Skip to content

Instantly share code, notes, and snippets.

@p0w3rsh3ll

p0w3rsh3ll/Pester-secpol.ps1 Secret

Created December 7, 2016 12:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save p0w3rsh3ll/6e84fe4354fa1bf43faaffec53498dfe to your computer and use it in GitHub Desktop.
Save p0w3rsh3ll/6e84fe4354fa1bf43faaffec53498dfe to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Pester-secpol.ps1
#region Security policy
$SecurityPolicy = @(
@{
Key = 'Unicode'
Value1 = 'yes'
},
@{
Key = 'MinimumPasswordAge '
Value1 = '0'
},
@{
Key = 'MaximumPasswordAge '
Value1 = '42'
},
@{
Key = 'MinimumPasswordLength '
Value1 = '0'
},
@{
Key = 'PasswordComplexity '
Value1 = '0'
},
@{
Key = 'PasswordHistorySize '
Value1 = '0'
},
@{
Key = 'LockoutBadCount '
Value1 = '0'
},
@{
Key = 'RequireLogonToChangePassword '
Value1 = '0'
},
@{
Key = 'ForceLogoffWhenHourExpire '
Value1 = '0'
},
@{
Key = 'NewAdministratorName '
Value1 = 'Administrator'
},
@{
Key = 'NewGuestName '
Value1 = 'Guest'
},
@{
Key = 'ClearTextPassword '
Value1 = '0'
},
@{
Key = 'LSAAnonymousNameLookup '
Value1 = '0'
},
@{
Key = 'EnableAdminAccount '
Value1 = '0'
},
@{
Key = 'EnableGuestAccount '
Value1 = '0'
},
@{
Key = 'AuditSystemEvents '
Value1 = '0'
},
@{
Key = 'AuditLogonEvents '
Value1 = '0'
},
@{
Key = 'AuditObjectAccess '
Value1 = '0'
},
@{
Key = 'AuditPrivilegeUse '
Value1 = '0'
},
@{
Key = 'AuditPolicyChange '
Value1 = '0'
},
@{
Key = 'AuditAccountManage '
Value1 = '0'
},
@{
Key = 'AuditProcessTracking '
Value1 = '0'
},
@{
Key = 'AuditDSAccess '
Value1 = '0'
},
@{
Key = 'AuditAccountLogon '
Value1 = '0'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount'
Value1 = '1'
Value2 = '10'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning'
Value1 = '4'
Value2 = '5'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption'
Value1 = '1'
Value2 = '0'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin'
Value1 = '4'
Value2 = '5'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser'
Value1 = '4'
Value2 = '3'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption'
Value1 = '1'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText'
Value1 = '7'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing'
Value1 = '3'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec'
Value1 = '4'
Value2 = '536870912'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec'
Value1 = '4'
Value2 = '536870912'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine'
Value1 = '7'
Value2 = 'System\CurrentControlSet\Control\ProductOptions'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine'
Value1 = '7'
Value2 = 'System\CurrentControlSet\Control\Print\Printers'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional'
Value1 = '7'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect'
Value1 = '4'
Value2 = '15'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes'
Value1 = '7'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange'
Value1 = '4'
Value2 = '0'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge'
Value1 = '4'
Value2 = '30'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel'
Value1 = '4'
Value2 = '1'
},
@{
Key = 'signature'
Value1 = '$CHICAGO$'
},
@{
Key = 'Revision'
Value1 = '1'
}
)
#endregion
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment