Search - ScriptShare

Search Results

Fix Ensure 'Allow Secure Boot for integrity validation' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.2.2: "Ensure 'Allow Secure Boot for integrity validation' is set to 'Enabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.5

This script sets the BitLocker recovery policy to require a 48-digit recovery password by modifying the registry. It also verifies the change to ensure compliance with the CIS benchmark.

This script fixes the windows CIS Benchmark check 18.10.9.2.5: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'."

The script checks and sets the registry key for BitLocker operating system drive recovery to require a 48-digit password. It handles creation of the registry key if it does not exist and verifies the setting after modification.

Notes

This script must be run with administrative privileges.
Compatible with PowerShell 5.1 and later.

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.6

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'.

This script fixes the windows CIS Benchmark check 18.10.9.2.6: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.7

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.2.7: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.8

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'.

This script fixes the windows CIS Benchmark check 18.10.9.2.8: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.9

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'.

This script fixes the windows CIS Benchmark check 18.10.9.2.9: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.10

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.2.10: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.11

Fix Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.10.9.2.11: "Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.12

Fix Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.10.9.2.12: "Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.13

Fix Ensure 'Require additional authentication at startup' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.2.13: "Ensure 'Require additional authentication at startup' is set to 'Enabled'."

XXeroSec

5mo ago

Search Results

ago