Search - ScriptShare

Search Results

This script fixes the CIS benchmark check for 'Microsoft network server: Server SPN target name validation level' by setting the registry key to the specified value and verifies the change.

This script fixes the windows CIS Benchmark check 2.3.9.5: "Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher."

The script ensures the registry key SMBServerNameHardeningLevel under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters is set to a value of 1 or higher, which corresponds to 'Accept if provided by client' or stricter. It then verifies that the value meets the CIS requirement (>=1).

Parameters

HardeningLevel The value to set for SMBServerNameHardeningLevel. Must be an integer greater than or equal to 1. Default is 1 (Accept if provided by client).

Example(s)

.\FixCisCheck.ps1Sets the hardening level to 1 and verifies..\FixCisCheck.ps1 -HardeningLevel 2Sets the hardening level to 2 (Required from client) and verifies.

XXeroSec

5mo ago

Search Results

ago