There is an optional Configuration Pack which automates some of the configuration steps and also provides the ACLs to partition away hacker friendly admin command line tools.
Some settings can only be reached with the Configuration Pack.
Just burn this image file to DVD and slip it into your PC and it will commence installing the updates.
Note that it will only download KB's that are in MS Security Bulletins, which are all the critical and important downloads; so you will still have to do a Windows Update afterwards to fetch the ordinary non-critical updates.
After hardening, all control panel items are tested working, with the following exceptions: If your system has already been compromised, the best course of action is to re-install Windows.
An attacker can attack you while you are updating online and vulnerable. On the main screen, select the platforms which you want updates for, and checkmark Create ISO images 'per selected product and language', then click the Start button.
After it finishes, check the iso sub folder to locate the ISO image file. You need to right click on it and select 'Burn disc image'.
Then, continuing the security process, we will set up patch monitoring to notify us of insecure applications which require patching.
Then we will set up event monitoring to monitor admin account uses and all unusual events.
You can implement something and they will just disable it.