; XP_SAFER.INF
;
; Configure 'Software Restriction Policies' a.k.a 'SAFER' on all
; editions of Windows XP (including embedded versions) and
; Windows Server 2003 [R2]
;
; https://technet.microsoft.com/en-us/aa940985.aspx
; https://technet.microsoft.com/en-us/bb457006.aspx
; https://technet.microsoft.com/en-us/bb457059.aspx
; https://technet.microsoft.com/en-us/cc507878.aspx
; https://technet.microsoft.com/en-us/cc786941.aspx
;
; The 'Local Policies' management console reads 'SAFER' policies'
; additional rules only from
; "%SystemRoot%\System32\GroupPolicy\Machine\REGISTRY.POL"!
;
; Use SRP2LGPO.EXE (available from the author upon request) to
; export 'SAFER' policies from the registry to
; "%SystemRoot%\System32\GroupPolicy\Machine\REGISTRY.POL".
;
; https://msdn.microsoft.com/en-us/aa384232.aspx
; https://support.microsoft.com/en-us/kb/896456
; https://support.microsoft.com/en-us/kb/942589
; https://support.microsoft.com/en-us/kb/950407
; https://support.microsoft.com/en-us/kb/960037
;
; NOTE: on 64-bit systems KB942589 must be installed to enable
;       the special directory pathname "%SystemRoot%\SysNative"!
;
; CAUTION: on 64-bit systems XP_SAFER.INF must not be run under
;          SysWoW64! (KB950407, but KB960037)
;
; NOTE: KB973825 should be installed on Windows Server 2003 [R2]!
;
; CAUTION: 'SAFER' policies written directly/only to the registry
;          are overwritten by 'SAFER' policies defined in the
;          'Local Policies' management console!
;
; CAUTION: if "%SystemRoot%\System32\GroupPolicy\Machine\REGISTRY.POL"
;          contains no 'SAFER' policy entries the 'Local Policies'
;          management console overwrites upon first call 'SAFER'
;          policies in the registry with default settings and rules!
;
; NOTE: if "%SystemRoot%\System32\GroupPolicy\Machine\REGISTRY.POL"
;       does not exist use the 'empty' REGISTRY.POL provided by the
;       author to avoid that!
;
; NOTE: 'SAFER' policies' additional rules written directly/only to
;       the registry don't show in the 'Local Policies' management
;       console!
;
; Copyright (C) 2004-2018, Stefan Kanthak <stefan.kanthak@nexgo.de>
;
; * The software is provided "as is" without any warranty, neither express
;   nor implied.
;   In no event will the author be held liable for any damage(s) arising
;   from the use of the software.
; * Redistribution of the software is allowed only in unmodified form.
; * Permission is granted to use the software solely for personal private
;   and non-commercial purposes.
; * An individuals use of the software in his or her capacity or function
;   as an agent, (independent) contractor, employee, member or officer of
;   a business, corporation or organization (commercial or non-commercial)
;   does not qualify as personal private and non-commercial purpose.
; * Without written approval from the author the software must not be used
;   for a business, for commercial, corporate, governmental, military or
;   organizational purposes of any kind, or in a commercial, corporate,
;   governmental, military or organizational environment of any kind.

[Version]
DriverVer = 09/27/2017
Provider  = "Stefan Kanthak"
Signature = "$Windows NT$"

[DefaultInstall.NTx86]
AddReg    = Install.AddReg, Install.AddReg.x86
CopyFiles = Files.Inf, Files.Pol
DelFiles  = Files.Pnf
DelReg    = Install.DelReg

[DefaultInstall.NTia64]
AddReg    = Install.AddReg, Install.AddReg.ia64
CopyFiles = Files.Inf, Files.Pol
DelFiles  = Files.Pnf
DelReg    = Install.DelReg

[DefaultInstall.NTamd64]
AddReg    = Install.AddReg, Install.AddReg.amd64
CopyFiles = Files.Inf, Files.Pol
DelFiles  = Files.Pnf
DelReg    = Install.DelReg

[DefaultUninstall]
AddReg    = Remove.AddReg
CleanUp   = 1
DelFiles  = Files.Inf, Files.Pnf; Files.Log
DelReg    = Remove.DelReg, Remove.DelReg.amd64

[SourceDisksNames]
; Cabinet file names and associated disks
; <disk or cabinet number> = <disk description>,[<tag or cabinet file>],<identifier (unused, must be 0)>,[<relative source path>]

57 = "Softwarebeschränkungsrichtlinien für 'Windows XP/2003 [R2]'",,0000-0000,""

[SourceDisksFiles]
; <file> = <disk or cabinet number>,[<subdirectory>],[<file>],[<size>],[<checksum>]
; NOTE: <file> is neither on a disk nor in a cabinet if <disk or cabinet number> is 0

[SourceDisksFiles.x86]
XP_SAFER.INF  = 57

;REGISTRY.POL = 57,I386
;SRP2LGPO.EXE = 57,I386

[SourceDisksFiles.ia64]
XP_SAFER.INF  = 57

;REGISTRY.POL = 57,IA64
;SRP2LGPO.EXE = 57,IA64

[SourceDisksFiles.amd64]
XP_SAFER.INF  = 57

;REGISTRY.POL = 57,AMD64
;SRP2LGPO.EXE = 57,AMD64

[DestinationDirs]
; <section name> = <directory identifier>[,<subdirectory>]

Files.Inf = 17
Files.Log = 10,"Debug"
Files.Pnf = 17
Files.Pol = 11,"GroupPolicy\Machine"

[Files]
; <destination file>,[<source file>],[<temporary file>],[<flags>]
; (Flag values may be combined by simple addition resp. boolean OR!)
;     1: warn if user chooses to skip file
;     1: delete file on reboot if in use (REMOVE ONLY)
;     2: inhibit skipping of file by user
;     4: ignore version conflict, overwrite newer files
;     8: force file-in-use behaviour (rename after reboot)
;    16: don't overwrite existing file
;    32: suppress version conflict dialog, don't overwrite newer files
;    64: overwrite existing file only if source is newer
;  1024: copy only if target file exists
;  2048: don't decompress source file
;  4096: replace boot file
;  8192: don't skip file due to optimization
; 16384: if target file is in use, rename it, then copy source file and delete renamed target file;
;        If target file cannot be renamed or deleted, postpone copy or delete until reboot
; 65536: delete file on reboot if in use (REMOVE ONLY)

[Files.Inf]
XP_SAFER.INF,,,3

[Files.Log]
;SAFER.LOG,,,1

;[Files.Log.Security]
;"D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FW;;;BU)"

[Files.Pnf]
XP_SAFER.PNF,,,1

[Files.Pol]
;REGISTRY.POL,,,16

[Install.DelReg]
; Remove SUPERFLUOUS file name extensions from 'SAFER' executables list
; NOTE: execution of 'portable executable' files via 'CreateProcess*()' and
;       'LoadLibrary*()' as well as script files via 'Windows Script Host'
;       is controlled independent of file name extension!
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"COM"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"CPL"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"EXE"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"OCX"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"SCR"

; Remove file name extensions '.LNK' and '.URL' from 'SAFER' executables list
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"LNK"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"URL"

; Remove old rules from previous versions
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F184B-E783-4A94-AC12-66A6082CD6EB}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A0FDE6-885E-4F68-9672-87F25654E2FF}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A23408-1675-01C9-1600-00004D0529DB}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A918B9-7529-44E7-9C6D-5098F8B1D90F}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB32D0-7400-45F8-9646-7C954FC2B8FB}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC11AA-68C6-4994-B232-4B1930D3E799}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACD77E-C11D-4277-AF6B-600B5C6ADEB7}"

; Remove SUPERFLUOUS original rules
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349D35AB-37B5-462F-9B89-EDD5FBDE1328}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7FB9CD2E-3076-4DF9-A57B-B813F72DBB91}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81D1FE15-DD9D-4762-B16D-7C29DDECAE3F}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94E3E076-8F53-42A5-8411-085BCC18A68D}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{DC971EE5-44EB-4FE4-AE2E-B91490411BFC}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}"

; Disable 'POSIX' subsystem (KB320869, but KB308259)
HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems","Optional",98306,"Posix"
;HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems","Posix";131072,"%SystemRoot%\System32\PSXSS.EXE"

[Install.AddReg]
; Set default location of 'Client Side Cache'
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache","DatabaseLocation",131074,"%SystemRoot%\CSC"

; CAUTION: command lines in 'Run', 'RunOnce', 'RunOnce\Setup' and 'RunOnceEx' are limited to 260 characters!
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","ReadMe",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://technet.microsoft.com/aa940985.aspx"
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","Download",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://download.microsoft.com/download/2/e/0/2e0e3caf-9005-4058-b3e5-42432655b486/PRO/SoftwareRestrictionPolicies.doc"
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB973825",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/973825"
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB2532445",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/2532445"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","AppCert",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://skanthak.homepage.t-online.de/appcert.html"

HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Author",2,"Stefan Kanthak"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Contact",2,"<stefan.kanthak@nexgo.de>"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","DisplayIcon",2,"%11%\RUNONCE.EXE"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","DisplayName",2,"Systemkonfiguration"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","DisplayVersion",2,"2017.09.27"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","HelpLink",2;""
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","NoModify",65539,1
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","NoRemove",65539,1
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","NoRepair",65539,1
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Publisher",2,"Me, myself & IT"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","ReadMe",2;""
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Size",2;""
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","UninstallString",2,"."
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","URLInfoAbout",2,"https://skanthak.homepage.t-online.de/index.html"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","URLUpdateInfo",2,"https://skanthak.homepage.t-online.de/index.html"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Version",65539,0x20170927

HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Author",0,"Stefan Kanthak"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Contact",0,"<stefan.kanthak@nexgo.de>"
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","DisplayIcon",0,"%17%\XP_SAFER.ICO"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","DisplayIcon",0,"%11%\RUNONCE.EXE"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","DisplayName",0,"Softwarebeschränkungsrichtlinien für 'Windows XP/2003 [R2]'"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","DisplayVersion",0,"2017.09.27"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","EstimatedSize",65537,108
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","HelpLink",0,"https://technet.microsoft.com/aa940985.aspx"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","InstallLocation",0,"%17%\"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","InstallSource",0,"%01%\"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","NoModify",65537,1
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","NoRemove",65537,0
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","NoRepair",65537,1
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","ParentDisplayName",0,"Systemkonfiguration"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","ParentKeyName",0,"eSKamation"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Publisher",0,"Me, myself & IT"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","ReadMe",0,"https://technet.microsoft.com/aa940985.aspx"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Size",0;""
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","UninstallString",0,"%11%\RUNDLL32.EXE %11%\SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 %17%\XP_SAFER.INF"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","URLInfoAbout",0,"https://skanthak.homepage.t-online.de/SAFER.html"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","URLUpdateInfo",0,"https://skanthak.homepage.t-online.de/SAFER.html"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Version",65537,0x20170927

; Set default location of 'DLL Cache'
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon","SFCDLLCacheDir",131074,"%SystemRoot%\System32\DLLCache"

HKLM,"SOFTWARE\Microsoft\Windows Script Host\Settings","UseWinSAFER",32,"1"

