wbMSPSecurity.psm1
|
<#PSScriptInfo .VERSION 1.0 .GUID 33437465-d022-4610-8b86-121ca5e1e4fa .AUTHOR WadeBach22 .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .DESCRIPTION WadeBach Presents Microsoft Windows Endpoint Security Module. Please view our website for more detailed information. #> Param() function Set-wbMSPsec1On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext" -Name 'VersionCheckEnabled' -Value 1; Write-Output "Block outdated ActiveX controls for Internet Explorer is set."; } function Set-wbMSPsec1Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext" -Name 'VersionCheckEnabled' -Value 0; Write-Output "Block outdated ActiveX controls for Internet Explorer is reverted."; } function Set-wbMSPsec2On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutoplayfornonVolume' -Value 1; New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows" -Name 'Explorer' -Force; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name 'NoAutoplayfornonVolume' -Value 1; Write-Output "Disable Autoplay for non-volume devices is set."; } function Set-wbMSPsec2Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutoplayfornonVolume' -Value 0; Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name 'NoAutoplayfornonVolume' -Value 0; Write-Output "Disable Autoplay for non-volume devices is reverted."; } function Set-wbMSPsec3On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoDriveTypeAutoRun' -Value 255; Write-Output "Disable Autoplay for all drives is set."; } function Set-wbMSPsec3Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoDriveTypeAutoRun' -Value 0; Write-Output "Disable Autoplay for all drives is reverted."; } function Set-wbMSPsec4On { New-Item -Path "HKLM:\Software\Policies" -Name 'Google' -Force; New-Item -Path "HKLM:\Software\Policies\Google" -Name 'Chrome' -Force; New-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BackgroundModeEnabled' -Value 0; Write-Output "Disable Continue running background apps when Google Chrome is closed is set."; } function Set-wbMSPsec4Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BackgroundModeEnabled' -Value 1; Write-Output "Disable Continue running background apps when Google Chrome is closed is reverted."; } function Set-wbMSPsec5On { New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies" -Name 'CredUI' -Force; New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" -Name 'EnumerateAdministrators' -Value 0; Write-Output "Disable Enumerate administrator accounts on elevation is set."; } function Set-wbMSPsec5Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" -Name 'EnumerateAdministrators' -Value 1; Write-Output "Disable Enumerate administrator accounts on elevation is reverted."; } function Set-wbMSPsec6On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name 'RestrictAnonymous' -Value 1; Write-Output "Disable Enumerate administrator accounts on elevation is set."; } function Set-wbMSPsec6Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name 'RestrictAnonymous' -Value 0; Write-Output "Disable Enumerate administrator accounts on elevation is reverted."; } function Set-wbMSPsec7On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\" -Name 'DisableIPSourceRouting' -Value 2; Write-Output "Disable IP Source routing is set."; } function Set-wbMSPsec7Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\" -Name 'DisableIPSourceRouting' -Value 0; Write-Output "Disable IP Source routing is reverted."; } function Set-wbMSPsec8On { New-Item -Path "HKLM:\SOFTWARE\Policies\Adobe\" -Name 'Acrobat Reader' -Force; New-Item -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader" -Name 'DC' -Force; New-Item -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC" -Name 'FeatureLockDown' -Force; New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bDisableJavaScript' -Value 1; New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bEnableFlash' -Value 1; Write-Output "Disable JavaScript/Flash on Adobe Reader DC is set."; } function Set-wbMSPsec8Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bDisableJavaScript' -Value 0; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bEnableFlash' -Value 0; Write-Output "Disable JavaScript/Flash on Adobe Reader DC is reverted."; } function Set-wbMSPsec9On { New-Item -Path "HKLM:\Software\Policies\Microsoft" -Name 'WindowsFirewall' -Force; New-Item -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall" -Name 'DomainProfile' -Force; New-Item -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall" -Name 'PrivateProfile' -Force; New-Item -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall" -Name 'PublicProfile' -Force; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile" -Name 'DisableNotifications' -Value 1; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile" -Name 'DisableNotifications' -Value 1; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile" -Name 'DisableNotifications' -Value 1; Write-Output "Disable Microsoft Defender Firewall notifications when programs are blocked for Domain/Public/Private profile is set."; } function Set-wbMSPsec9Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile" -Name 'DisableNotifications' -Value 0; Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile" -Name 'DisableNotifications' -Value 0; Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile" -Name 'DisableNotifications' -Value 0; Write-Output "Disable Microsoft Defender Firewall notifications when programs are blocked for Domain/Public/Private profile is reverted."; } function Set-wbMSPsec10On { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\" -Name 'Internet Explorer' -Force; New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer" -Name 'Download' -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Download\" -Name 'RunInvalidSignatures' -Value 0; Write-Output "Disable running or installing downloaded software with invalid signature is set."; } function Set-wbMSPsec10Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Download\" -Name 'RunInvalidSignatures' -Value 1; Write-Output "Disable running or installing downloaded software with invalid signature is reverted."; } function Set-wbMSPsec11On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name 'LocalAccountTokenFilterPolicy' -Value 0; Write-Output "Enable Apply UAC restrictions to local accounts on network logons is set."; } function Set-wbMSPsec11Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name 'LocalAccountTokenFilterPolicy' -Value 1; Write-Output "Enable Apply UAC restrictions to local accounts on network logons is reverted."; } function Set-wbMSPsec12On { New-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BlockThirdPartyCookies' -Value 1; Write-Output "Enable Block third party cookies is set."; } function Set-wbMSPsec12Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BlockThirdPartyCookies' -Value 0; Write-Output "Enable Block third party cookies is reverted."; } function Set-wbMSPsec13On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name 'RequireSecuritySignature' -Value 1; Write-Output "Enable Microsoft network client: Digitally sign communications (always) is set."; } function Set-wbMSPsec13Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name 'RequireSecuritySignature' -Value 0; Write-Output "Enable Microsoft network client: Digitally sign communications (always) is reverted."; } function Set-wbMSPsec14On { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name 'Scan' -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableEmailScanning' -Value 0 -ErrorAction: SilentlyContinue; Write-Output "Enable Microsoft Defender Antivirus Email Scanning is set. (if available)"; } function Set-wbMSPsec14Off { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name 'Scan' -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableEmailScanning' -Value 1 -ErrorAction: SilentlyContinue; Write-Output "Enable Microsoft Defender Antivirus Email Scanning is reverted. (if available)"; } function Set-wbMSPsec15On { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name 'Scan' -Force; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableRemovableDriveScanning' -Value 0; Write-Output "Enable scanning of removable drives during a full scan is set."; } function Set-wbMSPsec15Off { New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name 'Scan' -Force; Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableRemovableDriveScanning' -Value 1; Write-Output "Enable scanning of removable drives during a full scan is reverted."; } function Set-wbMSPsec16On { Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\cloud\office\16.0\common\officeupdate" -Name 'enableautomaticupdates' -Value 1 -ErrorAction: SilentlyContinue; New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft" -Name 'Office' -Force; New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft\Office" -Name '16.0' -Force; New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0" -Name 'Common' -Force; New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common" -Name 'Officeupdate' -Force; New-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'hideenabledisableupdates' -Value 1; New-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'enableautomaticupdates' -Value 1; Write-Output "Hide Option & Enable Automatic Updates is set."; } function Set-wbMSPsec16Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\cloud\office\16.0\common\officeupdate" -Name 'enableautomaticupdates' -Value 0 -ErrorAction: SilentlyContinue; Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'hideenabledisableupdates' -Value 0; Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'enableautomaticupdates' -Value 0; Write-Output "Hide Option & Enable Automatic Updates is reverted."; } function Set-wbMSPsec17On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Network Connections" -Name 'NC_ShowSharedAccessUI' -Value 0; Write-Output "Prohibit use of Internet Connection Sharing on your DNS domain network is set."; } function Set-wbMSPsec17Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Network Connections" -Name 'NC_ShowSharedAccessUI' -Value 1; Write-Output "Prohibit use of Internet Connection Sharing on your DNS domain network is reverted."; } function Set-wbMSPsec18On { net accounts /lockoutduration:15; Write-Output "Set Account lockout duration to 15 minutes or more is set."; } function Set-wbMSPsec18Off { Write-Output "Set Account lockout duration to 15 minutes or more is unchanged."; } function Set-wbMSPsec19On { net accounts /lockoutthreshold:10; Write-Output "Set Account lockout threshold to 1-10 invalid login attempts is set."; } function Set-wbMSPsec19Off { Write-Output "Set Account lockout threshold to 1-10 invalid login attempts is unchanged."; } function Set-wbMSPsec20On { net accounts /uniquepw:24; Write-Output "Set Enforce Password History to 24 or more password(s) is set."; } function Set-wbMSPsec20Off { Write-Output "Set Enforce Password History to 24 or more password(s) is unchaanged."; } function Set-wbMSPsec21On { New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" -Name 'InactivityTimeoutSecs' -PropertyType DWORD -Value 0x00000384 -Force; Write-Output "Set Interactive logon: Machine inactivity limit to 1-900 seconds is set."; } function Set-wbMSPsec21Off { Write-Output "Set Interactive logon: Machine inactivity limit to 1-900 seconds is unchanged."; } function Set-wbMSPsec22On { net accounts /minpwage:1; Write-Output "set Minimum Password Age to 1 or more day(s) is set."; } function Set-wbMSPsec22Off { Write-Output "set Minimum Password Age to 1 or more day(s) is unchanged."; } function Set-wbMSPsec23On { net accounts /lockoutwindow:15; Write-Output "Set Reset account lockout counter after to 15 minutes or more is set."; } function Set-wbMSPsec23Off { Write-Output "Set Reset account lockout counter after to 15 minutes or more is unchanged."; } function Set-wbMSPsec24On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutorun' -Value 1; Write-Output "Set default behavior for AutoRun to Enabled: Do not execute any autorun commands is set."; } function Set-wbMSPsec24Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutorun' -Value 0; Write-Output "Set default behavior for AutoRun to Enabled: Do not execute any autorun commands is reverted."; } function Set-wbMSPsec25On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name 'DisableIPSourceRouting' -Value 2; Write-Output "Set IPV6 source routing to highest protection is set."; } function Set-wbMSPsec25Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name 'DisableIPSourceRouting' -Value 0; Write-Output "Set IPV6 source routing to highest protection is reverted."; } function Set-wbMSPsec26On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\" -Name 'LmCompatibilityLevel' -Value 5; Write-Output "Set LAN Manager authentication level to Send NTLMv2 response only. Refuse LM & NTLM is set."; } function Set-wbMSPsec26Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\" -Name 'LmCompatibilityLevel' -Value 3; Write-Output "Set LAN Manager authentication level to Send NTLMv2 response only. Refuse LM & NTLM is reverted."; } function Set-wbMSPsec27On { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" -Name 'ConsentPromptBehaviorUser' -Value 0; Write-Output "Set User Account Control (UAC) to automatically deny elevation requests is set."; } function Set-wbMSPsec27Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" -Name 'ConsentPromptBehaviorUser' -Value 3; Write-Output "Set User Account Control (UAC) to automatically deny elevation requests is reverted."; } function Set-wbMSPsec28On { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\" -Name 'Edge' -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name "PasswordManagerEnabled" -Value 0; Write-Output "Disable Password Manager is set."; } function Set-wbMSPsec28Off { Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name "PasswordManagerEnabled" -Value 1; Write-Output "Disable Password Manager is reverted."; } function Set-wbMSPsec29On { try { Set-NetworkLevelAuthentication -EnableNLA $true; Write-Output "Set user authentication for remote connections by using Network Level Authentication to Enabled is set."; } catch { Write-Output "Service does not exist"; } } function Set-wbMSPsec29Off { try { Set-NetworkLevelAuthentication -EnableNLA $false; Write-Output "Set user authentication for remote connections by using Network Level Authentication to Enabled is reverted."; } catch { Write-Output "Service does not exist."; } } function Set-wbMSPsec30On { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_AllowNetBridge_NLA" -Value 0; Write-Output "Disable Installation and configuration of Network Bridge on your DNS domain network is set."; } function Set-wbMSPsec30Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_AllowNetBridge_NLA" -Value 1; Write-Output "Disable Installation and configuration of Network Bridge on your DNS domain network is reverted."; } function Set-wbMSPsec31On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "DisableDomainCreds" -Value 1; Write-Output "Disable the local storage of passwords and credentials is set."; } function Set-wbMSPsec31Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "DisableDomainCreds" -Value 0; Write-Output "Disable the local storage of passwords and credentials is reverted."; } function Set-wbMSPsec32On { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_StdDomainUserSetLocation" -Value 1; Write-Output "Enable Require domain users to elevate when setting a networks location is set."; } function Set-wbMSPsec32Off { Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_StdDomainUserSetLocation" -Value 0; Write-Output "Enable Require domain users to elevate when setting a networks location is reverted."; } function Set-wbMSPsec33On { Update-MpSignature; Write-Output "Update-MpSignature has been updated."; } function Set-wbMSPsec33Off { Write-Output "Update-MpSignature cannot be reverted."; } function Set-wbMSPsec34On { Set-NetFirewallProfile -Profile Domain -Enabled True; Write-Output "Secure Microsoft Defender Firewall domain profile is set."; } function Set-wbMSPsec34Off { Set-NetFirewallProfile -Profile Domain -Enabled False; Write-Output "Secure Microsoft Defender Firewall domain profile is reverted."; } function Set-wbMSPsec35On { Set-NetFirewallProfile -Profile Public -Enabled True; Write-Output "Secure Microsoft Defender Firewall public profile is set."; } function Set-wbMSPsec35Off { Set-NetFirewallProfile -Profile Public -Enabled False; Write-Output "Secure Microsoft Defender Firewall public profile is reverted."; } function Set-wbMSPsec36On { Set-NetFirewallProfile -Profile Private -Enabled True; Write-Output "Secure Microsoft Defender firewall private profile is set."; } function Set-wbMSPsec36Off { Set-NetFirewallProfile -Profile Private -Enabled False; Write-Output "Secure Microsoft Defender firewall private profile is reverted."; } function Set-wbMSPsec37On { Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Session Manager\" -Name "SafeDllSearchMode" -Value 1; Write-Output "Enable Safe DLL Search Mode is set."; } function Set-wbMSPsec37Off { Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Session Manager\" -Name "SafeDllSearchMode" -Value 0; Write-Output "Enable Safe DLL Search Mode is reverted."; } function Set-wbMSPsec38On { Set-MpPreference -EnableNetworkProtection Enabled; Write-Output "Enable Network Protection is set."; } function Set-wbMSPsec38Off { Set-MpPreference -EnableNetworkProtection Disabled; Write-Output "Enable Network Protection is reverted."; } function Set-wbMSPsec39On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\" -Name "AllowInsecureGuestLogons" -Value 0; Write-Output "Disable Insecure guest logons in SMB is set."; } function Set-wbMSPsec39Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\" -Name "AllowInsecureGuestLogons" -Value 1; Write-Output "Disable Insecure guest logons in SMB is reverted."; } function Set-wbMSPsec40On { Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart; Write-Output "Disable SMBv1 client driver is set."; } function Set-wbMSPsec40Off { Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart; Write-Output "Disable SMBv1 client driver is reverted."; } function Set-wbMSPsec41On { try { Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force; Write-Output "Disable SMBv1 server is set."; } catch { Write-Output "Service does not exist."; } } function Set-wbMSPsec41Off { Write-Output "Disable SMBv1 server is not reverted."; } function Set-wbMSPsec42On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SealSecureChannel" -Value 1; Write-Output "Disable Insecure guest logons in SMB is set."; } function Set-wbMSPsec42Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SealSecureChannel" -Value 0; Write-Output "Disable Insecure guest logons in SMB is reverted."; } function Set-wbMSPsec43On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\" -Name "UseLogonCredential" -Value 0; Write-Output "Disable WDigest Authentication is set."; } function Set-wbMSPsec43Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\" -Name "UseLogonCredential" -Value 1; Write-Output "Disable WDigest Authentication is reverted."; } function Set-wbMSPsec44On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SignSecureChannel" -Value 1; Write-Output "Enable Domain member: Digitally sign secure channel data (when possible) is set."; } function Set-wbMSPsec44Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SignSecureChannel" -Value 0; Write-Output "Enable Domain member: Digitally sign secure channel data (when possible) is reverted."; } function Set-wbMSPsec45On { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "RequireSignOrSeal" -Value 1; Write-Output "Enable Domain member: Digitally encrypt or sign secure channel data (always) is set."; } function Set-wbMSPsec45Off { Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "RequireSignOrSeal" -Value 0; Write-Output "Enable Domain member: Digitally encrypt or sign secure channel data (always) is reverted."; } function Set-wbMSPsecAllOn { Set-wbMSPsec1On; Set-wbMSPsec2On; Set-wbMSPsec3On; Set-wbMSPsec4On; Set-wbMSPsec5On; Set-wbMSPsec6On; Set-wbMSPsec7On; Set-wbMSPsec8On; Set-wbMSPsec9On; Set-wbMSPsec10On; Set-wbMSPsec11On; Set-wbMSPsec12On; Set-wbMSPsec13On; Set-wbMSPsec14On; Set-wbMSPsec15On; Set-wbMSPsec16On; Set-wbMSPsec17On; Set-wbMSPsec18On; Set-wbMSPsec19On; Set-wbMSPsec20On; Set-wbMSPsec21On; Set-wbMSPsec22On; Set-wbMSPsec23On; Set-wbMSPsec24On; Set-wbMSPsec25On; Set-wbMSPsec26On; Set-wbMSPsec27On; Set-wbMSPsec28On; Set-wbMSPsec29On; Set-wbMSPsec30On; Set-wbMSPsec31On; Set-wbMSPsec32On; Set-wbMSPsec33On; Set-wbMSPsec34On; Set-wbMSPsec35On; Set-wbMSPsec36On; Set-wbMSPsec37On; Set-wbMSPsec38On; Set-wbMSPsec39On; Set-wbMSPsec40On; Set-wbMSPsec41On; Set-wbMSPsec42On; Set-wbMSPsec43On; Set-wbMSPsec44On; Set-wbMSPsec45On; Write-Output "Thank you for using wbMSPsecurity Module. Please run Invoke-wbMSPsecurityInfo to view more information."; } function Set-wbMSPsecAllOff { Set-wbMSPsec1Off; Set-wbMSPsec2Off; Set-wbMSPsec3Off; Set-wbMSPsec4Off; Set-wbMSPsec5Off; Set-wbMSPsec6Off; Set-wbMSPsec7Off; Set-wbMSPsec8Off; Set-wbMSPsec9Off; Set-wbMSPsec10Off; Set-wbMSPsec11Off; Set-wbMSPsec12Off; Set-wbMSPsec13Off; Set-wbMSPsec14Off; Set-wbMSPsec15Off; Set-wbMSPsec16Off; Set-wbMSPsec17Off; Set-wbMSPsec18Off; Set-wbMSPsec19Off; Set-wbMSPsec20Off; Set-wbMSPsec21Off; Set-wbMSPsec22Off; Set-wbMSPsec23Off; Set-wbMSPsec24Off; Set-wbMSPsec25Off; Set-wbMSPsec26Off; Set-wbMSPsec27Off; Set-wbMSPsec28Off; Set-wbMSPsec29Off; Set-wbMSPsec30Off; Set-wbMSPsec31Off; Set-wbMSPsec32Off; Set-wbMSPsec33Off; Set-wbMSPsec34Off; Set-wbMSPsec35Off; Set-wbMSPsec36Off; Set-wbMSPsec37Off; Set-wbMSPsec38Off; Set-wbMSPsec39Off; Set-wbMSPsec40Off; Set-wbMSPsec41Off; Set-wbMSPsec42Off; Set-wbMSPsec43Off; Set-wbMSPsec44Off; Set-wbMSPsec45Off; Write-Output "Thank you for using wbMSPsecurity Module. Please run Invoke-wbMSPsecurityInfo to view more information."; } function Invoke-wbMSPsecurityInfo { Start-Process "msedge.exe" "https://wadebach.blackcatwhitehatsecurity.com/security.cfm" Write-Output "Project Information website has been launched."; } |