ScriptShare

This script fixes the windows CIS Benchmark check 18.6.11.4: "Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'."

This script fixes the windows CIS Benchmark check 18.6.14.1: "Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'."

The script ensures that the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths is configured with the required settings for \\NETLOGON and \\SYSVOL. It sets RequireMutualAuthentication, RequireIntegrity, and RequirePrivacy to 1 for both shares. After setting the values, it verifies the configuration and reports the status.

Notes

• This script must be run with administrative privileges.
• Compatible with PowerShell 5.1.
• Follows the principle of least privilege by requiring admin rights only when necessary.

This script fixes the windows CIS Benchmark check 18.6.19.2.1: "Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')."

This script fixes the windows CIS Benchmark check 18.6.20.1: "Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'."

This script fixes the windows CIS Benchmark check 18.6.20.2: "Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'."

This script fixes the windows CIS Benchmark check 18.6.21.2: "Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'."

The script modifies the registry to enable the setting by setting the fBlockNonDomain value to 1 under the specified path. It then verifies that the value is correctly set. If the registry key does not exist, it is created.

Notes

• This script must be run with administrative privileges.
• Directly modifying the registry may be overridden by Group Policy if it is managing this setting.
• No reboot is typically required, but changes may not take effect until the user logs off and on or the policy is refreshed.

This script fixes the windows CIS Benchmark check 18.6.23.2.1: "Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'."

This script fixes the windows CIS Benchmark check 18.7.2: "Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'."

This script fixes the windows CIS Benchmark check 18.7.3: "Ensure 'Configure RPC connection settings: Protocol to use for outgoing RPC connections' is set to 'Enabled: RPC over TCP'."

The script checks and sets the registry key RpcUseNamedPipeProtocol to 1 (DWORD) under the specified path. It also verifies the change and outputs the result.

Notes

• This script must be run with administrative privileges.
• Applicable to Windows systems where the registry path exists.
• Directly modifies the registry; ensure you back up the registry before running.

This script fixes the windows CIS Benchmark check 18.7.4: "Ensure 'Configure RPC connection settings: Use authentication for outgoing RPC connections' is set to 'Enabled: Default'."