Script Share

cis_win11_enterprise 18.10.9.3.2

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.3.2: "Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'."

cis_win11_enterprise 18.10.9.3.3

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.3.3: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'."

cis_win11_enterprise 18.10.9.3.4

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'.

This script fixes the windows CIS Benchmark check 18.10.9.3.4: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'."

cis_win11_enterprise 18.10.9.3.5

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'.

This script fixes the windows CIS Benchmark check 18.10.9.3.5: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'."

cis_win11_enterprise 18.10.9.3.6

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.3.6: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'."

cis_win11_enterprise 18.10.9.3.8

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages'.

This script fixes the windows CIS Benchmark check 18.10.9.3.8: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages'."

cis_win11_enterprise 18.10.9.3.9

This script fixes the CIS benchmark check by setting the BitLocker registry key to the required state.

This script fixes the windows CIS Benchmark check 18.10.9.3.9: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'."

The script ensures that the registry value 'RDVRequireActiveDirectoryBackup' is set to 0 under the path 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE'. It includes error handling, verification, and checks for administrative privileges.

cis_win11_enterprise 18.10.9.3.10

This script fixes the CIS benchmark check for 'Configure use of hardware-based encryption for removable data drives' by setting it to Disabled and verifies the result.

This script fixes the windows CIS Benchmark check 18.10.9.3.10: "Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled'."

The script modifies the Windows registry to set the RDVHardwareEncryption value to 0 under the specified path. It then checks if the setting is correctly applied and reports the compliance status.

cis_win11_enterprise 18.10.9.3.11

Fix Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.10.9.3.11: "Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'."

cis_win11_enterprise 18.10.9.3.12

Fix Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.3.12: "Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'."

XeroSec

Member

389scripts

4comments

Programming Languages

PowerShell10 (2.6%)

Operating Systems

Windows10 (100.0%)

Statistics

Script Score

Comment Score

Total Score

Avg. Score/Script

Latest Scripts

cis_win11_enterprise 18.10.9.3.2

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.3.2: "Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'."

cis_win11_enterprise 18.10.9.3.3

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'.

This script fixes the windows CIS Benchmark check 18.10.9.3.3: "Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'."

cis_win11_enterprise 18.10.9.3.4

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'.

cis_win11_enterprise 18.10.9.3.5

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'.

cis_win11_enterprise 18.10.9.3.6

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'.

cis_win11_enterprise 18.10.9.3.8

Fix Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages'.

cis_win11_enterprise 18.10.9.3.9

This script fixes the CIS benchmark check by setting the BitLocker registry key to the required state.

cis_win11_enterprise 18.10.9.3.10

This script fixes the CIS benchmark check for 'Configure use of hardware-based encryption for removable data drives' by setting it to Disabled and verifies the result.

This script fixes the windows CIS Benchmark check 18.10.9.3.10: "Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled'."

The script modifies the Windows registry to set the RDVHardwareEncryption value to 0 under the specified path. It then checks if the setting is correctly applied and reports the compliance status.

cis_win11_enterprise 18.10.9.3.11

Fix Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.10.9.3.11: "Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'."

cis_win11_enterprise 18.10.9.3.12

Fix Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.9.3.12: "Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'."