Harden-Windows-Security-Module
0.5.2
Harden Windows Safely, Securely, only with Official Microsoft methods - 🦄 Intune - 🧩 Group Policy - 🛡️ Local - ☁️ Cloud (All scenarios supported 💯)
⭕ This module provides 3 main features: Hardening, Auditing/checking the system compliance, and undoing the Hardening
⭕ Please read the GitHub's readme before running this module: https://github.com/HotCakeX/Ha
Harden Windows Safely, Securely, only with Official Microsoft methods - 🦄 Intune - 🧩 Group Policy - 🛡️ Local - ☁️ Cloud (All scenarios supported 💯)
⭕ This module provides 3 main features: Hardening, Auditing/checking the system compliance, and undoing the Hardening
⭕ Please read the GitHub's readme before running this module: https://github.com/HotCakeX/Harden-Windows-Security
💜 GUI (Graphical User Interface) is Available! Run (Protect-WindowsSecurity -GUI) to use the GUI instead of the CLI experience.
💠 Features of this module:
✅ Everything always stays up-to-date with the newest proactive security measures that are industry standards and scalable.
✅ Everything is in plain text, nothing hidden, no 3rd party executable or pre-compiled binary is involved.
✅ No Windows functionality is removed/disabled against Microsoft's recommendations.
✅ The module primarily uses Group policies, the Microsoft recommended way of configuring Windows. It also uses PowerShell cmdlets where Group Policies aren't available, and finally uses a few registry keys to configure security measures that can neither be configured using Group Policies nor PowerShell cmdlets. This is why the module doesn't break anything or cause unwanted behavior.
✅ When a hardening measure is no longer necessary because it's applied by default by Microsoft on new builds of Windows, it will also be removed from the module in order to prevent any problems and because it won't be necessary anymore.
✅ The module can be run infinite number of times, it's made in a way that it won't make any duplicate changes.
✅ The module prompts for confirmation before running each hardening category.
✅ Applying these hardening measures makes your PC compliant with Microsoft Security Baselines and Secured-core PC specifications (provided that you use modern hardware that supports the latest Windows security features)
💠 Hardening Categories from top to bottom: (⬇️Detailed info about each of them at my Github⬇️)
⏹ Commands that require Administrator Privileges
✅ Microsoft Security Baselines
✅ Microsoft 365 Apps Security Baselines
✅ Microsoft Defender
✅ Attack surface reduction rules
✅ Bitlocker Settings
✅ TLS Security
✅ Lock Screen
✅ UAC (User Account Control)
✅ Windows Firewall
✅ Optional Windows Features
✅ Windows Networking
✅ Miscellaneous Configurations
✅ Windows Update Configurations
✅ Edge Browser Configurations
✅ Certificate Checking Commands
✅ Country IP Blocking
✅ Downloads Defense Measures
⏹ Commands that don't require Administrator Privileges
✅ Non-Admin Commands that only affect the current user and do not make machine-wide changes.
💎 This module has hybrid mode of operation. It can run Interactively and non-interactively (Silent/unattended mode). More info in the document: https://github.com/HotCakeX/Harden-Windows-Security/wiki/Harden%E2%80%90Windows%E2%80%90Security%E2%80%90Module
🏴 If you have any questions, requests, suggestions etc. about this module, please open a new Discussion or Issue on GitHub
🟡 The module generates a nice output on the screen as well as giving users an option to export the results in a CSV file.
Minimum PowerShell version
7.4.2
Installation Options
Owners
Copyright
(c) HotCakeX. All rights reserved.
Package Details
Author(s)
- HotCakeX
Tags
Harden-Windows-Security Harden Windows Security Compliance Validation Baseline Security-Score Benchmark Group-Policy
Functions
Confirm-SystemCompliance Protect-WindowsSecurity Unprotect-WindowsSecurity
PSEditions
Dependencies
This module has no dependencies.
Release Notes
Complete detailed release notes available on GitHub releases: https://github.com/HotCakeX/Harden-Windows-Security/releases/
FileList
- Harden-Windows-Security-Module.nuspec
- .NETAssembliesToLoad.txt
- C#\MitigationPolicyProcessor.cs
- Resources\Default Security Policy.inf
- Resources\Media\Text Arts\Above200.txt
- C#\ProcessMitigationsParser.cs
- Resources\MDMResultClasses.csv
- Resources\Security-Baselines-X\Attack Surface Reduction Rules Policies\registry.pol
- Harden-Windows-Security-Module.psd1
- C#\RegistryEditor.cs
- Resources\ProcessMitigations.csv
- Resources\Security-Baselines-X\Bitlocker Policies\registry.pol
- Harden-Windows-Security-Module.psm1
- C#\SecureStringComparer.cs
- Resources\Registry resources.csv
- Resources\Security-Baselines-X\Lock Screen Policies\GptTmpl.inf
- C#\AsyncDownloader.cs
- C#\SecuriryPolicyProcessor.cs
- Resources\Registry.csv
- Resources\Security-Baselines-X\Lock Screen Policies\registry.pol
- C#\Categoriex.cs
- C#\SecurityPolicyCsvProcessor.cs
- Resources\SecurityPoliciesVerification.csv
- Resources\Security-Baselines-X\Lock Screen Policies\Don't display last signed-in\GptTmpl.inf
- C#\CategoryProcessing.cs
- C#\SystemInfoNativeMethods.cs
- Resources\EventViewerCustomViews\Attack Surface Reduction rule events.xml
- Resources\Security-Baselines-X\Lock Screen Policies\Enable CTRL + ALT + DEL\GptTmpl.inf
- C#\ConditionalResultAdd.cs
- C#\UserPrivCheck.cs
- Resources\EventViewerCustomViews\Controlled Folder Access events.xml
- Resources\Security-Baselines-X\Microsoft Defender Policies\registry.pol
- C#\ConfirmSystemComplianceMethods.cs
- C#\WindowsFeatureChecker.cs
- Resources\EventViewerCustomViews\Exploit Protection Events.xml
- Resources\Security-Baselines-X\Microsoft Defender Policies\Optional Diagnostic Data\registry.pol
- C#\ControllerFolderAccessHandler.cs
- C#\WriteVerbose.cs
- Resources\EventViewerCustomViews\Failed Lock screen login attempts using PIN.xml
- Resources\Security-Baselines-X\Miscellaneous Policies\GptTmpl.inf
- C#\CSVImporter.cs
- C#\CimInstances\FirewallHelper.cs
- Resources\EventViewerCustomViews\LockScreen Unlocks and Locks.xml
- Resources\Security-Baselines-X\Miscellaneous Policies\registry.pol
- C#\Culture.cs
- C#\CimInstances\GetEncryptedVolumeInfo.cs
- Resources\EventViewerCustomViews\Microsoft-Windows-AppLocker And MSI and Script.xml
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\GptTmpl.inf
- C#\DynamicPropertyHelper.cs
- C#\CimInstances\MDM.cs
- Resources\EventViewerCustomViews\Microsoft-Windows-CodeIntegrity Operational.xml
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\registry.pol
- C#\EccCurveComparer.cs
- C#\CimInstances\MpComputerStatusHelper.cs
- Resources\EventViewerCustomViews\Network Protection Events.xml
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\Bitlocker DMA\Bitlocker DMA Countermeasure OFF\Registry.pol
- C#\ExportSecurityPolicy.cs
- C#\CimInstances\MpPreferenceHelper.cs
- Resources\EventViewerCustomViews\Restarts.xml
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\Bitlocker DMA\Bitlocker DMA Countermeasure ON\Registry.pol
- C#\GetLocalUser.cs
- C#\CimInstances\NetConnectionProfiles.cs
- Resources\EventViewerCustomViews\Sudden Shut down events.xml
- Resources\Security-Baselines-X\TLS Security\registry.pol
- C#\GetMDMResultValue.cs
- C#\CimInstances\TaskSchedulerHelper.cs
- Resources\EventViewerCustomViews\USB storage Connects & Disconnects.xml
- Resources\Security-Baselines-X\User Account Control UAC Policies\GptTmpl.inf
- C#\GitExesFinder.cs
- C#\Types\CustomExceptions.cs
- Resources\Media\Log.png
- Resources\Security-Baselines-X\User Account Control UAC Policies\Hides the entry points for Fast User Switching\registry.pol
- C#\GitHubDesktopFinder.cs
- C#\Types\DefenderPlatformUpdatesChannels.cs
- Resources\Media\Path.png
- Resources\Security-Baselines-X\User Account Control UAC Policies\Only elevate executables that are signed and validated\GptTmpl.inf
- C#\GlobalVars.cs
- C#\Types\IndividualResultClass.cs
- Resources\Media\ProgramIcon.ico
- Resources\Security-Baselines-X\Windows Firewall Policies\registry.pol
- C#\GUIWritter.cs
- C#\Types\MDMResult.cs
- Resources\Media\start.png
- Resources\Security-Baselines-X\Windows Networking Policies\GptTmpl.inf
- C#\HashtableChecker.cs
- C#\Windows APIs\FirmwareType.cs
- Resources\Media\ToastNotificationIcon.png
- Resources\Security-Baselines-X\Windows Networking Policies\registry.pol
- C#\IniFileConverter.cs
- C#\Windows APIs\TPM.cs
- Resources\Media\Text Arts\121To160.txt
- Resources\Security-Baselines-X\Windows Update Policies\registry.pol
- C#\Initializer.cs
- Core\Confirm-SystemCompliance.psm1
- Resources\Media\Text Arts\161To200.txt
- Shared\HardeningFunctions.ps1
- C#\JsonToHashtable.cs
- Core\Protect-WindowsSecurity.psm1
- Resources\Media\Text Arts\1To40.txt
- Shared\Update-self.psm1
- C#\MDMClassProcessor.cs
- Core\Unprotect-WindowsSecurity.psm1
- Resources\Media\Text Arts\41To80.txt
- XAML\Main.xml
- C#\Miscellaneous.cs
- Resources\Dangerous-Script-Hosts-Blocking.xml
- Resources\Media\Text Arts\81To120.txt
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 0.6.9 | 4,446 | 11/4/2024 |
| 0.6.8 | 2,947 | 10/29/2024 |
| 0.6.7 | 5,286 | 10/16/2024 |
| 0.6.6 | 2,666 | 10/9/2024 |
| 0.6.5 | 1,689 | 10/5/2024 |
| 0.6.4 | 567 | 10/4/2024 |
| 0.6.3 | 5,526 | 9/18/2024 |
| 0.6.2 | 377 | 9/18/2024 |
| 0.6.1 | 3,192 | 9/7/2024 |
| 0.6.0 | 764 | 9/4/2024 |
| 0.5.9 | 1,176 | 9/1/2024 |
| 0.5.8 | 1,119 | 8/28/2024 |
| 0.5.7 | 717 | 8/26/2024 |
| 0.5.6 | 414 | 8/25/2024 |
| 0.5.5 | 68 | 8/25/2024 |
| 0.5.4 | 5,047 | 8/10/2024 |
| 0.5.3 | 1,905 | 8/2/2024 |
| 0.5.2 (current version) | 1,266 | 7/29/2024 |
| 0.5.1 | 351 | 7/28/2024 |
| 0.5.0 | 886 | 7/21/2024 |
| 0.4.9 | 831 | 7/15/2024 |
| 0.4.8 | 429 | 7/14/2024 |
| 0.4.7 | 1,396 | 7/12/2024 |
| 0.4.6 | 1,263 | 7/7/2024 |
| 0.4.5 | 2,245 | 6/14/2024 |
| 0.4.4 | 519 | 6/10/2024 |
| 0.4.3 | 1,026 | 5/25/2024 |
| 0.4.2 | 619 | 5/16/2024 |
| 0.4.1 | 447 | 5/11/2024 |
| 0.4.0 | 672 | 5/4/2024 |
| 0.3.9 | 1,141 | 4/24/2024 |
| 0.3.8 | 779 | 4/14/2024 |
| 0.3.7 | 318 | 4/9/2024 |
| 0.3.6 | 272 | 4/3/2024 |
| 0.3.5 | 629 | 3/22/2024 |
| 0.3.4 | 1,096 | 3/7/2024 |
| 0.3.3 | 320 | 3/4/2024 |
| 0.3.2 | 809 | 2/24/2024 |
| 0.3.1 | 1,963 | 1/25/2024 |
| 0.3.0 | 653 | 1/15/2024 |
| 0.3.0-Beta3 | 8 | 1/15/2024 |
| 0.2.9 | 414 | 1/9/2024 |
| 0.2.8 | 68 | 1/9/2024 |
| 0.2.8-Beta2 | 10 | 1/8/2024 |
| 0.2.8-Beta1 | 9 | 1/8/2024 |
| 0.2.7 | 1,225 | 12/15/2023 |
| 0.2.6 | 349 | 11/23/2023 |
| 0.2.5 | 119 | 11/18/2023 |
| 0.2.4 | 132 | 11/8/2023 |
| 0.2.3 | 32 | 11/6/2023 |
| 0.2.2 | 54 | 11/3/2023 |
| 0.2.1 | 17 | 11/3/2023 |
| 0.2.0 | 190 | 10/19/2023 |
| 0.1.9 | 55 | 10/17/2023 |
| 0.1.8 | 55 | 10/12/2023 |
| 0.1.7 | 121 | 10/4/2023 |
| 0.1.6.1 | 107 | 9/26/2023 |
| 0.1.6 | 9 | 9/26/2023 |
| 0.1.5 | 37 | 9/24/2023 |
| 0.1.4 | 189 | 9/12/2023 |
| 0.1.3 | 43 | 9/7/2023 |
| 0.1.2 | 246 | 8/24/2023 |
| 0.1.1 | 54 | 8/21/2023 |
| 0.1.0 | 70 | 8/18/2023 |
| 0.0.9 | 33 | 8/17/2023 |
| 0.0.8 | 74 | 8/11/2023 |
| 0.0.7 | 54 | 8/9/2023 |
| 0.0.6 | 28 | 8/9/2023 |
| 0.0.5 | 13 | 8/9/2023 |
| 0.0.4 | 18 | 8/9/2023 |
| 0.0.3 | 80 | 8/5/2023 |
| 0.0.2 | 51 | 8/2/2023 |
| 0.0.1 | 81 | 7/29/2023 |