Search - ScriptShare

Search Results

Scripts (708)

Fix Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higher.

This script fixes the windows CIS Benchmark check 18.6.4.1: "Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higher."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.8.1

Fix Ensure 'Enable insecure guest logons' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.6.8.1: "Ensure 'Enable insecure guest logons' is set to 'Disabled'."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.11.2

Fix Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.6.11.2: "Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.11.3

Fix Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.6.11.3: "Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.11.4

Fix Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.6.11.4: "Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.14.1

This script sets the registry values to enable Hardened UNC Paths for NETLOGON and SYSVOL shares as per CIS benchmarks and verifies the configuration.

This script fixes the windows CIS Benchmark check 18.6.14.1: "Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'."

The script ensures that the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths is configured with the required settings for \\NETLOGON and \\SYSVOL. It sets RequireMutualAuthentication, RequireIntegrity, and RequirePrivacy to 1 for both shares. After setting the values, it verifies the configuration and reports the status.

Notes

This script must be run with administrative privileges.
Compatible with PowerShell 5.1.
Follows the principle of least privilege by requiring admin rights only when necessary.

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.19.2.1

Fix Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)').

This script fixes the windows CIS Benchmark check 18.6.19.2.1: "Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.20.1

Fix Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.6.20.1: "Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.20.2

Fix Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.6.20.2: "Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'."

XXeroSec

7mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.21.2

This script fixes the CIS benchmark check for "Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'". It sets the required registry value and verifies the change.

This script fixes the windows CIS Benchmark check 18.6.21.2: "Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'."

The script modifies the registry to enable the setting by setting the fBlockNonDomain value to 1 under the specified path. It then verifies that the value is correctly set. If the registry key does not exist, it is created.

Notes

This script must be run with administrative privileges.
Directly modifying the registry may be overridden by Group Policy if it is managing this setting.
No reboot is typically required, but changes may not take effect until the user logs off and on or the policy is refreshed.

XXeroSec

7mo ago

Search Results

ago