Search - ScriptShare

Search Results

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'.

This script fixes the windows CIS Benchmark check 18.10.9.2.6: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.7

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.2.7: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.8

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'.

This script fixes the windows CIS Benchmark check 18.10.9.2.8: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.9

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'.

This script fixes the windows CIS Benchmark check 18.10.9.2.9: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.10

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.2.10: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.11

Fix Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.10.9.2.11: "Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.12

Fix Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.10.9.2.12: "Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.13

Fix Ensure 'Require additional authentication at startup' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.2.13: "Ensure 'Require additional authentication at startup' is set to 'Enabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.14

Fix Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'.

This script fixes the windows CIS Benchmark check 18.10.9.2.14: "Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.15

This script fixes the CIS benchmark check for 'Require additional authentication at startup: Configure TPM startup' by setting the registry key to disable TPM usage.

This script fixes the windows CIS Benchmark check 18.10.9.2.15: "Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'."

The script sets the registry value at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPM to 0 (DWORD), which corresponds to 'Enabled: Do not allow TPM'. It also verifies the change and reports the result.

Parameters

None This script does not require any parameters.

Notes

This script must be run with administrative privileges.
It modifies system registry settings directly, which may be overridden by Group Policy.
Ensure compatibility with your environment and security policies before running.

XXeroSec

5mo ago

Search Results

ago