; ----------------------------------------------------------------------
; PARSING COMPUTER POLICY
; Source file:  .\ash-windows\scm\Windows_2012ServerR2_DC\machine_registry.pol

Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun
DWORD:255

Computer
Software\Microsoft\Windows\CurrentVersion\Policies\System
MSAOptional
DWORD:1

Computer
Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableAutomaticRestartSignOn
DWORD:1

Computer
Software\Policies\Microsoft\EMET\Defaults
UnRAR
SZ:*\WinRAR\unrar.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
LyncCommunicator
SZ:*\Microsoft Lync\communicator.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
GoogleTalk
SZ:*\Google\Google Talk\googletalk.exe -DEP -SEHOP

Computer
Software\Policies\Microsoft\EMET\Defaults
7zGUI
SZ:*\7-Zip\7zG.exe -EAF

Computer
Software\Policies\Microsoft\EMET\Defaults
VLC
SZ:*\VideoLAN\VLC\vlc.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
iTunes
SZ:*\iTunes\iTunes.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Thunderbird
SZ:*\Mozilla Thunderbird\thunderbird.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
FirefoxPluginContainer
SZ:*\Mozilla Firefox\plugin-container.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
PhotoGallery
SZ:*\Windows Live\Photo Gallery\WLXPhotoGallery.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
WindowsLiveMail
SZ:*\Windows Live\Mail\wlmail.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
WinRARGUI
SZ:*\WinRAR\winrar.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Photoshop
SZ:*\Adobe\Adobe Photoshop CS*\Photoshop.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
WindowsMediaPlayer
SZ:*\Windows Media Player\wmplayer.exe -SEHOP -EAF -MandatoryASLR

Computer
Software\Policies\Microsoft\EMET\Defaults
mIRC
SZ:*\mIRC\mirc.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
ThunderbirdPluginContainer
SZ:*\Mozilla Thunderbird\plugin-container.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
FoxitReader
SZ:*\Foxit Reader\Foxit Reader.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Pidgin
SZ:*\Pidgin\pidgin.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Firefox
SZ:*\Mozilla Firefox\firefox.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Opera_New_Versions
SZ:*\Opera\*\opera.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Winamp
SZ:*\Winamp\winamp.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Chrome
SZ:*\Google\Chrome\Application\chrome.exe -SEHOP

Computer
Software\Policies\Microsoft\EMET\Defaults
LiveWriter
SZ:*\Windows Live\Writer\WindowsLiveWriter.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
QuickTimePlayer
SZ:*\QuickTime\QuickTimePlayer.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Winzip64
SZ:*\WinZip\winzip64.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Winzip
SZ:*\WinZip\winzip32.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Skype
SZ:*\Skype\Phone\Skype.exe -EAF

Computer
Software\Policies\Microsoft\EMET\Defaults
Safari
SZ:*\Safari\Safari.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Opera
SZ:*\Opera\opera.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
RealConverter
SZ:*\Real\RealPlayer\realconverter.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
7zFM
SZ:*\7-Zip\7zFM.exe -EAF

Computer
Software\Policies\Microsoft\EMET\Defaults
7z
SZ:*\7-Zip\7z.exe -EAF

Computer
Software\Policies\Microsoft\EMET\Defaults
Publisher
SZ:*\OFFICE1*\MSPUB.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
jre7_java
SZ:*\Java\jre7\bin\java.exe -HeapSpray

Computer
Software\Policies\Microsoft\EMET\Defaults
jre6_javaws
SZ:*\Java\jre6\bin\javaws.exe -HeapSpray

Computer
Software\Policies\Microsoft\EMET\Defaults
Wordpad
SZ:*\Windows NT\Accessories\wordpad.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
jre8_java
SZ:*\Java\jre1.8*\bin\java.exe -HeapSpray

Computer
Software\Policies\Microsoft\EMET\Defaults
jre7_javaws
SZ:*\Java\jre7\bin\javaws.exe -HeapSpray

Computer
Software\Policies\Microsoft\EMET\Defaults
InfoPath
SZ:*\OFFICE1*\INFOPATH.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
VisioViewer
SZ:*\OFFICE1*\VPREVIEW.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
jre6_java
SZ:*\Java\jre6\bin\java.exe -HeapSpray

Computer
Software\Policies\Microsoft\EMET\Defaults
Visio
SZ:*\OFFICE1*\VISIO.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
Word
SZ:*\OFFICE1*\WINWORD.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
jre6_javaw
SZ:*\Java\jre6\bin\javaw.exe -HeapSpray

Computer
Software\Policies\Microsoft\EMET\Defaults
Lync
SZ:*\OFFICE1*\LYNC.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
Outlook
SZ:*\OFFICE1*\OUTLOOK.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
PPTViewer
SZ:*\OFFICE1*\PPTVIEW.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
jre7_javaw
SZ:*\Java\jre7\bin\javaw.exe -HeapSpray

Computer
Software\Policies\Microsoft\EMET\Defaults
WinRARConsole
SZ:*\WinRAR\rar.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
PowerPoint
SZ:*\OFFICE1*\POWERPNT.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
Excel
SZ:*\OFFICE1*\EXCEL.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
SkyDrive
SZ:*\SkyDrive\SkyDrive.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
IE
SZ:*\Internet Explorer\iexplore.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
RealPlayer
SZ:*\Real\RealPlayer\realplay.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
AcrobatReader
SZ:*\Adobe\Reader*\Reader\AcroRd32.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
Access
SZ:*\OFFICE1*\MSACCESS.EXE