;HKLM,"SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates\<SHA-1 fingerprint>","Blob",1;

;HKLM,"SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates\<SHA-1 fingerprint>","Blob",1;

; 0x00000000: allow all users to manage trusted publishers
; 0x00000001: allow only local administrators to manage trusted publishers
; 0x00000002: allow only domain administrators to manage trusted publishers
; 0x00000100: check for revocation of issuer certificates
; 0x00000200: check for revocation of timestamper certificates
HKLM,"SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer","AuthentiCodeFlags",65537,0x00000300

; Disable 'SAFER' certificate rules (KB324036)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","AuthentiCodeEnabled",65537,0

; Set default 'SAFER' policy to 'Disallowed'
; 0x00040000: fully trusted (alias unrestricted)
; 0x00020000: normal user (alias basic user)
; 0x00010000: constrained (alias restricted)
; 0x00001000: untrusted
; 0x00000000: disallowed
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","DefaultLevel",65537,0

; Add file name extensions to 'SAFER' executables list
; NOTE: execution of 'portable executable' files via 'CreateProcess*()' and
;       'LoadLibrary*()' as well as script files via 'Windows Script Host'
;       is controlled independent of file name extension!
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"ACM"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"ADE"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"ADP"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"AX"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"BAS"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"BAT"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"CHM"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"CMD"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"COM"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"CPL"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"CRT"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"DLL"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"DRV"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"DS"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"EFI"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"EXE"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"HLP"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"HTA"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"HTC"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"IME"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"INF"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"INS"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"ISP"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"JOB"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"JS"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"JSE"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"LNK"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MDB"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MDE"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MSC"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MSI"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MSP"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MST"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MUI"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"OCX"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"PCD"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"PIF"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"PS1"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"REG"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"RLL"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"SCF"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"SCR"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"SCT"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"SHS"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"TMP"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"TSP"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"URL"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"VB"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"VBE"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"VBS"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"VCM"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WLL"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WPC"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WSC"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WSF"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WSH"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"XLL"

; Enable all 'SAFER' trust levels
; (https://technet.microsoft.com/en-us/cc766102.aspx)
; 0x00040000: fully trusted (alias unrestricted)
; 0x00020000: normal user (alias basic user)
; 0x00010000: constrained (alias restricted)
; 0x00001000: untrusted
; 0x00000000: disallowed
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","Levels",65537,0x00071000

; Enable advanced 'SAFER' logging
; NOTE: only 'Administrators' can write to "%SystemRoot%\Debug\SAFER.LOG"!
;       If normal users should be able to write a SAFER.LOG,
;       use "%SystemRoot%\Debug\UserMode\SAFER.LOG" instead.
; CAUTION: the log file(s) can grow quite large!
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","LogFileName",2,"%10%\Debug\SAFER.LOG"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","LogFileName",2,"%10%\Debug\UserMode\SAFER.LOG"

; Exempt 'Administrators' from 'SAFER' (but KB925336, KB956572 & KB973825)
; 0x00000000: all users
; 0x00000001: all users except 'Administrators'
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","PolicyScope",65537,1

; Enable 'SAFER' for all executables and DLLs (KB310791 & KB324036, but KB959074 & KB971913)
; 0x00000000: no enforcement
; 0x00000001: all executables except DLLs
; 0x00000002: all executables plus DLLs
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","TransparentEnabled",65537,2

HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes",,16

; Deny execution in all local paths
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}","Description",0,"Alle lokalen Pfade"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}","ItemData",0,"?:\"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}","SaferFlags",65537,0

; Deny execution in all UNC paths
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}","Description",0,"Alle Netzwerkpfade"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}","ItemData",0,"\\"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}","SaferFlags",65537,0

; Deny execution in "?:\System Volume Information"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}","Description",0,"System Volume Information"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}","ItemData",0,"?:\System Volume Information"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}","SaferFlags",65537,0

; Deny execution in 'Recycle Bin' of Windows XP and Windows Server 2003 [R2] ("?:\Recycled" and "?:\Recycler")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}","Description",0,"Papierkorb (XP/2003 [R2])"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}","ItemData",0,"?:\RECYCLE?"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}","SaferFlags",65537,0

; Deny execution in 'Recycle Bin' of Windows Vista, Windows Server 2008 and Windows 7 ("?:\$Recycle.Bin")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}","Description",0,"Papierkorb (Vista/2008/7)"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}","ItemData",0,"?:\$RECYCLE.BIN"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}","SaferFlags",65537,0

; Deny execution in all user profiles ('Profiles Directory', typically "%SystemDrive%\Documents and Settings")
;  (but KB249694)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}","Description",0,"Benutzerprofilverzeichnis"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProfilesDirectory%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}","SaferFlags",65537,0

; Deny execution in 'Source Path' (KB833615)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}","Description",0,"Installations Quell-Verzeichnis"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}","SaferFlags",65537,0

; Deny execution in 'Service Pack Source Path' (KB833615)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}","Description",0,"Installations Quell-Verzeichnis"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ServicePackSourcePath%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}","SaferFlags",65537,0

; Deny execution in 'Source Path' (KB833615)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}","Description",0,"Installations Quell-Verzeichnis"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SourcePath%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}","SaferFlags",65537,0

; Deny execution of "%SystemRoot%\System32\RunAs.Exe":
;  "%SystemRoot%\System32\RunAs.Exe" /TrustLevel:Unrestricted "<program.exe>" circumvents 'SAFER' restrictions!
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}","Description",0,"%SystemRoot%\System32\RunAs.Exe"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/RunAs.Exe"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\System32\Macromed\Flash" (KB913433 & KB923789)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}","Description",0,"Macromedia Flash"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Macromed/Flash"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}","SaferFlags",65537,0

; Deny execution in user-specific 'Download Directory' (typically "%USERPROFILE%\My Documents")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}","Description",0,"Internet Explorer 6 Download Directory"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}","SaferFlags",65537,0

; Deny execution in system-specific 'Temporary Internet Files' (typically "%SystemRoot%\Temporary Internet Files\Content.IE5" or "%DefaultUserProfile%\Local Settings\Temporary Internet Files\Content.IE5")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}","Description",0,"Temporary Internet Files"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}","SaferFlags",65537,0

; Deny execution in 'Cookies' (typically "%USERPROFILE%\Cookies")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}","Description",0,"Cookies"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths\Cookies\Directory%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}","SaferFlags",65537,0

; Deny execution in 'History' (typically "%SystemRoot%\History")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}","Description",0,"Verlauf"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\URL History\Directory%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}","SaferFlags",65537,0

; Deny execution in user-specific "%APPDATA%" (typically "%USERPROFILE%\Application Data")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}","Description",0,"%APPDATA%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}","ItemData",131072,"%HKEY_CURRENT_USER\Volatile Environment\APPDATA%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}","SaferFlags",65537,0

; Deny execution in user-specific "%HOMEDRIVE%%HOMEPATH%" (typically "%USERPROFILE%") (but KB824898)
; NOTE: 'SAFER' fails to evaluate two registry paths in one rule!
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}","Description",0,"%HOMEDRIVE%%HOMEPATH%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}","ItemData",131072,"%HKEY_CURRENT_USER\Volatile Environment\HOMEDRIVE%%HKEY_CURRENT_USER\Volatile Environment\HOMEPATH%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}","SaferFlags",65537,0

; Deny execution in user-specific "%LOGONSERVER%" (typically "\\%COMPUTERNAME%")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}","Description",0,"%LOGONSERVER%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}","ItemData",131072,"%HKEY_CURRENT_USER\Volatile Environment\LOGONSERVER%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}","SaferFlags",65537,0

; Deny execution in user-specific "%TEMP%" (typically "%USERPROFILE%\Local Settings\Temp")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}","Description",0,"%TEMP%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}","ItemData",131072,"%HKEY_CURRENT_USER\Environment\TEMP%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}","SaferFlags",65537,0

; Deny execution in user-specific "%TMP%" (typically "%USERPROFILE%\Local Settings\Temp")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}","Description",0,"%TMP%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}","ItemData",131072,"%HKEY_CURRENT_USER\Environment\TMP%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}","SaferFlags",65537,0

; Deny execution of user-specific "%UserInitMPRLogonScript%"
; NOTE: "%UserInitMPRLogonScript%" is a command line!
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F76B4-7E44-A24E-F3FC-1BD1A198E29F}","Description",0,"%UserInitMPRLogonScript%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F76B4-7E44-A24E-F3FC-1BD1A198E29F}","ItemData",131072,"%HKEY_CURRENT_USER\Environment\UserInitMPRLogonScript%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F76B4-7E44-A24E-F3FC-1BD1A198E29F}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F76B4-7E44-A24E-F3FC-1BD1A198E29F}","SaferFlags",65537,0

; Deny execution in system-specific "%TEMP%" (typically "%SystemRoot%\Temp")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}","Description",0,"%TEMP%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\TEMP%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}","SaferFlags",65537,0

; Deny execution in system-specific "%TMP%" (typically "%SystemRoot%\Temp")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}","Description",0,"%TMP%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\TMP%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}","SaferFlags",65537,0

; Deny execution in 'Client Side Cache' (typically "%SystemRoot%\CSC")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}","Description",0,"Client Side Cache"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache\DatabaseLocation%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}","SaferFlags",65537,0

; Deny execution in 'Database Path' (typically "%SystemRoot%\System32\Drivers\Etc")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}","Description",0,"Database Path"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DatabasePath%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}","SaferFlags",65537,0

; Deny execution in 'Default Spool Directory' (typically "%SystemRoot%\System32\Spool\Printers")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}","Description",0,"Default Spool Directory"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}","SaferFlags",65537,0

; Deny execution in 'DLL Cache' (typically "%SystemRoot%\System32\DLLCache")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}","Description",0,"DLL Cache"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SFCDLLCacheDir%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}","SaferFlags",65537,0

; Deny execution in 'Media Path' (typically "%SystemRoot%\Media")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}","Description",0,"Media Path"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MediaPath%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}","SaferFlags",65537,0

; Deny execution in 'Service Pack Cache Path' (typically "%SystemRoot%\ServicePackFiles\ServicePackCache")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}","Description",0,"Service Pack Cache"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackCachePath%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}","SaferFlags",65537,0

; Deny execution in 'WallPaper Directory' (typically "%SystemRoot%\Web\WallPaper")
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}","Description",0,"WallPaper Directory"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WallPaperDir%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\CSC"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}","Description",0,"%SystemRoot%\CSC"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%CSC"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Debug\UserMode" (KB221833, KB250842 & KB812535, but KB944043)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}","Description",0,"%SystemRoot%\Debug\UserMode"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Debug/UserMode"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\Debug\UserMode"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}","Description",0,"%SystemRoot%\Debug\UserMode:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Debug/UserMode:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Media"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}","Description",0,"%SystemRoot%\Media"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Media"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Offline Web Pages"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}","Description",0,"%SystemRoot%\Offline Web Pages"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Offline Web Pages"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\PCHealth\ErrorRep"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}","Description",0,"%SystemRoot%\PCHealth\ErrorRep"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%PCHealth/ErrorRep"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Profiles" (KB249694)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}","Description",0,"%SystemRoot%\Profiles"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Profiles"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Registration\CRMLog"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}","Description",0,"%SystemRoot%\Registration\CRMLog"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Registration/CRMLog"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\Registration\CRMLog"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}","Description",0,"%SystemRoot%\Registration\CRMLog:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Registration/CRMLog:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\System32\AppMgmt"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}","Description",0,"%SystemRoot%\System32\AppMgmt"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/AppMgmt"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\System32\COM\Dmp" (KB910904)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}","Description",0,"%SystemRoot%\System32\COM\Dmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/COM/Dmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\System32\COM\Dmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}","Description",0,"%SystemRoot%\System32\COM\Dmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/COM/Dmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\System32\Config"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}","Description",0,"%SystemRoot%\System32\Config"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Config"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\System32\DLLCache"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}","Description",0,"%SystemRoot%\System32\DLLCache"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/DLLCache"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\System32\Drivers\Etc"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}","Description",0,"%SystemRoot%\System32\Drivers\Etc"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Drivers/Etc"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\System32\FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}","Description",0,"%SystemRoot%\System32\FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\System32\FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}","Description",0,"%SystemRoot%\System32\FxsTmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/FxsTmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\System32\Spool\Drivers\Color"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}","Description",0,"%SystemRoot%\System32\Spool\Drivers\Color"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Spool/Drivers/Color"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\System32\Spool\Drivers\Color"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}","Description",0,"%SystemRoot%\System32\Spool\Drivers\Color:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Spool/Drivers/Color:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\System32\Spool\Printers"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}","Description",0,"%SystemRoot%\System32\Spool\Printers"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Spool/Printers"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\System32\Spool\Printers"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}","Description",0,"%SystemRoot%\System32\Spool\Printers:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Spool/Printers:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Tasks"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}","Description",0,"%SystemRoot%\Tasks"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Tasks"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\Tasks"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}","Description",0,"%SystemRoot%\Tasks:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Tasks:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Temp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}","Description",0,"%SystemRoot%\Temp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Temp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\Temp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADD2B8-A529-491E-BB39-4F7694557B88}","Description",0,"%SystemRoot%\Temp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADD2B8-A529-491E-BB39-4F7694557B88}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Temp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADD2B8-A529-491E-BB39-4F7694557B88}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADD2B8-A529-491E-BB39-4F7694557B88}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Temporary Internet Files"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE1B00-211E-4076-A064-C0BD8EAFA742}","Description",0,"%SystemRoot%\Temporary Internet Files"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE1B00-211E-4076-A064-C0BD8EAFA742}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Temporary Internet Files"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE1B00-211E-4076-A064-C0BD8EAFA742}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE1B00-211E-4076-A064-C0BD8EAFA742}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Tracing"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE8F25-7D29-4ABE-A5F3-4E7F99FA5B74}","Description",0,"%SystemRoot%\Tracing"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE8F25-7D29-4ABE-A5F3-4E7F99FA5B74}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Tracing"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE8F25-7D29-4ABE-A5F3-4E7F99FA5B74}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE8F25-7D29-4ABE-A5F3-4E7F99FA5B74}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\Web"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AF2ED3-7F52-49AA-9970-712A1D8FB8F5}","Description",0,"%SystemRoot%\Web"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AF2ED3-7F52-49AA-9970-712A1D8FB8F5}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Web"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AF2ED3-7F52-49AA-9970-712A1D8FB8F5}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AF2ED3-7F52-49AA-9970-712A1D8FB8F5}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\$*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AFF6A8-CE8A-4BEE-9E2A-032DD8852160}","Description",0,"%SystemRoot%\$*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AFF6A8-CE8A-4BEE-9E2A-032DD8852160}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%$*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AFF6A8-CE8A-4BEE-9E2A-032DD8852160}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AFF6A8-CE8A-4BEE-9E2A-032DD8852160}","SaferFlags",65537,0

; Deny execution in 'Outlook Secure TEMP Folder' (typically "%USERPROFILE%\Local Settings\Temporary Internet Files\OLK*")
;  (KB200237, KB249793, KB296115, KB296416, KB305982, KB817878 & KB2638687)
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","Description",0,"Outlook Secure TEMP Folder"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security\OutlookSecureTempFolder%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security\OutlookSecureTempFolder%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security\OutlookSecureTempFolder%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","SaferFlags",65537,0

; Deny execution in "%USERPROFILE%\Local Settings\Temporary Internet Files\OLK*" (original, but SUPERFLUOUS rule)
;  (KB324036)
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}","Description",0,"%USERPROFILE%\Local Settings\Temporary Internet Files\OLK*"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK*"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}","SaferFlags",65537,0

; Deny execution in 'My Computer' zone
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE30-2030-45AA-B54D-6C407941D825}","ItemData",65537,0
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE30-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE30-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0

; Deny execution in 'Intranet' zone
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE31-2030-45AA-B54D-6C407941D825}","ItemData",65537,1
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE31-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE31-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0

; Deny execution in 'Trusted Sites' zone
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE32-2030-45AA-B54D-6C407941D825}","ItemData",65537,2
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE32-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE32-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0

; Deny execution in 'Internet' zone
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE33-2030-45AA-B54D-6C407941D825}","ItemData",65537,3
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE33-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE33-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0

; Deny execution in 'Restricted Sites' zone
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE34-2030-45AA-B54D-6C407941D825}","ItemData",65537,4
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE34-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE34-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0

HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes",,16
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths",,16
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\URLZones",,16

HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes",,16
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths",,16
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\URLZones",,16

HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes",,16
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths",,16
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\URLZones",,16

HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes",,16

; Allow execution in "%SystemRoot%" (original rule)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191CD7FA-F240-4A17-8986-94D480A6C8CA}","Description",0,"%SystemRoot%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191CD7FA-F240-4A17-8986-94D480A6C8CA}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191CD7FA-F240-4A17-8986-94D480A6C8CA}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191CD7FA-F240-4A17-8986-94D480A6C8CA}","SaferFlags",65537,0

; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\FLASH*.OCX"
; NOTE: activate if needed!
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}","Description",0,"Macromedia Flash ActiveX"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerActiveX\PlayerPath%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}","SaferFlags",65537,0

; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\FlashUtil*_ActiveX.exe"
; NOTE: activate if needed!
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}","Description",0,"Macromedia Flash ActiveX Utility"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerActiveX\UninstallerPath%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}","SaferFlags",65537,0

; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\NPSWF32_*.DLL"
; NOTE: activate if needed!
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}","Description",0,"Macromedia Flash Plugin"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerPlugin\PlayerPath%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}","SaferFlags",65537,0

; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\FlashUtil*_Plugin.exe"
; NOTE: activate if needed!
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}","Description",0,"Macromedia Flash Plugin Utility"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerPlugin\UninstallerPath%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}","SaferFlags",65537,0

; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\PepFlashPlayer32_*.dll"
; NOTE: activate if needed!
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744A5FD-36B8-45E0-97E5-8C9C65085E50}","Description",0,"Macromedia Flash Pepper"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744A5FD-36B8-45E0-97E5-8C9C65085E50}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerPepper\PlayerPath%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744A5FD-36B8-45E0-97E5-8C9C65085E50}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744A5FD-36B8-45E0-97E5-8C9C65085E50}","SaferFlags",65537,0

; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\FlashUtil*_Pepper.exe"
; NOTE: activate if needed!
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744AB19-8B62-41C6-A7BF-F15AC163D749}","Description",0,"Macromedia Flash Pepper Utility"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744AB19-8B62-41C6-A7BF-F15AC163D749}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerPepper\UninstallerPath%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744AB19-8B62-41C6-A7BF-F15AC163D749}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744AB19-8B62-41C6-A7BF-F15AC163D749}","SaferFlags",65537,0

; Allow execution of file name extension '.EXE' in "%SystemRoot%" (original, but SUPERFLUOUS rule)
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}","Description",0,"%SystemRoot%\*.EXE"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.EXE"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}","SaferFlags",65537,0

; Allow execution of file name extension '.EXE' in "%SystemRoot%\System32" (original, but SUPERFLUOUS rule)
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}","Description",0,"%SystemRoot%\System32\*.EXE"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/*.EXE"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}","SaferFlags",65537,0

; Allow execution of "%APPDATA%\Microsoft\Virtual PC\VPCKeyboard.dll"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92E2FB-6671-4BBC-8EA9-9B7482F5919A}","Description",0,"Microsoft Virtual PC 2007"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92E2FB-6671-4BBC-8EA9-9B7482F5919A}","ItemData",131072,"%HKEY_CURRENT_USER\Volatile Environment\APPDATA%Microsoft/Virtual PC/VPCKeyboard.dll"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92E2FB-6671-4BBC-8EA9-9B7482F5919A}","LastModified",720897,4d,38,99,dd,2c,90,cd,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92E2FB-6671-4BBC-8EA9-9B7482F5919A}","SaferFlags",65537,0

; Allow execution in "%ProgramFiles%" (original rule)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C34AB2-529A-46B2-B293-FC853FCE72EA}","Description",0,"%ProgramFiles%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C34AB2-529A-46B2-B293-FC853FCE72EA}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C34AB2-529A-46B2-B293-FC853FCE72EA}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C34AB2-529A-46B2-B293-FC853FCE72EA}","SaferFlags",65537,0

; Allow execution in "%CommonProgramFiles%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C37D40-EA2D-11DC-8F61-0004760DFF53}","Description",0,"%CommonProgramFiles%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C37D40-EA2D-11DC-8F61-0004760DFF53}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C37D40-EA2D-11DC-8F61-0004760DFF53}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C37D40-EA2D-11DC-8F61-0004760DFF53}","SaferFlags",65537,0

HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\URLZones",,16

;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\LevelObjects",,16

HKLM,"SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup","Software Restriction Policies",65536,"%SystemRoot%\Debug\Safer.Log"

; Set default location of 'Database Path'
;HKLM,"SYSTEM\CurrentControlSet\Services\TcpIp\Parameters","DatabasePath",131074,"%SystemRoot%\System32\Drivers\Etc"

[Install.AddReg.x86]
; Append 'SAFER' settings and rules to 'REGISTRY.POL'
; CAUTION: unless all 'SAFER' settings and rules are removed from 'REGISTRY.POL', 'SRP2LGPO.EXE' may only be run once!
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","Softwarebeschränkungsrichtlinien",0,"""%01%\I386\SRP2LGPO.EXE"" /Machine"

; Allow execution of "%ALLUSERSPROFILE%\DRM\INDIVBOX.KEY" (KB891664, KB920075, KB925705 & KB929642, but KB936621)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","Description",0,"%ALLUSERSPROFILE%\DRM\INDIVBOX.KEY"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\DataPath%INDIVBOX.KEY"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","LastModified",720897,4d,38,99,dd,2c,90,cd,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","SaferFlags",65537,0

[Install.AddReg.ia64]
; CAUTION: command lines in 'Run', 'RunOnce', 'RunOnce\Setup' and 'RunOnceEx' are limited to 260 characters!
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB942589",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/942589"
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB976039",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/976039"

; Append 'SAFER' settings and rules to 'REGISTRY.POL'
; CAUTION: unless all 'SAFER' settings and rules are removed from 'REGISTRY.POL', 'SRP2LGPO.EXE' may only be run once!
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","Softwarebeschränkungsrichtlinien",0,"""%01%\IA64\SRP2LGPO.EXE"" /Machine"

[Install.AddReg.amd64]
; Add missing registry entries (KB976039)
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion","CommonW6432Dir",2,"%16427%"
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion","ProgramW6432Dir",2,"%16422%"

; CAUTION: command lines in 'Run', 'RunOnce', 'RunOnce\Setup' and 'RunOnceEx' are limited to 260 characters!
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB942589",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/942589"
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB976039",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/976039"

; Append 'SAFER' settings and rules to 'REGISTRY.POL'
; CAUTION: unless all 'SAFER' settings and rules are removed from 'REGISTRY.POL', 'SRP2LGPO.EXE' may only be run once!
;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","Softwarebeschränkungsrichtlinien",0,"""%01%\AMD64\SRP2LGPO.EXE"" /Machine"

; Deny execution of "%SystemRoot%\SysNative\RunAs.Exe":
;  "%SystemRoot%\SysNative\RunAs.Exe" /TrustLevel:Unrestricted "<program.exe>" circumvents 'SAFER' restrictions!
;   (KB942589)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{10011479-708B-41F7-A992-CF1FD376BBB7}","Description",0,"%SystemRoot%\SysNative\RunAs.Exe"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{10011479-708B-41F7-A992-CF1FD376BBB7}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/RunAs.Exe"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{10011479-708B-41F7-A992-CF1FD376BBB7}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{10011479-708B-41F7-A992-CF1FD376BBB7}","SaferFlags",65537,0

; Deny execution of "%SystemRoot%\SysWoW64\RunAs.Exe":
;  "%SystemRoot%\SysWoW64\RunAs.Exe" /TrustLevel:Unrestricted "<program.exe>" circumvents 'SAFER' restrictions!
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001DEEE-128A-4A4D-A684-2C7035340E4B}","Description",0,"%SystemRoot%\SysWoW64\RunAs.Exe"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001DEEE-128A-4A4D-A684-2C7035340E4B}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysWoW64/RunAs.Exe"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001DEEE-128A-4A4D-A684-2C7035340E4B}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001DEEE-128A-4A4D-A684-2C7035340E4B}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\SysNative\COM\Dmp" (KB910904)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC1CC0-9FF7-4D8D-876C-948707693763}","Description",0,"%SystemRoot%\SysNative\COM\Dmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC1CC0-9FF7-4D8D-876C-948707693763}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/COM/Dmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC1CC0-9FF7-4D8D-876C-948707693763}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC1CC0-9FF7-4D8D-876C-948707693763}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\SysNative\COM\Dmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}","Description",0,"%SystemRoot%\SysNative\COM\Dmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/COM/Dmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\SysNative\FxsTmp" (KB942589)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA63F-AC8E-4EFF-9F6A-15BBE60F1402}","Description",0,"%SystemRoot%\SysNative\FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA63F-AC8E-4EFF-9F6A-15BBE60F1402}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA63F-AC8E-4EFF-9F6A-15BBE60F1402}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA63F-AC8E-4EFF-9F6A-15BBE60F1402}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\SysNative\FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA930-BC79-4A8F-B118-C540259C08EC}","Description",0,"%SystemRoot%\SysNative\FxsTmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA930-BC79-4A8F-B118-C540259C08EC}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/FxsTmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA930-BC79-4A8F-B118-C540259C08EC}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA930-BC79-4A8F-B118-C540259C08EC}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\SysNative\Spool\Drivers\Color"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB4E9-42DB-48D9-B0ED-FD7352942E0D}","Description",0,"%SystemRoot%\SysNative\Spool\Drivers\Color"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB4E9-42DB-48D9-B0ED-FD7352942E0D}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/Spool/Drivers/Color"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB4E9-42DB-48D9-B0ED-FD7352942E0D}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB4E9-42DB-48D9-B0ED-FD7352942E0D}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\SysNative\Spool\Drivers\Color"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB7C1-0CF7-4F05-806F-2A30D4C8ABFD}","Description",0,"%SystemRoot%\SysNative\Spool\Drivers\Color:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB7C1-0CF7-4F05-806F-2A30D4C8ABFD}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/Spool/Drivers/Color:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB7C1-0CF7-4F05-806F-2A30D4C8ABFD}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB7C1-0CF7-4F05-806F-2A30D4C8ABFD}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\SysNative\Spool\Printers"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBB4C-267E-4158-99E3-096F6BC91C94}","Description",0,"%SystemRoot%\SysNative\Spool\Printers"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBB4C-267E-4158-99E3-096F6BC91C94}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/Spool/Printers"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBB4C-267E-4158-99E3-096F6BC91C94}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBB4C-267E-4158-99E3-096F6BC91C94}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\SysNative\Spool\Printers"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBEE8-F68F-4D58-8F36-CA5DC15D0969}","Description",0,"%SystemRoot%\SysNative\Spool\Printers:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBEE8-F68F-4D58-8F36-CA5DC15D0969}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/Spool/Printers:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBEE8-F68F-4D58-8F36-CA5DC15D0969}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBEE8-F68F-4D58-8F36-CA5DC15D0969}","SaferFlags",65537,0

; Deny execution in "%SystemRoot%\SysWoW64\FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD3418-5BF7-4C2B-AEAF-711D6F9914E0}","Description",0,"%SystemRoot%\SysWoW64\FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD3418-5BF7-4C2B-AEAF-711D6F9914E0}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysWoW64/FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD3418-5BF7-4C2B-AEAF-711D6F9914E0}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD3418-5BF7-4C2B-AEAF-711D6F9914E0}","SaferFlags",65537,0

