ScriptShare

This script fixes the windows CIS Benchmark check 18.10.9.3.1: "Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'."

Creates HKLM\SOFTWARE\Policies\Microsoft\FVE\RDVDiscoveryVolumeType (REG_SZ) with a blank string. A blank value satisfies the CIS “Disabled” state.

Notes

• Tested on Windows 10/11 x64 and Server 2022 (PowerShell 5.1+) • Requires elevation (run as SYSTEM or Administrator) • No reboot is required; BitLocker compliance is immediate

This script fixes the windows CIS Benchmark check 18.10.9.3.10: "Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled'."

The script modifies the Windows registry to set the RDVHardwareEncryption value to 0 under the specified path. It then checks if the setting is correctly applied and reports the compliance status.

This script fixes the windows CIS Benchmark check 18.10.9.3.11: "Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'."

This script fixes the windows CIS Benchmark check 18.10.9.3.12: "Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'."

This script fixes the windows CIS Benchmark check 18.10.9.3.13: "Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'."

This script fixes the windows CIS Benchmark check 18.10.9.3.14: "Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'."

This script fixes the windows CIS Benchmark check 18.10.9.3.15: "Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'."