remote Assistance feature
This script disables the Windows Remote Assistance feature to improve your system's privacy and security. Windows Remote Assistance allows a third party to remotely access your PC. This capability, known as Solicited Remote Assistance, enables another user to view or take control of your computer. Disabling Remote Assistance improves security by: Preventing others from remotely viewing or controlling your computer. • Reducing the risk of exploitation from RDP-related vulnerabilities. • Reducin...
Explore Categories
- Improve network security
- Security improvements
This action belongs to Improve network security category. This category is dedicated to improving network security. It aims to minimize vulnerabilities by offering various settings that improve the integrity and confidentiality of data transmitted over the network. It features a range of measures to protect data transmission from unauthorized access,... Read more on category page ▶
This action belongs to Security improvements category. This category encompasses a range of scripts designed to improve the security of your system by enforcing security best practices. These scripts help protect your system against various types of cyber threats and unauthorized access. Read more on category page ▶
Support
This website relies on your support.
Your donation helps keep the project alive and improves its content ❤️.
Share this page: