Harden Windows with Hard Configurator
Hard Configurator is a free program for Microsoft Windows operating systems that you may use to harden the operating system and manage software restriction policies.
it is a good idea from a security point of view to harden an operating system after installation or on first run.
One idea behind hardening the system is to restrict services or features that you don't require, another to lock down certain features to improve security.
You may do so using built-in tools or the Windows Registry.
Hard Configurator is a free program for all versions of Windows starting with Windows Vista that adds a graphical user interface for quite a few security related features. It looks a bit like the big brother of Hardentools, another Windows hardening program.
Hard Configurator
The program does not reinvent the wheel, but you may find it easier to use than using the Registry. This is especially true if you need to hunt down the relevant values first before you can even start to change them.
The main interface of the program is without the shadow of the doubt not the prettiest, and some of you may even call it confusing or messy.
The author added help buttons to all core features the program offers, and a button to open the general help for any option that does not have a dedicated help button. The help files displayed a blank window however on a 64-bit version of Windows 10 Pro I tried the application on.
So what can you do with the program?
- Enable or disable Software Restriction Policies (SRP) in Windows Home versions.
- Change SRP levels, enforcement, and protected extensions.
- Whitelist files by path and by hash.
- Enable or disable Windows Defender PUA (Potentially Unwanted Application) protection.
- Enable or disable untrusted fonts in Windows 10.
- Enable or disable execution from removable disks.
- Enable or disable the Windows Scripting Host.
- Enable or disable PowerShell script execution.
- Restrict shortcut execution to select folders.
- Hide or unhide "run as administrator".
- Force Smartscreeen filter checks for files that are not marked as "from the Internet" on Windows 8 or newer.
- Enable or disable Remote Assistance, Remote Shell, or Remote Registry.
- Protect writable subfolders in c:\windows.
Buttons are provide to turn all SRP options on or off, and to turn off all restrictions.
As far as the general application layout is concerned, it lists the main options in the second and fifth column, and the values of the entries of these columns in the first and six column.
You may turn features on or off individually. While you can set most using the Registry, it is faster using the program.
The downside is that you don't really see what the program does in the background while you have full control over the process if you do it manually.
One of the interesting features of Hard Configurator is to enable the SmartScreen filter for programs that don't have the "from the web" Alternate Date Stream attached to them.
This ensures that the security feature will check programs that come from removable disks, drives, optical discs, container file formats, or files downloaded using third-party programs.
Hard Configurator ships with a tools section. You may use it to restore Windows defaults, create a system restore point, run the SRP/Scripts eventlog view, or run autoruns: scripts/userSpace.
As always, if you use a program that makes system changes, make sure you run a backup job prior to that so that you can restore the operating system should things go wrong along the process.
Closing Words
Hard Configurator provides you with options to make security related changes to Windows quickly. The program is not the easiest to work with, and the blank help files are somewhat discouraging as well. The program appears to make the right changes though to the Registry.
Now you: have you hardened your operating system
Hi Martin.
Thanks for Hard_Configurator review. The problem with the help files may occur if you did not copy ‘Hard_Configurator’ folder to Windows directory. The paths to help files and to RunAs Smartscreen and RunBySmartscreen executables are hard-coded in the program. The details are contained in https://github.com/AndyFul/Hard_Configurator/blob/master/Installation.txt .
I forgot to include them in Hard_Configurator_2.0.1.0.zip .
I hope it will help.
It could be easier to install.
It is semi-portable. You have to unzip and copy Hard_Configurator folder to Windows directory.
and as someone who fixes windows pc’s, it can’t be stressed enough to run as a user not as an admin. I mean if you are not doing this you are seriously asking for problems.
Yes, that is true. Hard_Configurator can be run from any account. The Standard Account is a lot safer than Admin Account. 80% Windows exploits can be stopped just by using SUA.
Author’s forum thread at Malwaretips:
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416
In the information area at the bottom of the page RSS is spelled Rss. Huge problem.