Computer
Software\Policies\Microsoft\EMET\Defaults
Acrobat
SZ:*\Adobe\Acrobat*\Acrobat\Acrobat.exe

Computer
Software\Policies\Microsoft\EMET\Defaults
jre8_javaws
SZ:*\Java\jre1.8*\bin\javaws.exe -HeapSpray

Computer
Software\Policies\Microsoft\EMET\Defaults
jre8_javaw
SZ:*\Java\jre1.8*\bin\javaw.exe -HeapSpray

Computer
Software\Policies\Microsoft\EMET\Defaults
Picture Manager
SZ:*\OFFICE1*\OIS.EXE

Computer
Software\Policies\Microsoft\EMET\SysSettings
DEP
DWORD:2

Computer
Software\Policies\Microsoft\EMET\SysSettings
SEHOP
DWORD:2

Computer
Software\Policies\Microsoft\EMET\SysSettings
ASLR
DWORD:3

Computer
Software\Policies\Microsoft\Windows\EventLog\Application
MaxSize
DWORD:32768

Computer
Software\Policies\Microsoft\Windows\EventLog\Security
MaxSize
DWORD:196608

Computer
Software\Policies\Microsoft\Windows\EventLog\System
MaxSize
DWORD:32768

Computer
Software\Policies\Microsoft\Windows\Installer
AlwaysInstallElevated
DWORD:0

Computer
Software\Policies\Microsoft\Windows\Installer
AlwaysInstallElevated
DWORD:0

Computer
Software\Policies\Microsoft\Windows\Personalization
NoLockScreenSlideshow
DWORD:1

Computer
Software\Policies\Microsoft\Windows\Personalization
NoLockScreenCamera
DWORD:1

Computer
Software\Policies\Microsoft\Windows\SrpV2\Exe
EnforcementMode
DWORD:1

Computer
SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\5e3ec135-b5af-4961-ae4d-cde98710afc9
Value
SZ:<FilePublisherRule Id="5e3ec135-b5af-4961-ae4d-cde98710afc9" Name="Block Google Chrome" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="CHROME.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule>

Computer
SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\6db6c8f3-cf7c-4754-a438-94c95345bb53
Value
SZ:<FilePublisherRule Id="6db6c8f3-cf7c-4754-a438-94c95345bb53" Name="Block Mozilla Firefox" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CA, C=US" ProductName="FIREFOX" BinaryName="FIREFOX.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule>

Computer
SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\881d54fe-3848-4d6a-95fd-42d48ebe60b8
Value
SZ:<FilePublisherRule Id="881d54fe-3848-4d6a-95fd-42d48ebe60b8" Name="Block Internet Explorer" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule>

Computer
SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\921cc481-6e17-4653-8f75-050b80acca20
Value
SZ:<FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule>

Computer
SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\a61c8b2c-a319-4cd0-9690-d2177cad7b51
Value
SZ:<FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions></FilePathRule>

Computer
SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\fd686d83-a829-4351-8ff4-27c7de5755d2
Value
SZ:<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule>

Computer
Software\Policies\Microsoft\Windows\System
DontDisplayNetworkSelectionUI
DWORD:1

Computer
SOFTWARE\Policies\Microsoft\Windows\Windows Search
AllowIndexingEncryptedStoresOrItems
DWORD:0

Computer
Software\Policies\Microsoft\WindowsFirewall\DomainProfile
AllowLocalPolicyMerge
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\DomainProfile
DefaultInboundAction
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\DomainProfile
DefaultOutboundAction
DWORD:0

Computer
Software\Policies\Microsoft\WindowsFirewall\DomainProfile
AllowLocalIPsecPolicyMerge
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\DomainProfile
DisableNotifications
DWORD:0

Computer
Software\Policies\Microsoft\WindowsFirewall\DomainProfile
DisableUnicastResponsesToMulticastBroadcast
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PrivateProfile
DefaultOutboundAction
DWORD:0

Computer
Software\Policies\Microsoft\WindowsFirewall\PrivateProfile
EnableFirewall
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PrivateProfile
DefaultInboundAction
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PrivateProfile
DisableNotifications
DWORD:0

Computer
Software\Policies\Microsoft\WindowsFirewall\PrivateProfile
AllowLocalPolicyMerge
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PrivateProfile
DisableUnicastResponsesToMulticastBroadcast
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PrivateProfile
AllowLocalIPsecPolicyMerge
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PublicProfile
DisableUnicastResponsesToMulticastBroadcast
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PublicProfile
DefaultOutboundAction
DWORD:0

Computer
Software\Policies\Microsoft\WindowsFirewall\PublicProfile
AllowLocalPolicyMerge
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PublicProfile
AllowLocalIPsecPolicyMerge
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PublicProfile
DefaultInboundAction
DWORD:1

Computer
Software\Policies\Microsoft\WindowsFirewall\PublicProfile
DisableNotifications
DWORD:0

Computer
Software\Policies\Microsoft\WindowsFirewall\PublicProfile
EnableFirewall
DWORD:1

Computer
SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest
UseLogonCredential
DWORD:0

; PARSING COMPLETED.
; ----------------------------------------------------------------------

