Search - ScriptShare

Search Results

This script fixes the CIS benchmark check for 'Require additional authentication at startup: Configure TPM startup key and PIN' by setting the registry key to the required state.

This script fixes the windows CIS Benchmark check 18.10.9.2.18: "Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'."

The script sets the registry value at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPMKeyPIN to 0 (DWORD), which corresponds to 'Enabled: Do not allow startup key and PIN with TPM'. It also verifies the change and outputs the result.

Notes

This script must be run with administrative privileges.
Changes may require a system reboot to take full effect.
This modifies BitLocker-related policies; ensure you understand the implications before running.

XXeroSec

5mo ago

Search Results

ago