Browse Community Scripts

Browse

Disables “Allow access to BitLocker‑protected removable data drives from earlier versions of Windows” (CIS control 26336 / 18.10.9.3.1).

This script fixes the windows CIS Benchmark check 18.10.9.3.1: "Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'."

Creates HKLM\SOFTWARE\Policies\Microsoft\FVE\RDVDiscoveryVolumeType (REG_SZ) with a blank string. A blank value satisfies the CIS “Disabled” state.

Notes

• Tested on Windows 10/11 x64 and Server 2022 (PowerShell 5.1+) • Requires elevation (run as SYSTEM or Administrator) • No reboot is required; BitLocker compliance is immediate

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.43.5

Fix Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'.

This script fixes the windows CIS Benchmark check 18.10.43.5: "Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.3.7

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'.

This script fixes the windows CIS Benchmark check 18.10.9.3.7: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.3

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.2.3: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.1.5

Fix Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher.

This script fixes the windows CIS Benchmark check 18.10.9.1.5: "Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.1.4

Fix Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higher.

This script fixes the windows CIS Benchmark check 18.10.9.1.4: "Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higher."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.1.3

Fix Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.1.3: "Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 9.3.7

Fix Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater'.

This script fixes the windows CIS Benchmark check 9.3.7: "Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 17.5.5

Fix Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'.

This script fixes the windows CIS Benchmark check 17.5.5: "Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 17.6.3

Fix Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'.

This script fixes the windows CIS Benchmark check 17.6.3: "Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'."

XXeroSec

5mo ago

Latest Scripts

ago