Last active
October 27, 2020 21:54
-
-
Save gildotdev/972aad15e321ff7c3f21978a8c20dc39 to your computer and use it in GitHub Desktop.
Just showing some basic examples of using a batch files and PowerShell scripts to run commands to help secure a Windows system
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem Guest account has been secured: 10 pts | |
| rem Disable Guest Account | |
| rem https://www.windows-commandline.com/enable-disable-guest-account/ | |
| net user guest /active:no | |
| rem A password of at least 8 characters is required: 10 pts | |
| rem Set Minimum Password Length | |
| rem https://www.top-password.com/blog/change-account-lockout-password-complexity-policy-in-windows/ | |
| net accounts /minpwlen:8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| :passwords | |
| net accounts /uniquepw:24 | |
| net accounts /minpwlen:8 | |
| net accounts /maxpwage:90 | |
| net accounts /minpwage:5 | |
| net user guest /active:no | |
| echo. | |
| echo Set Password Policies | |
| pause | |
| :mp3s | |
| cd \ | |
| dir /s *.mp3 | |
| del /s *.mp3 | |
| echo. | |
| echo Deleted Prohibited Files | |
| pause | |
| :services | |
| sc config TlntSvr start= disabled | |
| sc stop TlntSvr | |
| sc config SharedAccess start= disabled | |
| sc stop SharedAccess | |
| sc config RemoteRegistry start= disabled | |
| sc stop RemoteRegistry | |
| sc config SSDPSRV start= disabled | |
| sc stop SSDPSRV | |
| sc config upnphost start= disabled | |
| sc stop upnphost | |
| echo. | |
| echo Stopped Services | |
| pause | |
| :auto-update | |
| reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f | |
| echo. | |
| echo Enabled Auto-Update | |
| pause | |
| :ports | |
| netsh advfirewall firewall add rule name="FTP1TCPOUT" protocol=TCP dir=out remoteport=20 action=block | |
| netsh advfirewall firewall add rule name="FTP1TCPIN" protocol=TCP dir=in remoteport=20 action=block | |
| netsh advfirewall firewall add rule name="FTP1UDPOUT" protocol=UDP dir=out remoteport=20 action=block | |
| netsh advfirewall firewall add rule name="FTP1UDPIN" protocol=UDP dir=in remoteport=20 action=block | |
| netsh advfirewall firewall add rule name="FTP2TCPOUT" protocol=TCP dir=out remoteport=21 action=block | |
| netsh advfirewall firewall add rule name="FTP2TCPIN" protocol=TCP dir=in remoteport=21 action=block | |
| netsh advfirewall firewall add rule name="FTP2UDPOUT" protocol=UDP dir=out remoteport=21 action=block | |
| netsh advfirewall firewall add rule name="FTP2UDPIN" protocol=TCP dir=in remoteport=21 action=block | |
| netsh advfirewall firewall add rule name="SSHTCPOUT" protocol=TCP dir=out remoteport=22 action=block | |
| netsh advfirewall firewall add rule name="SSHTCPIN" protocol=TCP dir=in remoteport=22 action=block | |
| netsh advfirewall firewall add rule name="SSHUDPOUT" protocol=UDP dir=out remoteport=22 action=block | |
| netsh advfirewall firewall add rule name="SSHUDPIN" protocol=UDP dir=in remoteport=22 action=block | |
| netsh advfirewall firewall add rule name="TELNETTCPOUT" protocol=TCP dir=out remoteport=23 action=block | |
| netsh advfirewall firewall add rule name="TELNETTCPIN" protocol=TCP dir=in remoteport=23 action=block | |
| netsh advfirewall firewall add rule name="TELNETUDPOUT" protocol=UDP dir=out remoteport=23 action=block | |
| netsh advfirewall firewall add rule name="TELNETUDPIN" protocol=UDP dir=in remoteport=23 action=block | |
| netsh advfirewall firewall add rule name="SNMP1TCPOUT" protocol=TCP dir=out remoteport=161 action=block | |
| netsh advfirewall firewall add rule name="SNMP1TCPIN" protocol=TCP dir=in remoteport=161 action=block | |
| netsh advfirewall firewall add rule name="SNMP1UDPOUT" protocol=UDP dir=out remoteport=161 action=block | |
| netsh advfirewall firewall add rule name="SNMP1UDPIN" protocol=UDP dir=in remoteport=161 action=block | |
| netsh advfirewall firewall add rule name="SNMP2TCPOUT" protocol=TCP dir=out remoteport=162 action=block | |
| netsh advfirewall firewall add rule name="SNMP2TCPIN" protocol=TCP dir=in remoteport=162 action=block | |
| netsh advfirewall firewall add rule name="SNMP2UDPOUT" protocol=UDP dir=out remoteport=162 action=block | |
| netsh advfirewall firewall add rule name="SNMP2UDPIN" protocol=UDP dir=in remoteport=162 action=block | |
| netsh advfirewall firewall add rule name="LDAPTCPOUT" protocol=TCP dir=out remoteport=389 action=block | |
| netsh advfirewall firewall add rule name="LDAPTCPIN" protocol=TCP dir=in remoteport=389 action=block | |
| netsh advfirewall firewall add rule name="LDAPUDPOUT" protocol=UDP dir=out remoteport=389 action=block | |
| netsh advfirewall firewall add rule name="LDAPUDPIN" protocol=UDP dir=in remoteport=389 action=block | |
| echo. | |
| echo Blocked Ports | |
| pause |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Guest account has been secured: 10 pts | |
| # Disable Guest Account | |
| # https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/disable-localuser?view=powershell-5.1 | |
| Disable-LocalUser -Name "Guest" | |
| # A password of at least 8 characters is required: 10 pts | |
| # Set Minimum Password Length | |
| # https://technet.microsoft.com/en-us/library/dd378833(v=ws.10).aspx | |
| Set-ADDefaultDomainPasswordPolicy -Identity domainname.com –MinPasswordLength 8 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment