Search - ScriptShare

Search Results

Fix Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'.

This script fixes the windows CIS Benchmark check 18.10.9.2.14: "Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.15

This script fixes the CIS benchmark check for 'Require additional authentication at startup: Configure TPM startup' by setting the registry key to disable TPM usage.

This script fixes the windows CIS Benchmark check 18.10.9.2.15: "Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'."

The script sets the registry value at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPM to 0 (DWORD), which corresponds to 'Enabled: Do not allow TPM'. It also verifies the change and reports the result.

Parameters

None This script does not require any parameters.

Notes

This script must be run with administrative privileges.
It modifies system registry settings directly, which may be overridden by Group Policy.
Ensure compatibility with your environment and security policies before running.

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.16

Fix Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'.

This script fixes the windows CIS Benchmark check 18.10.9.2.16: "Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.17

Fix Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'.

This script fixes the windows CIS Benchmark check 18.10.9.2.17: "Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.18

This script fixes the CIS benchmark check for 'Require additional authentication at startup: Configure TPM startup key and PIN' by setting the registry key to the required state.

This script fixes the windows CIS Benchmark check 18.10.9.2.18: "Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'."

The script sets the registry value at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPMKeyPIN to 0 (DWORD), which corresponds to 'Enabled: Do not allow startup key and PIN with TPM'. It also verifies the change and outputs the result.

Notes

This script must be run with administrative privileges.
Changes may require a system reboot to take full effect.
This modifies BitLocker-related policies; ensure you understand the implications before running.

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.3.2

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.3.2: "Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.3.3

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.3.3: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.3.4

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'.

This script fixes the windows CIS Benchmark check 18.10.9.3.4: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.3.5

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'.

This script fixes the windows CIS Benchmark check 18.10.9.3.5: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.3.6

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.3.6: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'."

XXeroSec

5mo ago

Search Results

ago