Search - ScriptShare

Search Results

This script sets the registry to configure LSASS to run as a protected process and verifies the setting to ensure it meets the CIS benchmark requirement.

This script fixes the windows CIS Benchmark check 18.9.26.2: "Ensure 'Configures LSASS to run as a protected process' is set to 'Enabled: Enabled with UEFI Lock'."

The script modifies the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL to a value of 1 (DWORD) to enable LSASS to run as a protected process. It then verifies that the value is correctly set. This addresses the CIS check for 'Ensure "Configures LSASS to run as a protected process" is set to "Enabled: Enabled with UEFI Lock"' by setting the required registry value. Note that this script directly modifies the registry and may not enforce the UEFI lock aspect, which is typically handled via Group Policy.

Parameters

None This script does not require any parameters.

Example(s)

.\FixCisLsassProtectedProcess.ps1

Notes

This script must be run with administrative privileges.
It is compatible with PowerShell 5.1 and later.
After running, check the output to confirm the CIS check passes.

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.21.1

Fix Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 3 = Prevent Wi-Fi when on Ethernet'.

This script fixes the windows CIS Benchmark check 18.6.21.1: "Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 3 = Prevent Wi-Fi when on Ethernet'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 18.6.10.2

Fix Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.6.10.2: "Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.42.6.3.1

Fix Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'.

This script fixes the windows CIS Benchmark check 18.10.42.6.3.1: "Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'."

OOgden Wells

6mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.89.1

This script sets the registry key to disable 'Allow Remote Shell Access' as per CIS benchmark and verifies the change.

This script fixes the windows CIS Benchmark check 18.10.89.1: "Ensure 'Allow Remote Shell Access' is set to 'Disabled'."

The script modifies the Windows Registry to ensure remote shell access is disabled. It checks for administrative privileges, sets the required registry value, and verifies that the change was applied successfully.

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.90.1

Fix Ensure 'Allow clipboard sharing with Windows Sandbox' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.10.90.1: "Ensure 'Allow clipboard sharing with Windows Sandbox' is set to 'Disabled'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.90.2

Fix Ensure 'Allow networking in Windows Sandbox' is set to 'Disabled'.

This script fixes the windows CIS Benchmark check 18.10.90.2: "Ensure 'Allow networking in Windows Sandbox' is set to 'Disabled'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.91.2.1

Fix Ensure 'Prevent users from modifying settings' is set to 'Enabled'.

This script fixes the windows CIS Benchmark check 18.10.91.2.1: "Ensure 'Prevent users from modifying settings' is set to 'Enabled'."

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.92.2.4

This script fixes the CIS benchmark check for 'Remove access to "Pause updates" feature' by setting the appropriate registry key and verifies the result.

This script fixes the windows CIS Benchmark check 18.10.92.2.4: "Ensure 'Remove access to "Pause updates" feature' is set to 'Enabled'."

The script ensures that the registry value SetDisablePauseUXAccess is set to 1 under the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate. It includes error handling and automatic verification to confirm the setting is applied correctly.

XXeroSec

6mo ago

v1PowerShell Windows

cis_win11_enterprise 18.10.92.4.2

Fix Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: 180 or more days'.

This script fixes the windows CIS Benchmark check 18.10.92.4.2: "Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: 180 or more days'."

XXeroSec

6mo ago

Search Results

ago