ScriptShare

This script fixes the windows CIS Benchmark check 18.4.6: "Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'."

The script checks for administrative privileges, sets the registry value for DisableExceptionChainValidation to 0 under the specified path, and then verifies that the value is correctly set. This addresses the CIS benchmark requirement for SEHOP.

Parameters

None This script does not accept parameters. It is designed to be run as-is.

Notes

• This script must be run with administrative privileges.
• A system reboot may be required for the changes to take effect.
• This script modifies the registry directly. Use with caution and ensure it aligns with your organization's policies.

This script fixes the windows CIS Benchmark check 18.4.7: "Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'."

The script checks the registry value for NetBT NodeType and sets it to 2 (P-node) if it is not already configured correctly. It then verifies the setting to confirm the change.

Parameters

None This script does not require any parameters.

Notes

• This script must be run with administrative privileges.
• Changes may require a system restart to take effect.
• This directly modifies the registry and does not use Group Policy.

This script fixes the windows CIS Benchmark check 18.5.2: "Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level is set to 'Enabled: Highest protection, source routing is completely disabled'."

This script fixes the windows CIS Benchmark check 18.5.3: "Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level ' is set to 'Enabled: Highest protection, source routing is completely disabled'."

This script fixes the windows CIS Benchmark check 18.5.4: "Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'."

This script fixes the windows CIS Benchmark check 18.5.5: "Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'."

This script fixes the windows CIS Benchmark check 18.5.6: "Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'."

This script fixes the windows CIS Benchmark check 18.5.8: "Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses' is set to 'Disabled'."

The script modifies the registry to ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses' is set to Disabled (value 0). It includes error handling and automatic verification of the setting.

Notes

• This script directly modifies the registry and does not use Group Policy.
• If Group Policy is managing this setting, changes may be overwritten. Consider using Group Policy for persistent changes.
• Compatible with PowerShell 5.1.

This script fixes the windows CIS Benchmark check 18.5.12: "Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'."

This script fixes the windows CIS Benchmark check 18.6.4.1: "Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higher."