Search - ScriptShare

Search Results

740 results found

This script fixes the CIS benchmark check for ensuring the 'Remote Access Auto Connection Manager (RasAuto)' service is disabled by modifying the registry.

This script fixes the windows CIS Benchmark check 5.19: "Ensure 'Remote Access Auto Connection Manager (RasAuto)' is set to 'Disabled'."

The script checks the current 'Start' value in the registry for the RasAuto service. If it is not set to 4 (Disabled), it sets it to 4. After modification, it verifies the change to ensure compliance.

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 5.18

This script sets the 'Start' registry value for the 'wercplsupport' service to 4 (Disabled) to remediate a CIS benchmark failure and verifies the change.

This script fixes the windows CIS Benchmark check 5.18: "Ensure 'Problem Reports and Solutions Control Panel Support (wercplsupport)' is set to 'Disabled'."

The script checks the current state of the registry value, sets it to the required state if necessary, and then verifies that the change was successful. This is based on the CIS recommendation to disable the 'Problem Reports and Solutions Control Panel Support' service.

Parameters

None This script does not take any parameters.

Example(s)

.\Fix-CIS-WerCplSupport.ps1

Notes

This script must be run with administrative privileges.
It modifies the Windows registry, so use with caution and ensure you have a system backup.

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 5.11

Fix Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 5.11: "Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 2.3.17.3

Fix Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'.

This script fixes the windows CIS Benchmark check 2.3.17.3: "Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 2.3.17.2

Fix Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'.

This script fixes the windows CIS Benchmark check 2.3.17.2: "Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 2.3.17.1

Fix Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 2.3.17.1: "Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 2.3.11.4

Fix Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'.

This script fixes the windows CIS Benchmark check 2.3.11.4: "Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 2.3.10.4

This script fixes the CIS benchmark check for "Network access: Do not allow storage of passwords and credentials for network authentication" by setting the required registry key and verifying the change.

This script fixes the windows CIS Benchmark check 2.3.10.4: "Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'."

The script checks the registry key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa for the property DisableDomainCreds. If it is not set to 1, the script sets it to 1 (Enabled). After modification, it verifies the setting and reports the result.

Notes

This script directly modifies the registry. In managed environments, consider using Group Policy for persistent changes.
The change may require a system restart to fully enforce, depending on the system state.
Compatible with PowerShell 5.1.

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 2.3.9.5

This script fixes the CIS benchmark check for 'Microsoft network server: Server SPN target name validation level' by setting the registry key to the specified value and verifies the change.

This script fixes the windows CIS Benchmark check 2.3.9.5: "Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher."

The script ensures the registry key SMBServerNameHardeningLevel under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters is set to a value of 1 or higher, which corresponds to 'Accept if provided by client' or stricter. It then verifies that the value meets the CIS requirement (>=1).

Parameters

HardeningLevel The value to set for SMBServerNameHardeningLevel. Must be an integer greater than or equal to 1. Default is 1 (Accept if provided by client).

Example(s)

.\FixCisCheck.ps1Sets the hardening level to 1 and verifies..\FixCisCheck.ps1 -HardeningLevel 2Sets the hardening level to 2 (Required from client) and verifies.

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 2.3.8.1

Fix Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 2.3.8.1: "Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'."

XXeroSec

6mo ago

Search Results

ago