This script fixes the darwin CIS Benchmark check 35028: "Ensure Require Password After Screen Saver Begins or Display Is Turned Off Is Enabled for 5 Seconds or Immediately."

This script fixes the darwin CIS Benchmark check 35026: "Ensure Power Nap Is Disabled for Intel Macs."

This script fixes the darwin CIS Benchmark check 35022: "Ensure 'Show Location Icon in Control Center when System Services Request Your Location' Is Enabled."

This script fixes the windows CIS Benchmark check 18.10.9.1.7: "Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'."

• Creates HKLM\SOFTWARE\Policies\Microsoft\FVE if missing. • Writes/overwrites DWORD FDVActiveDirectoryBackup = 1 in BOTH registry views (Registry64 and Registry32). • Idempotent: rerunning simply re-applies the compliant value.

Example(s)

.\Set-BitLockerADBackupFixed.ps1

This script fixes the windows CIS Benchmark check 18.10.9.1.7: "Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'."

• Creates HKLM\SOFTWARE\Policies\Microsoft\FVE if missing. • Writes/overwrites DWORD FDVActiveDirectoryBackup = 1 in BOTH registry views (Registry64 and Registry32). • Idempotent: rerunning simply re-applies the compliant value.

Example(s)

.\Set-BitLockerADBackupFixed.ps1

This script fixes the windows CIS Benchmark check 18.10.9.1.1: "Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'."

• Creates HKLM\SOFTWARE\Policies\Microsoft\FVE if missing. • Creates/overwrites value FDVDiscoveryVolumeType with "" (empty string). • Writes to BOTH 64-bit and 32-bit registry views. • Idempotent: re-running simply re-applies the compliant state.

Example(s)

.\Disable-LegacyFixedDriveAccess.ps1

This script fixes the windows CIS Benchmark check 18.10.9.1.1: "Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'."

• Creates HKLM\SOFTWARE\Policies\Microsoft\FVE if missing. • Creates/overwrites value FDVDiscoveryVolumeType with "" (empty string). • Writes to BOTH 64-bit and 32-bit registry views. • Idempotent: re-running simply re-applies the compliant state.

Example(s)

.\Disable-LegacyFixedDriveAccess.ps1

This script fixes the windows CIS Benchmark check 18.7.5: "Ensure 'Configure RPC listener settings: Protocols to allow for incoming RPC connections' is set to 'Enabled: RPC over TCP'."

This script fixes the windows CIS Benchmark check 5.4: "Ensure 'Downloaded Maps Manager (MapsBroker)' is set to 'Disabled'."

The script:

1. Verifies that MapsBroker exists.
2. Stops it if running.
3. Sets StartupType to Disabled.
4. Writes Start = 4 to the registry for auditors that read raw values.

Example(s)

.\Disable-MapsBroker.ps1

This script fixes the windows CIS Benchmark check 5.2: "Ensure 'Bluetooth Support Service (bthserv)' is set to 'Disabled'."

The script:

1. Checks whether the service exists.
2. Stops it if it is running.
3. Sets its startup type to Disabled.
4. Writes Start = 4 to the registry for audit tools that read the raw value.

Example(s)

.\Disable-BthServ.ps1