-
-
Save p0w3rsh3ll/55dad2393ba0483b39db7b449eabfe88 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#region secedit | |
Script SeceditPolicy { | |
GetScript = { | |
@{ | |
GetScript = $GetScript | |
SetScript = $SetScript | |
TestScript = $TestScript | |
Result = (&{ | |
$null = & (gcm secedit.exe) @('/export','/Cfg','C:\Windows\temp\secpol.SECURITYPOLICY.txt','/areas','SECURITYPOLICY') | |
(Get-Content -Path 'C:\Windows\temp\secpol.SECURITYPOLICY.txt' -ReadCount 1) -match '^([A-Z\s0-9_\\]+)=(.*)$' -replace '=',',' | | |
ConvertFrom-Csv -Header Key,Value1,Value2 | |
}) | |
} | |
} | |
SetScript = { | |
# secedit /import /db filename /cfg filename [/overwrite][/areas area1 area2...] [/log filename] [/quiet] | |
& (gcm secedit.exe) @('/import','/db','C:\Windows\security\database\secedit.sdb','/cfg','C:\windows\temp\seceditpol.inf', | |
'/areas','SECURITYPOLICY','/log','C:\windows\temp\seceditpol.log','/quiet') | |
} | |
TestScript = { | |
if( | |
Compare-Object ` | |
-ReferenceObject ( | |
(Get-Content -Path 'C:\windows\temp\seceditpol.inf' -ReadCount 1) ` | |
-match '^([A-Z\s0-9_\\]+)=(.*)$' -replace '=',',' | | |
ConvertFrom-Csv -Header Key,Value1,Value2 | |
) ` | |
-DifferenceObject ( | |
& { | |
$null = & (gcm secedit.exe) @('/export','/Cfg','C:\Windows\temp\secpol.SECURITYPOLICY.txt','/areas','SECURITYPOLICY') | |
(Get-Content -Path 'C:\Windows\temp\secpol.SECURITYPOLICY.txt' -ReadCount 1) ` | |
-match '^([A-Z\s0-9_\\]+)=(.*)$' -replace '=',',' | | |
ConvertFrom-Csv -Header Key,Value1,Value2 | |
} | |
) # -IncludeEqual | |
) { | |
return $false | |
} else { | |
return $true | |
} | |
} | |
DependsOn = '[File]seceditinf' | |
} | |
File seceditinf { | |
DestinationPath = 'C:\windows\temp\seceditpol.inf' | |
Ensure = 'Present'; | |
Force = $true | |
Contents = @' | |
[Unicode] | |
Unicode=yes | |
[System Access] | |
MinimumPasswordAge = 0 | |
MaximumPasswordAge = 42 | |
MinimumPasswordLength = 0 | |
PasswordComplexity = 1 | |
PasswordHistorySize = 0 | |
LockoutBadCount = 0 | |
RequireLogonToChangePassword = 0 | |
ForceLogoffWhenHourExpire = 0 | |
NewAdministratorName = "Administrator" | |
NewGuestName = "Guest" | |
ClearTextPassword = 0 | |
LSAAnonymousNameLookup = 0 | |
EnableAdminAccount = 1 | |
EnableGuestAccount = 0 | |
[Event Audit] | |
AuditSystemEvents = 0 | |
AuditLogonEvents = 0 | |
AuditObjectAccess = 0 | |
AuditPrivilegeUse = 0 | |
AuditPolicyChange = 0 | |
AuditAccountManage = 0 | |
AuditProcessTracking = 0 | |
AuditDSAccess = 0 | |
AuditAccountLogon = 0 | |
[Version] | |
signature="$CHICAGO$" | |
Revision=1 | |
[Registry Values] | |
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0 | |
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0 | |
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,"10" | |
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,0 | |
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,5 | |
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,"0" | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin=4,5 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser=4,3 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,0 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection=4,1 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA=4,1 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths=4,1 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle=4,0 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization=4,1 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken=4,0 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,"" | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7, | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop=4,1 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption=4,0 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1 | |
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures=4,0 | |
MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled=4,0 | |
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0 | |
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0 | |
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0 | |
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0 | |
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled=4,0 | |
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0 | |
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0 | |
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1 | |
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,3 | |
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditReceivingNTLMTraffic=4,2 | |
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,536870912 | |
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,536870912 | |
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic=4,1 | |
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1 | |
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,0 | |
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1 | |
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1 | |
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=7,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion | |
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=7,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog | |
MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1 | |
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,0 | |
MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1 | |
MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional=7, | |
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15 | |
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1 | |
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,0 | |
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes=7, | |
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0 | |
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1 | |
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0 | |
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1 | |
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0 | |
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1 | |
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\AuditNTLMInDomain=4,7 | |
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0 | |
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30 | |
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1 | |
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,1 | |
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1 | |
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1 | |
'@ | |
} | |
#endregion |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment