Hardentools is an open-source security utility designed to reduce the attack surface of Windows PCs by disabling high-risk features that everyday users rarely need. It provides immediate protection by locking down system settings, Microsoft Office, and PDF readers, which are commonly abused by malware and ransomware to execute code.
While Hardentools is incredibly powerful for individuals at high risk, it trades usability for security. This step-by-step guide will walk you through how it works, how to use it safely, and how to undo its changes. ⚠️ Critical Warning Before You Begin
Hardentools disables essential advanced tools, including the Command Prompt (cmd.exe) and PowerShell. If you are a developer, system administrator, or user who frequently uses terminal commands or complex Microsoft Excel macros, running this tool will break your workflow. Step 1: Download Hardentools Navigate to the official Hardentools GitHub Repository.
Click on the Releases section on the right side of the page.
Download the latest version of the executable file (e.g., hardentools.exe).
Save the file to an easily accessible location, like your Desktop. Step 2: Create a System Restore Point (Recommended)
Because Hardentools makes system-wide registry and group policy modifications, it is smart to create a backup point first.
Open your Windows Start Menu, type “Create a restore point”, and press Enter.
Click the Create button at the bottom of the System Properties window.
Name the restore point (e.g., “Before Hardentools”) and click Create. Step 3: Run the Tool and Customize Settings
Right-click the downloaded hardentools.exe file and select Run as administrator.
Click Yes if the Windows User Account Control (UAC) prompt appears.
By default, the tool presents a simple window with a single button. Do not click it yet.
Click “Show Expert Settings” at the bottom of the screen. This allows you to check or uncheck individual tweaks so you do not accidentally lock yourself out of tools you actually use (like PowerShell). Step 4: Lock Down Windows Instantly
Review the list of configurations. The tool will automatically prepare to disable:
Windows Script Host: Stops .vbs and .js files from running autonomously.
AutoRun and AutoPlay: Stops USB sticks from executing malicious files automatically upon being plugged in.
Office Macros & OLE Objects: Blocks hackers from using hidden scripts inside Word or Excel documents.
PDF JavaScript: Blocks Adobe Reader and LibreOffice from running embedded malicious code.
User Account Control: Maximize UAC settings to prompt you for security authorization continuously.
Once you have unchecked any vital features you wish to keep, click the prominent “Harden!” button.
Wait a few seconds for the process to complete, then restart your computer to fully enforce the new security rules. How to Revert Changes (The “Restore” Feature)
If you find that an application is malfunctioning or you suddenly need to use the Command Prompt, Hardentools allows a seamless rollback.
Right-click hardentools.exe and select Run as administrator.
The interface will automatically recognize that your system has already been hardened.
Click the “Restore” button to instantly revert every tweak back to the original Windows defaults. Restart your computer.
If you want to evaluate if this utility fits your personal risk profile, let me know:
What specific applications do you use daily? (e.g., MS Office, Adobe, Programming tools) What version of Windows are you currently running?
Is this for a personal computer or a corporate/work machine? Windows Hardening Guide | 2025 Edition