Skip to main content

Disable insecure remote administration access

Overview

About this category

This category contains privacy scripts for Windows.

These changes use Windows system commands to update your settings.

This category improves security by disabling insecure remote administration features. Organizations use remote administration tools to manage multiple systems from a central location, performing tasks such as software updates, system checks, and configuration changes.

However, if not properly secured, unauthorized users could exploit these tools to access sensitive data or control systems. This category addresses such vulnerabilities by disabling outdated or insecure remote access methods, thus securing systems against potential cyber threats.

While these measures maintain information confidentiality and integrity, they may restrict some remote management functionalities.

Caution

This may lead to reduced functionality or connectivity issues, particularly in enterprise environments where remote administration is necessary.

Caution: Mixed Risk Levels

Be careful running these scripts. This category includes scripts with high impact:

  • 🔴 Some not recommended scripts. They should only be used by advanced users. They may break important functionality.
  • 🟡 Some recommended scripts only if you understand its implications. Some non-critical or features may no longer function correctly after running this this category.
  • 🟢 Some safely recommended scripts. Safe-to use for any user.
Implementation Details
  • Language: batch

  • Scripts Count: 8 scripts

  • Required Privileges: Administrator rights

  • Compatibility: Windows only

  • Reversibility: All changes can be reverted

Apply now

These scripts are written using Batch (batchfile) scripting language.

Choose one of two ways to apply:

  1. Automatically via privacy.sexy: The easiest and safest option.
  2. Manually by downloading: Requires downloading a file.

Alternative 1. Apply with Privacy.sexy

privacy.sexy is free and open-source application that lets securely apply this action easily.

Open privacy.sexy

It allows selectively choose parts of this action to conduct. You can fully restore this action (revert back to the original behavior) using the application. Additionally, you can apply only the recommended scripts, instead of applying all of the scripts.

privacy.sexy instructions
  1. Open or download the desktop application
  2. Search for the category name: Disable insecure remote administration access.
  3. Check the category by clicking on the checkbox of the category.
  4. Click on Run button at the bottom of the page.

Alternative 2. Download

You can choose to apply only scripts with less impact or also those with higher impact:

Standard

Recommended for all users. It helps to improve privacy without affecting stability.

Scroll

Strict

Recommended if you understand its implications. It may cause some non-critical features to no longer function correctly.

Scroll

All

Not recommended for daily use as it breaks important functionality. It provides military-grade privacy, for special use-cases. Do not run it without having backups and system snapshots.

Scroll

Consider restarting your computer for all changes to take affect.

Reversible

This action is completely reversible, you can restore your changes to the initial/default state. The restore/revert methods provided here can help you fix issues.

If something goes wrong, use the Revert script provided above.

Standard

This script includes only Standard recommendation level.

Safe for General Use

Standard scripts in this category is recommended for all users. They help to improve privacy without affecting stability.

Download only standard scripts by clicking on the button:

Download script

Restore these changes if you decide to revert them by downloading the restore script:

Download restore script

Strict

This script includes Standard and Strict recommendation levels.

Use with Caution

This script is only recommended if you understand their implications of every single change. Some non-critical or features may no longer function correctly after running this script.

Download Strict scripts:

Download script

Restore these changes if you decide to revert them by downloading the restore script:

Download restore script

All

This script includes Standard, Strict recommendation levels along with unrecommended scripts.

Not Advised

This script should only be used by advanced users. Some of these changes are NOT recommended for daily use as it breaks important functionality. Do not run it without having backups and system snapshots.

Download all scripts:

Download script

Restore these changes if you decide to revert them by downloading the restore script:

Download restore script

Explore further

This category includes total of 8 scripts but no subcategories.

Explore its 8 scripts:

Disable basic authentication in WinRM

This script configures the Windows Remote Management (WinRM) client to disable basic authentication. Basic authentication is a security protocol where a user provides a username and password in plain text for verification. It improves security by preventing the interception and misuse of plain text passwords. It achieves this by modifying the "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Client!AllowBasic" registry key. While WinRM clients do not use Basic authentication by default, this s...

Disable unauthorized user account discovery (anonymous SAM enumeration)

This script increases your system's security by preventing unauthorized users from seeing account names in the Security Accounts Manager (SAM). The Security Accounts Manager (SAM) is a database in Windows that stores user account information and is critical for user authentication processes. When account names are exposed, attackers might use them for guessing passwords or tricking people into revealing sensitive information. This is a security action recommended by organizations like the Depart...

Disable anonymous access to named pipes and shares

This script restricts anonymous access to Named Pipes and Shares. It reduces security risks by preventing unauthorized access. Named Pipes allow programs on a computer or network to communicate with each other. Anonymous access lets users connect to services without a username or password, increasing the risk of unauthorized access. It configures the "HKLM\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters!restrictnullsessaccess" registry setting to control null session access, which ...

Disable hidden remote file access via administrative shares (breaks remote system management software)

This script improves your privacy and security by disabling Windows administrative shares, which are typically used for remote access to your computer's file system. Windows automatically creates hidden administrative shares, such as "C$" and "D$", that allow system administrators remote access to every disk volume on your computer. These shares are often targeted as potential attack vectors. Disabling administrative shares is generally a good practice for enhancing security. It is recommended b...

Disable "Telnet Client" feature

This script disables the Telnet Client feature in Windows. The Telnet Client enables remote server connections. It is inherently insecure because it transmits all data, including sensitive credentials, in clear text without encryption. This lack of encryption makes it vulnerable to interception and misuse. Due to these security flaws, entities such as NIST, Department of Defense and Microsoft recommend removing or disabling this feature. Although this feature is disabled by default in newer ...

Remove "RAS Connection Manager Administration Kit (CMAK)" capability

This script removes the "RAS Connection Manager Administration Kit (CMAK)" ("RasCMAK.Client") capability. CMAK is a tool that allows the creation of profiles for connecting to remote servers and networks. Though useful for remote connections, this capability might be unnecessary for many users. Removing it can simplify the system's network configuration and enhance security by reducing potential attack vectors. This capability is not included in the standard installation of Windows.

Disable Windows Remote Assistance feature

This script disables the Windows Remote Assistance feature to improve your system's privacy and security. Windows Remote Assistance allows a third party to remotely access your PC. This capability, known as Solicited Remote Assistance, enables another user to view or take control of your computer. Disabling Remote Assistance improves security by: Preventing others from remotely viewing or controlling your computer. • Reducing the risk of exploitation from RDP-related vulnerabilities. • Reducin...

Explore Categories

This action belongs to Improve network security category. This category is dedicated to improving network security. It aims to minimize vulnerabilities by offering various settings that improve the integrity and confidentiality of data transmitted over the network. It features a range of measures to protect data transmission from unauthorized access,... Read more on category page ▶

Support

This website relies on your support.

Support now

Your donation helps keep the project alive and improves its content ❤️.

Share this page: