Search - ScriptShare

Search Results

738 results found

Configures the logon–banner title (CIS 26027) and, for completeness, the logon–banner text (CIS 26026)

This script fixes the windows CIS Benchmark check 2.3.7.6: "Configure 'Interactive logon: Message title for users attempting to log on'."

Parameters

Title Text displayed in the window title bar of the logon-message dialog.

Message Multi-line warning shown in the body of the logon-message dialog.

Example(s)

.\Set-LogonBannerTitle.ps1 `-Title "Authorized Use Only" `-Message @"THIS COMPUTER SYSTEM IS THE PROPERTY OF EXAMPLE CORPORATION.UNAUTHORIZED ACCESS OR USE IS PROHIBITED AND SUBJECT TO DISCIPLINARYACTION AND PROSECUTION. USERS HAVE NO EXPECTATION OF PRIVACY.BY CONTINUING, YOU CONSENT TO MONITORING."@

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 2.3.1.4

Renames the built-in local Administrator account (CIS Benchmark 26011)

This script fixes the windows CIS Benchmark check 2.3.1.4: "Configure 'Accounts: Rename administrator account'."

Parameters

NewName New name for the built-in Administrator account. Defaults to "LocalAdmin".

Example(s)

.\Rename-Administrator.ps1 -NewName "WorkstationSvc"

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.1

Enables “Allow enhanced PINs for startup” for BitLocker‑protectedoperating‑system drives (CIS control 18.10.9.2.1)

This script fixes the windows CIS Benchmark check 18.10.9.2.1: "Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'."

Creates or sets HKLM\SOFTWARE\Policies\Microsoft\FVE\UseEnhancedPin to the DWORD value 1, which the ADMX interprets as Enabled.

Notes

• Tested on Windows 10/11 and Server 2019/2022 (PowerShell 5.1+). • Run as Administrator or SYSTEM (Intune, GPO startup, RMM, etc.). • Idempotent – safe to execute repeatedly. • No reboot is required.

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.4

Disables “Allow data recovery agent” for BitLocker‑protected OS drives(CIS control 18.10.9.2.4)

This script fixes the windows CIS Benchmark check 18.10.9.2.4: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'."

Sets HKLM\SOFTWARE\Policies\Microsoft\FVE\OSManageDRA (REG_DWORD) to 1.

Notes

• Run as Administrator or SYSTEM. • Safe to execute repeatedly.

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.4

Disables “Allow data recovery agent” for BitLocker‑protected OS drives (CIS control 18.10.9.2.4).

Sets HKLM\SOFTWARE\Policies\Microsoft\FVE\OSManageDRA (REG_DWORD) to 1.

Notes

• Run as Administrator or SYSTEM. • Safe to execute repeatedly.

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.3.1

Disables “Allow access to BitLocker‑protected removable data drives from earlier versions of Windows” (CIS control 26336 / 18.10.9.3.1).

This script fixes the windows CIS Benchmark check 18.10.9.3.1: "Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'."

Creates HKLM\SOFTWARE\Policies\Microsoft\FVE\RDVDiscoveryVolumeType (REG_SZ) with a blank string. A blank value satisfies the CIS “Disabled” state.

Notes

• Tested on Windows 10/11 x64 and Server 2022 (PowerShell 5.1+) • Requires elevation (run as SYSTEM or Administrator) • No reboot is required; BitLocker compliance is immediate

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.43.5

Fix Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'.

This script fixes the windows CIS Benchmark check 18.10.43.5: "Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.3.7

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'.

This script fixes the windows CIS Benchmark check 18.10.9.3.7: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.2.3

Fix Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.2.3: "Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.9.1.5

Fix Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher.

This script fixes the windows CIS Benchmark check 18.10.9.1.5: "Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher."

XXeroSec

7mo ago

Search Results

ago