-
Notifications
You must be signed in to change notification settings - Fork 0
/
chrome-hardening.reg
163 lines (140 loc) · 6.11 KB
/
chrome-hardening.reg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
Windows Registry Editor Version 5.00
;;; Google Chrome for Windows 10 Home & Pro Hardening
;;; Repository: https://github.com/teusink/Home-Security-by-W10-Hardening/
;;; Registry target: HKEY_LOCAL_MACHINE
;;; Source: Computer Internet Security (CIS) - Level 1 & 2
;;; Author: Joram Teusink
;;; 1.1.1.1 (L1) Ensure 'Configure the required domain names for remote access hosts' is set to 'Enabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\RemoteAccessHostDomainList]
; <deleted> = (Default)
; .+ = Enabled (CIS)
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"1"=".+"
;;; 1.1.1.2 (L1) Ensure 'Enable curtaining of remote access hosts' is set to 'Enabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off
; 0000001 = On (CIS)
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"RemoteAccessHostRequireCurtain"=dword:0000000
;;; 1.1.1.3 (L1) Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"RemoteAccessHostFirewallTraversal"=dword:0000001
;;; 1.1.1.4 (L1) Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
"RemoteAccessHostAllowClientPairing"=dword:0000000
;;; 1.1.2.1 (L2) Ensure 'Default cookies setting' is set to 'Enabled' (Keep cookies for the duration of the session)
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000001 = Allow all sites to set local data
; 0000002 = Do not allow any site to set local data
; 0000004 = Keep cookies for the duration of the session (CIS)
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"DefaultCookiesSetting"=dword:0000001
;;; 1.1.2.2 (L1) Ensure 'Default Flash Setting' is set to 'Enabled' (Click to Play)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000001 = Allow all sites to automatically run plugins
; 0000002 = Block all plugins
; 0000003 = Click to play (CIS)
"DefaultPluginsSetting"=dword:0000003
;;; 1.1.4.1 (L1) Ensure 'Configure extension installation blacklist' is set to 'Enabled' ("*" for all extensions)
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist]
; <deleted> = (Default)
; * = Enabled (CIS)
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"1"="*"
;;; 1.1.8.1 (L1) Ensure `Configure native messaging blacklist` is set to 'Enabled' ("*" for all messaging applications)
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\NativeMessagingBlacklist]
; <deleted> = (Default)
; * = Enabled (CIS)
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"1"="*"
;;; 1.1.10.1 (L1) Ensure 'Enable saving passwords to the password manager' is set to 'Disabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"PasswordManagerEnabled"=dword:0000000
;;; 1.1.11.1 (L1) Ensure 'Supported authentication schemes' is set to 'Enabled' (ntlm, negotiate)
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; basic, digest = Insecure
; ntlm, negotiate = Secure (CIS)
; basic, digest, ntlm, negotiate = All
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"AuthSchemes"="ntlm, negotiate"
;;; 1.1.15 (L2) Ensure 'Allow invocation of file selection dialogs' is set to 'Enabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off
; 0000001 = On (CIS)
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"AllowFileSelectionDialogs"=dword:0000001
;;; 1.1.16 (L1) Ensure 'Allow running plugins that are outdated' is set to 'Disabled'
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
"AllowOutdatedPlugins"=dword:0000000
;;; 1.1.17 (L1) Ensure 'Block third party cookies' is set to 'Enabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off
; 0000001 = On (CIS)
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"BlockThirdPartyCookies"=dword:0000001
;;; 1.1.18 (L1) Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"BackgroundModeEnabled"=dword:0000000
;;; 1.1.19 (L1) Ensure 'Enable AutoFill' is set to 'Disabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"AutoFillEnabled"=dword:0000000
;;; 1.1.20 (L1) Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"CloudPrintProxyEnabled"=dword:0000000
;;; 1.1.21 (L1) Ensure 'Enable reporting of usage and crash-related data' is set to 'Disabled'
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
"MetricsReportingEnabled"=dword:0000000
;;; 1.1.22 (L1) Ensure 'Enable Site Isolation for every site' is set to 'Enabled'
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off
; 0000001 = On (CIS)
"SitePerProcess"=dword:0000001
;;; 1.1.23 (L1) Ensure 'Enable submission of documents to Google Cloud print' is set to 'Disabled'
;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
; NON-COMPLIANCE TO NOT DISRUPT COMMON HOME FEATURES
;"CloudPrintSubmitEnabled"=dword:0000000
;;; 1.1.24 (L1) Ensure 'Import saved passwords from default browser on first run' is set to 'Disabled'
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
; <deleted> = (Default)
; 0000000 = Off (CIS)
; 0000001 = On
"ImportSavedPasswords"=dword:0000000