Search - ScriptShare

Search Results

740 results found

Fix Ensure 'Enable insecure guest logons' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.6.8.1: "Ensure 'Enable insecure guest logons' is set to 'Disabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.11.2

Fix Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.6.11.2: "Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.11.3

Fix Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.6.11.3: "Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.11.4

Fix Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.6.11.4: "Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.14.1

This script sets the registry values to enable Hardened UNC Paths for NETLOGON and SYSVOL shares as per CIS benchmarks and verifies the configuration.

This script fixes the windows CIS Benchmark check 18.6.14.1: "Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'."

The script ensures that the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths is configured with the required settings for \\NETLOGON and \\SYSVOL. It sets RequireMutualAuthentication, RequireIntegrity, and RequirePrivacy to 1 for both shares. After setting the values, it verifies the configuration and reports the status.

Notes

This script must be run with administrative privileges.
Compatible with PowerShell 5.1.
Follows the principle of least privilege by requiring admin rights only when necessary.

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.19.2.1

Fix Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)').

This script fixes the windows CIS Benchmark check 18.6.19.2.1: "Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.20.1

Fix Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.6.20.1: "Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.20.2

Fix Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.6.20.2: "Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'."

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.21.2

This script fixes the CIS benchmark check for "Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'". It sets the required registry value and verifies the change.

This script fixes the windows CIS Benchmark check 18.6.21.2: "Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'."

The script modifies the registry to enable the setting by setting the fBlockNonDomain value to 1 under the specified path. It then verifies that the value is correctly set. If the registry key does not exist, it is created.

Notes

This script must be run with administrative privileges.
Directly modifying the registry may be overridden by Group Policy if it is managing this setting.
No reboot is typically required, but changes may not take effect until the user logs off and on or the policy is refreshed.

XXeroSec

5mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.23.2.1

Fix Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.6.23.2.1: "Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'."

XXeroSec

5mo ago

Search Results

ago