; Deny execution from 'alternate data streams' of "%SystemRoot%\SysWoW64\FxsTmp"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADA7B0-96EE-46A2-8BE4-ED0A088DAE7C}","Description",0,"%SystemRoot%\SysWoW64\FxsTmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADA7B0-96EE-46A2-8BE4-ED0A088DAE7C}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysWoW64/FxsTmp:*"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADA7B0-96EE-46A2-8BE4-ED0A088DAE7C}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADA7B0-96EE-46A2-8BE4-ED0A088DAE7C}","SaferFlags",65537,0

; Allow execution of "%ALLUSERSPROFILE%\DRM\INDIVBOX_64.KEY" (KB891664 & KB925705)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92BA3F-3825-4363-B379-9165FB19A669}","Description",0,"%ALLUSERSPROFILE%\DRM\INDIVBOX_64.KEY"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92BA3F-3825-4363-B379-9165FB19A669}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432Node\Microsoft\DRM\DataPath%INDIVBOX_64.KEY"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92BA3F-3825-4363-B379-9165FB19A669}","LastModified",720897,4d,38,99,dd,2c,90,cd,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92BA3F-3825-4363-B379-9165FB19A669}","SaferFlags",65537,0

; Allow execution of "%ALLUSERSPROFILE%\DRM\INDIVBOX.KEY" (KB891664 & KB925705)
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","Description",0,"%ALLUSERSPROFILE%\DRM\INDIVBOX.KEY"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432Node\Microsoft\DRM\DataPath%INDIVBOX.KEY"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","LastModified",720897,4d,38,99,dd,2c,90,cd,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","SaferFlags",65537,0

; Allow execution in "%ProgramFiles(x86)%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}","Description",0,"%ProgramFiles(x86)%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}","SaferFlags",65537,0

; Allow execution in "%ProgramW6432%" (KB976039)
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77ECE93-AA72-4E53-AB00-28F5544813A1}","Description",0,"%ProgramW6432%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77ECE93-AA72-4E53-AB00-28F5544813A1}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77ECE93-AA72-4E53-AB00-28F5544813A1}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77ECE93-AA72-4E53-AB00-28F5544813A1}","SaferFlags",65537,0

; Allow execution in "%CommonProgramFiles(x86)%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}","Description",0,"%CommonProgramFiles(x86)%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)%"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}","SaferFlags",65537,0

; Allow execution in "%CommonProgramW6432%" (KB976039)
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F51FE-2F84-4CA1-81BC-2C815CD746BD}","Description",0,"%CommonProgramW6432%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F51FE-2F84-4CA1-81BC-2C815CD746BD}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir%"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F51FE-2F84-4CA1-81BC-2C815CD746BD}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F51FE-2F84-4CA1-81BC-2C815CD746BD}","SaferFlags",65537,0

[Remove.DelReg]
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer"

HKLM,"SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer","AuthentiCodeFlags",65537,0x00000300

; Disable advanced 'SAFER' logging
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","LogFileName",0,"%10%\Debug\SAFER.LOG"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","LogFileName",0,"%10%\Debug\UserMode\SAFER.LOG"

; Remove all 'Disallowed' path rules
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths"

HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADD2B8-A529-491E-BB39-4F7694557B88}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE1B00-211E-4076-A064-C0BD8EAFA742}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE8F25-7D29-4ABE-A5F3-4E7F99FA5B74}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AF2ED3-7F52-49AA-9970-712A1D8FB8F5}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AFF6A8-CE8A-4BEE-9E2A-032DD8852160}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}"

HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE30-2030-45AA-B54D-6C407941D825}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE31-2030-45AA-B54D-6C407941D825}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE32-2030-45AA-B54D-6C407941D825}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE33-2030-45AA-B54D-6C407941D825}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE34-2030-45AA-B54D-6C407941D825}"

;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92E2FB-6671-4BBC-8EA9-9B7482F5919A}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C37D40-EA2D-11DC-8F61-0004760DFF53}"

;HKLM,"SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup","Software Restriction Policies"

[Remove.DelReg.amd64]
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{10011479-708B-41F7-A992-CF1FD376BBB7}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001DEEE-128A-4A4D-A684-2C7035340E4B}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC1CC0-9FF7-4D8D-876C-948707693763}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA63F-AC8E-4EFF-9F6A-15BBE60F1402}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA930-BC79-4A8F-B118-C540259C08EC}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB4E9-42DB-48D9-B0ED-FD7352942E0D}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB7C1-0CF7-4F05-806F-2A30D4C8ABFD}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBB4C-267E-4158-99E3-096F6BC91C94}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBEE8-F68F-4D58-8F36-CA5DC15D0969}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD3418-5BF7-4C2B-AEAF-711D6F9914E0}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADA7B0-96EE-46A2-8BE4-ED0A088DAE7C}"

HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92BA3F-3825-4363-B379-9165FB19A669}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77ECE93-AA72-4E53-AB00-28F5544813A1}"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}"
;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F51FE-2F84-4CA1-81BC-2C815CD746BD}"

[Remove.AddReg]
; Reset default 'SAFER' policy to 'Unrestricted'
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","DefaultLevel",65537,0x00040000

; Add file name extensions '.INF', '.LNK', '.REG' and '.URL' to 'SAFER' executables list
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"INF"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"LNK"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"REG"
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"URL"

; Don't exempt 'Administrators' from 'SAFER'
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","PolicyScope",65537,0

; Disable 'SAFER' for all executables
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","TransparentEnabled",65537,0

[Strings]