BCWHSendpoint.psm1
|
<#PSScriptInfo .VERSION 1.5 .GUID 0ddae3a4-4729-4df4-b929-216b29633b67 .AUTHOR WadeBach22 .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .DESCRIPTION Black Cat White Hit Security Presents Microsoft Windows Endpoint Security Module. Please view our website for more detailed information. #> Param() function Set-BCWHSmod1On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext" -Name 'VersionCheckEnabled' -Value 1; Write-Output "Block outdated ActiveX controls for Internet Explorer is set."; } function Set-BCWHSmod1Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext" -Name 'VersionCheckEnabled' -Value 0; Write-Output "Block outdated ActiveX controls for Internet Explorer is reverted."; } function Set-BCWHSmod2On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutoplayfornonVolume' -Value 1; New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows" -Name 'Explorer' -Force; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name 'NoAutoplayfornonVolume' -Value 1; Write-Output "Disable Autoplay for non-volume devices is set."; } function Set-BCWHSmod2Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutoplayfornonVolume' -Value 0; Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name 'NoAutoplayfornonVolume' -Value 0; Write-Output "Disable Autoplay for non-volume devices is reverted."; } function Set-BCWHSmod3On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoDriveTypeAutoRun' -Value 255; Write-Output "Disable Autoplay for all drives is set."; } function Set-BCWHSmod3Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoDriveTypeAutoRun' -Value 0; Write-Output "Disable Autoplay for all drives is reverted."; } function Set-BCWHSmod4On { New-Item -Path "HKLM:\Software\Policies" -Name 'Google' -Force; New-Item -Path "HKLM:\Software\Policies\Google" -Name 'Chrome' -Force; New-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BackgroundModeEnabled' -Value 0; Write-Output "Disable Continue running background apps when Google Chrome is closed is set."; } function Set-BCWHSmod4Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BackgroundModeEnabled' -Value 1; Write-Output "Disable Continue running background apps when Google Chrome is closed is reverted."; } function Set-BCWHSmod5On { New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies" -Name 'CredUI' -Force; New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" -Name 'EnumerateAdministrators' -Value 0; Write-Output "Disable Enumerate administrator accounts on elevation is set."; } function Set-BCWHSmod5Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" -Name 'EnumerateAdministrators' -Value 1; Write-Output "Disable Enumerate administrator accounts on elevation is reverted."; } function Set-BCWHSmod6On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name 'RestrictAnonymous' -Value 1; Write-Output "Disable Enumerate administrator accounts on elevation is set."; } function Set-BCWHSmod6Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name 'RestrictAnonymous' -Value 0; Write-Output "Disable Enumerate administrator accounts on elevation is reverted."; } function Set-BCWHSmod7On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\" -Name 'DisableIPSourceRouting' -Value 2; Write-Output "Disable IP Source routing is set."; } function Set-BCWHSmod7Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\" -Name 'DisableIPSourceRouting' -Value 0; Write-Output "Disable IP Source routing is reverted."; } function Set-BCWHSmod8On { New-Item -Path "HKLM:\SOFTWARE\Policies\Adobe\" -Name 'Acrobat Reader' -Force; New-Item -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader" -Name 'DC' -Force; New-Item -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC" -Name 'FeatureLockDown' -Force; New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bDisableJavaScript' -Value 1; New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bEnableFlash' -Value 1; Write-Output "Disable JavaScript/Flash on Adobe Reader DC is set."; } function Set-BCWHSmod8Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bDisableJavaScript' -Value 0; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bEnableFlash' -Value 0; Write-Output "Disable JavaScript/Flash on Adobe Reader DC is reverted."; } function Set-BCWHSmod9On { New-Item -Path "HKLM:\Software\Policies\Microsoft" -Name 'WindowsFirewall' -Force; New-Item -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall" -Name 