Script Share

cis_win11_enterprise 18.7.11

This script fixes the CIS check for 'Point and Print Restrictions: When updating drivers for an existing connection' by setting the registry key to the required state.

This script fixes the windows CIS Benchmark check 18.7.11: "Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt'."

The script checks the current registry setting, updates it if necessary to 'Enabled: Show warning and elevation prompt' (UpdatePromptSettings = 0), and verifies the change. It follows the principle of least privilege by requiring administrator rights.

cis_win11_enterprise 18.8.1.1

Fix Ensure 'Turn off notifications network usage' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.8.1.1: "Ensure 'Turn off notifications network usage' is set to 'Enabled'."

cis_win11_enterprise 18.8.2

Checks if the current user is running with administrator privileges. Sets the registry key to enable removal of personalized website recommendations in the Start Menu and verifies the change.

This script fixes the windows CIS Benchmark check 18.8.2: "Ensure 'Remove Personalized Website Recommendations from the Recommended section in the Start Menu' is set to 'Enabled'."

This function modifies the registry to comply with the CIS benchmark by setting the 'HideRecommendedPersonalizedSites' key to 1 (Enabled). It then verifies that the key is set correctly and outputs the result.

Example(s)

Set-CisStartMenuRecommendationFix

Notes

This function must be run with administrative privileges.

cis_win11_enterprise 18.9.3.1

This script fixes the CIS benchmark check for 'Include command line in process creation events' by setting the required registry key and verifies the result.

This script fixes the windows CIS Benchmark check 18.9.3.1: "Ensure 'Include command line in process creation events' is set to 'Enabled'."

The script ensures that the registry key 'ProcessCreationIncludeCmdLine_Enabled' is set to 1 under the path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit'. It first checks for necessary prerequisites, sets the registry value, and then verifies that the setting is correct.

Parameters

None This script does not require any parameters. It performs the fix and verification automatically.

Notes

This script must be run with administrative privileges.
It is compatible with Windows 8.1 and later.
Use with caution as it modifies the system registry.

cis_win11_enterprise 18.9.4.1

Fix Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'.

This script fixes the windows CIS Benchmark check 18.9.4.1: "Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'."

cis_win11_enterprise 18.9.4.2

Fix Ensure 'Remote host allows delegation of non- exportable credentials' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.9.4.2: "Ensure 'Remote host allows delegation of non- exportable credentials' is set to 'Enabled'."

cis_win11_enterprise 18.9.5.1

Fix Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.9.5.1: "Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'."

cis_win11_enterprise 18.9.5.2

Fix Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higher.

This script fixes the windows CIS Benchmark check 18.9.5.2: "Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higher."

cis_win11_enterprise 18.9.5.3

Fix Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'.

This script fixes the windows CIS Benchmark check 18.9.5.3: "Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'."

cis_win11_enterprise 18.9.5.4

Fix Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'.

This script fixes the windows CIS Benchmark check 18.9.5.4: "Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'."

XeroSec

Member

389scripts

4comments

Programming Languages

PowerShell10 (2.6%)

Operating Systems

Windows10 (100.0%)

Statistics

Script Score

Comment Score

Total Score

Avg. Score/Script

Latest Scripts

cis_win11_enterprise 18.7.11

This script fixes the CIS check for 'Point and Print Restrictions: When updating drivers for an existing connection' by setting the registry key to the required state.

cis_win11_enterprise 18.8.1.1

Fix Ensure 'Turn off notifications network usage' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.8.1.1: "Ensure 'Turn off notifications network usage' is set to 'Enabled'."

cis_win11_enterprise 18.8.2

Checks if the current user is running with administrator privileges. Sets the registry key to enable removal of personalized website recommendations in the Start Menu and verifies the change.

This script fixes the windows CIS Benchmark check 18.8.2: "Ensure 'Remove Personalized Website Recommendations from the Recommended section in the Start Menu' is set to 'Enabled'."

Example(s)

Set-CisStartMenuRecommendationFix

Notes

This function must be run with administrative privileges.

cis_win11_enterprise 18.9.3.1

This script fixes the CIS benchmark check for 'Include command line in process creation events' by setting the required registry key and verifies the result.

This script fixes the windows CIS Benchmark check 18.9.3.1: "Ensure 'Include command line in process creation events' is set to 'Enabled'."

Parameters

None This script does not require any parameters. It performs the fix and verification automatically.

Notes

This script must be run with administrative privileges.
It is compatible with Windows 8.1 and later.
Use with caution as it modifies the system registry.

cis_win11_enterprise 18.9.4.1

Fix Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'.

This script fixes the windows CIS Benchmark check 18.9.4.1: "Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'."

cis_win11_enterprise 18.9.4.2

Fix Ensure 'Remote host allows delegation of non- exportable credentials' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.9.4.2: "Ensure 'Remote host allows delegation of non- exportable credentials' is set to 'Enabled'."

cis_win11_enterprise 18.9.5.1

Fix Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.9.5.1: "Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'."

cis_win11_enterprise 18.9.5.2

Fix Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higher.

This script fixes the windows CIS Benchmark check 18.9.5.2: "Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higher."

cis_win11_enterprise 18.9.5.3

Fix Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'.

This script fixes the windows CIS Benchmark check 18.9.5.3: "Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'."

cis_win11_enterprise 18.9.5.4

Fix Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'.

This script fixes the windows CIS Benchmark check 18.9.5.4: "Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'."