Search - ScriptShare

Search Results

Sets the LAPS post-authentication grace period to ensure it meets the CIS benchmark requirement and verifies the change.

This script fixes the windows CIS Benchmark check 18.9.25.7: "Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'."

This script checks and sets the registry value for the LAPS post-authentication grace period (hours) to a value between 1 and 8 inclusive. It ensures the CIS check "Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'" passes. The script creates the registry key if it does not exist and handles errors gracefully.

Parameters

GracePeriodHours Specifies the grace period in hours to set. Must be an integer between 1 and 8. Defaults to 8 if not specified.

Example(s)

.\SetCisLapsGracePeriod.ps1 -GracePeriodHours 4

Notes

This script modifies the registry directly and may be overwritten by Group Policy. It is recommended to configure this setting via Group Policy for persistent changes. LAPS must be installed for this setting to be fully functional, but the script will still set the registry value to pass the CIS check.

XXeroSec

5mo ago

Search Results

ago