'DomainProfile' -Force; New-Item -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall" -Name 'PrivateProfile' -Force; New-Item -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall" -Name 'PublicProfile' -Force; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile" -Name 'DisableNotifications' -Value 1; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile" -Name 'DisableNotifications' -Value 1; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile" -Name 'DisableNotifications' -Value 1; Write-Output "Disable Microsoft Defender Firewall notifications when programs are blocked for Domain/Public/Private profile is set."; } function Set-BCWHSmod9Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile" -Name 'DisableNotifications' -Value 0; Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile" -Name 'DisableNotifications' -Value 0; Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile" -Name 'DisableNotifications' -Value 0; Write-Output "Disable Microsoft Defender Firewall notifications when programs are blocked for Domain/Public/Private profile is reverted."; } function Set-BCWHSmod10On { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\" -Name 'Internet Explorer' -Force; New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer" -Name 'Download' -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Download\" -Name 'RunInvalidSignatures' -Value 0; Write-Output "Disable running or installing downloaded software with invalid signature is set."; } function Set-BCWHSmod10Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Download\" -Name 'RunInvalidSignatures' -Value 1; Write-Output "Disable running or installing downloaded software with invalid signature is reverted."; } function Set-BCWHSmod11On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name 'LocalAccountTokenFilterPolicy' -Value 0; Write-Output "Enable Apply UAC restrictions to local accounts on network logons is set."; } function Set-BCWHSmod11Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name 'LocalAccountTokenFilterPolicy' -Value 1; Write-Output "Enable Apply UAC restrictions to local accounts on network logons is reverted."; } function Set-BCWHSmod12On { New-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BlockThirdPartyCookies' -Value 1; Write-Output "Enable Block third party cookies is set."; } function Set-BCWHSmod12Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BlockThirdPartyCookies' -Value 0; Write-Output "Enable Block third party cookies is reverted."; } function Set-BCWHSmod13On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name 'RequireSecuritySignature' -Value 1; Write-Output "Enable Microsoft network client: Digitally sign communications (always) is set."; } function Set-BCWHSmod13Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name 'RequireSecuritySignature' -Value 0; Write-Output "Enable Microsoft network client: Digitally sign communications (always) is reverted."; } function Set-BCWHSmod14On { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name 'Scan' -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableEmailScanning' -Value 0 -ErrorAction: SilentlyContinue; Write-Output "Enable Microsoft Defender Antivirus Email Scanning is set. (if available)"; } function Set-BCWHSmod14Off { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name 'Scan' -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableEmailScanning' -Value 1 -ErrorAction: SilentlyContinue; Write-Output "Enable Microsoft Defender Antivirus Email Scanning is reverted. (if available)"; } function Set-BCWHSmod15On { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name 'Scan' -Force; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableRemovableDriveScanning' -Value 0; Write-Output "Enable scanning of removable drives during a full scan is set."; } function Set-BCWHSmod15Off { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name 'Scan' -Force; Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableRemovableDriveScanning' -Value 1; Write-Output "Enable scanning of removable drives during a full scan is reverted."; } function Set-BCWHSmod16On { Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\cloud\office\16.0\common\officeupdate" -Name 'enableautomaticupdates' -Value 1 -ErrorAction: SilentlyContinue; New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft" -Name 'Office' -Force; New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft\Office" -Name '16.0' -Force; New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0" -Name 'Common' -Force; New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common" -Name 'Officeupdate' -Force; New-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'hideenabledisableupdates' -Value 1; New-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'enableautomaticupdates' -Value 1; Write-Output "Hide Option & Enable Automatic Updates is set."; } function Set-BCWHSmod16Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\cloud\office\16.0\common\officeupdate" -Name 'enableautomaticupdates' -Value 0 -ErrorAction: SilentlyContinue; Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'hideenabledisableupdates' -Value 0; Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'enableautomaticupdates' -Value 0; Write-Output "Hide Option & Enable Automatic Updates is reverted."; } function Set-BCWHSmod17On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Network Connections" -Name 'NC_ShowSharedAccessUI' -Value 0; Write-Output "Prohibit use of Internet Connection Sharing on your DNS domain network is set."; } function Set-BCWHSmod17Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Network Connections" -Name 'NC_ShowSharedAccessUI' -Value 1; Write-Output "Prohibit use of Internet Connection Sharing on your DNS domain network is reverted."; } function Set-BCWHSmod18On { net accounts /lockoutduration:15; Write-Output "Set Account lockout duration to 15 minutes or more is set."; } function Set-BCWHSmod18Off { Write-Output "Set Account lockout duration to 15 minutes or more is unchanged."; } function Set-BCWHSmod19On { net accounts /lockoutthreshold:10; Write-Output "Set Account lockout threshold to 1-10 invalid login attempts is set."; } function Set-BCWHSmod19Off { Write-Output "Set Account lockout threshold to 1-10 invalid login attempts is unchanged."; } function Set-BCWHSmod20On { net accounts /uniquepw:24; Write-Output "Set Enforce Password History to 24 or more password(s) is set."; } function Set-BCWHSmod20Off { Write-Output "Set Enforce Password History to 24 or more password(s) is unchaanged."; } function Set-BCWHSmod21On { New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" -Name 'InactivityTimeoutSecs' -PropertyType DWORD -Value 0x00000384 -Force; Write-Output "Set Interactive logon: Machine inactivity limit to 1-900 seconds is set."; } function Set-BCWHSmod21Off { Write-Output "Set Interactive logon: Machine inactivity limit to 1-900 seconds is unchanged."; } function Set-BCWHSmod22On { net accounts /minpwage:1; Write-Output "set Minimum Password Age to 1 or more day(s) is set."; } function Set-BCWHSmod22Off { Write-Output "set Minimum Password Age to 1 or more day(s) is unchanged."; } function Set-BCWHSmod23On { net accounts /lockoutwindow:15; Write-Output "Set Reset account lockout counter after to 15 minutes or more is set."; } function Set-BCWHSmod23Off { Write-Output "Set Reset account lockout counter after to 15 minutes or more is unchanged."; } function Set-BCWHSmod24On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutorun' -Value 1; Write-Output "Set default behavior for AutoRun to Enabled: Do not execute any autorun commands is set."; } function Set-BCWHSmod24Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutorun' -Value 0; Write-Output "Set default behavior for AutoRun to Enabled: Do not execute any autorun commands is reverted."; } function Set-BCWHSmod25On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name 'DisableIPSourceRouting' -Value 2; Write-Output "Set IPV6 source routing to highest protection is set."; } function Set-BCWHSmod25Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name 'DisableIPSourceRouting' -Value 0; Write-Output "Set IPV6 source routing to highest protection is reverted."; } function Set-BCWHSmod26On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\" -Name 'LmCompatibilityLevel' -Value 5; Write-Output "Set LAN Manager authentication level to Send NTLMv2 response only. Refuse LM & NTLM is set."; } function Set-BCWHSmod26Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\" -Name 'LmCompatibilityLevel' -Value 3; Write-Output "Set LAN Manager authentication level to Send NTLMv2 response only. Refuse LM & NTLM is reverted."; } function Set-BCWHSmod27On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" -Name 'ConsentPromptBehaviorUser' -Value 0; Write-Output "Set User Account Control (UAC) to automatically deny elevation requests is set."; } function Set-BCWHSmod27Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" -Name 'ConsentPromptBehaviorUser' -Value 3; Write-Output "Set User Account Control (UAC) to automatically deny elevation requests is reverted."; } function Set-BCWHSmod28On { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\" -Name 'Edge' -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name "PasswordManagerEnabled" -Value 0; Write-Output "Disable Password Manager is set."; } function Set-BCWHSmod28Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name "PasswordManagerEnabled" -Value 1; Write-Output "Disable Password Manager is reverted."; } function Set-BCWHSmod29On { try { Set-NetworkLevelAuthentication -EnableNLA $true; Write-Output "Set user authentication for remote connections by using Network Level Authentication to Enabled is set."; } catch { Write-Output "Service does not exist"; } } function Set-BCWHSmod29Off { try { Set-NetworkLevelAuthentication -EnableNLA $false; Write-Output "Set user authentication for remote connections by using Network Level Authentication to Enabled is reverted."; } catch { Write-Output "Service does not exist."; } } function Set-BCWHSmod30On { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_AllowNetBridge_NLA" -Value 0; Write-Output "Disable Installation and configuration of Network Bridge on your DNS domain network is set."; } function Set-BCWHSmod30Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_AllowNetBridge_NLA" -Value 1; Write-Output "Disable Installation and configuration of Network Bridge on your DNS domain network is reverted."; } function Set-BCWHSmod31On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "DisableDomainCreds" -Value 1; Write-Output "Disable the local storage of passwords and credentials is set."; } function Set-BCWHSmod31Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "DisableDomainCreds" -Value 0; Write-Output "Disable the local storage of passwords and credentials is reverted."; } function Set-BCWHSmod32On { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_StdDomainUserSetLocation" -Value 1; Write-Output "Enable Require domain users to elevate when setting a networks location is set."; } function Set-BCWHSmod32Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_StdDomainUserSetLocation" -Value 0; Write-Output "Enable Require domain users to elevate when setting a networks location is reverted."; } function Set-BCWHSmod33On { Update-MpSignature; Write-Output "Update-MpSignature has been updated."; } function Set-BCWHSmod33Off { Write-Output "Update-MpSignature cannot be reverted."; } function Set-BCWHSmod34On { Set-NetFirewallProfile -Profile Domain -Enabled True; Write-Output "Secure Microsoft Defender Firewall domain profile is set."; } function Set-BCWHSmod34Off { Set-NetFirewallProfile -Profile Domain -Enabled False; Write-Output "Secure Microsoft Defender Firewall domain profile is reverted."; } function Set-BCWHSmod35On { Set-NetFirewallProfile -Profile Public -Enabled True; Write-Output "Secure Microsoft Defender Firewall public profile is set."; } function Set-BCWHSmod35Off { Set-NetFirewallProfile -Profile Public -Enabled False; Write-Output "Secure Microsoft Defender Firewall public profile is reverted."; } function Set-BCWHSmod36On { Set-NetFirewallProfile -Profile Private -Enabled True; Write-Output "Secure Microsoft Defender firewall private profile is set."; } function Set-BCWHSmod36Off { Set-NetFirewallProfile -Profile Private -Enabled False; Write-Output "Secure Microsoft Defender firewall private profile is reverted."; } function Set-BCWHSmod37On { Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Session Manager\" -Name "SafeDllSearchMode" -Value 1; Write-Output "Enable Safe DLL Search Mode is set."; } function Set-BCWHSmod37Off { Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Session Manager\" -Name "SafeDllSearchMode" -Value 0; Write-Output "Enable Safe DLL Search Mode is reverted."; } function Set-BCWHSmod38On { Set-MpPreference -EnableNetworkProtection Enabled; Write-Output "Enable Network Protection is set."; } function Set-BCWHSmod38Off { Set-MpPreference -EnableNetworkProtection Disabled; Write-Output "Enable Network Protection is reverted."; } function Set-BCWHSmod39On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\" -Name "AllowInsecureGuestLogons" -Value 0; Write-Output "Disable Insecure guest logons in SMB is set."; } function Set-BCWHSmod39Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\" -Name "AllowInsecureGuestLogons" -Value 1; Write-Output "Disable Insecure guest logons in SMB is reverted."; } function Set-BCWHSmod40On { Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart; Write-Output "Disable SMBv1 client driver is set."; } function Set-BCWHSmod40Off { Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart; Write-Output "Disable SMBv1 client driver is reverted."; } function Set-BCWHSmod41On { try { Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force; Write-Output "Disable SMBv1 server is set."; } catch { Write-Output "Service does not exist."; } } function Set-BCWHSmod41Off { Write-Output "Disable SMBv1 server is not reverted."; } function Set-BCWHSmod42On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SealSecureChannel" -Value 1; Write-Output "Disable Insecure guest logons in SMB is set."; } function Set-BCWHSmod42Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SealSecureChannel" -Value 0; Write-Output "Disable Insecure guest logons in SMB is reverted."; } function Set-BCWHSmod43On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\" -Name "UseLogonCredential" -Value 0; Write-Output "Disable WDigest Authentication is set."; } function Set-BCWHSmod43Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\" -Name "UseLogonCredential" -Value 1; Write-Output "Disable WDigest Authentication is reverted."; } function Set-BCWHSmod44On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SignSecureChannel" -Value 1; Write-Output "Enable Domain member: Digitally sign secure channel data (when possible) is set."; } function Set-BCWHSmod44Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SignSecureChannel" -Value 0; Write-Output "Enable Domain member: Digitally sign secure channel data (when possible) is reverted."; } function Set-BCWHSmod45On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "RequireSignOrSeal" -Value 1; Write-Output "Enable Domain member: Digitally encrypt or sign secure channel data (always) is set."; } function Set-BCWHSmod45Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "RequireSignOrSeal" -Value 0; Write-Output "Enable Domain member: Digitally encrypt or sign secure channel data (always) is reverted."; } function Set-BCWHSallOn { Set-BCWHSmod1On; Set-BCWHSmod2On; Set-BCWHSmod3On; Set-BCWHSmod4On; Set-BCWHSmod5On; Set-BCWHSmod6On; Set-BCWHSmod7On; Set-BCWHSmod8On; Set-BCWHSmod9On; Set-BCWHSmod10On; Set-BCWHSmod11On; Set-BCWHSmod12On; Set-BCWHSmod13On; Set-BCWHSmod14On; Set-BCWHSmod15On; Set-BCWHSmod16On; Set-BCWHSmod17On; Set-BCWHSmod18On; Set-BCWHSmod19On; Set-BCWHSmod20On; Set-BCWHSmod21On; Set-BCWHSmod22On; Set-BCWHSmod23On; Set-BCWHSmod24On; Set-BCWHSmod25On; Set-BCWHSmod26On; Set-BCWHSmod27On; Set-BCWHSmod28On; Set-BCWHSmod29On; Set-BCWHSmod30On; Set-BCWHSmod31On; Set-BCWHSmod32On; Set-BCWHSmod33On; Set-BCWHSmod34On; Set-BCWHSmod35On; Set-BCWHSmod36On; Set-BCWHSmod37On; Set-BCWHSmod38On; Set-BCWHSmod39On; Set-BCWHSmod40On; Set-BCWHSmod41On; Set-BCWHSmod42On; Set-BCWHSmod43On; Set-BCWHSmod44On; Set-BCWHSmod45On; Write-Output "Thank you for using BCWHSendpoint Module. Please run Invoke-BCWHSInfo to view more information."; } function Set-BCWHSallOff { Set-BCWHSmod1Off; Set-BCWHSmod2Off; Set-BCWHSmod3Off; Set-BCWHSmod4Off; Set-BCWHSmod5Off; Set-BCWHSmod6Off; Set-BCWHSmod7Off; Set-BCWHSmod8Off; Set-BCWHSmod9Off; Set-BCWHSmod10Off; Set-BCWHSmod11Off; Set-BCWHSmod12Off; Set-BCWHSmod13Off; Set-BCWHSmod14Off; Set-BCWHSmod15Off; Set-BCWHSmod16Off; Set-BCWHSmod17Off; Set-BCWHSmod18Off; Set-BCWHSmod19Off; Set-BCWHSmod20Off; Set-BCWHSmod21Off; Set-BCWHSmod22Off; Set-BCWHSmod23Off; Set-BCWHSmod24Off; Set-BCWHSmod25Off; Set-BCWHSmod26Off; Set-BCWHSmod27Off; Set-BCWHSmod28Off; Set-BCWHSmod29Off; Set-BCWHSmod30Off; Set-BCWHSmod31Off; Set-BCWHSmod32Off; Set-BCWHSmod33Off; Set-BCWHSmod34Off; Set-BCWHSmod35Off; Set-BCWHSmod36Off; Set-BCWHSmod37Off; Set-BCWHSmod38Off; Set-BCWHSmod39Off; Set-BCWHSmod40Off; Set-BCWHSmod41Off; Set-BCWHSmod42Off; Set-BCWHSmod43Off; Set-BCWHSmod44Off; Set-BCWHSmod45Off; Write-Output "Thank you for using BCWHSendpoint Module. Please run Invoke-BCWHSInfo to view more information."; } function Invoke-BCWHSInfo { Start-Process "msedge.exe" "https://blackcatwhitehatsecurity.com/endpoint.cfm#powershell" Write-Output "Project Information website has been launched."; } |