Harden-Windows-Security-Module
0.4.8
Harden Windows Safely, Securely, only with Official Microsoft methods
⭕ This module provides 3 main features: Hardening, Auditing/checking the system compliance, and undoing the Hardening
⭕ Please read the GitHub's readme before running this module: https://github.com/HotCakeX/Harden-Windows-Security
💜 GUI (Graphical User Interface) is Available! Run (Prot
Harden Windows Safely, Securely, only with Official Microsoft methods
⭕ This module provides 3 main features: Hardening, Auditing/checking the system compliance, and undoing the Hardening
⭕ Please read the GitHub's readme before running this module: https://github.com/HotCakeX/Harden-Windows-Security
💜 GUI (Graphical User Interface) is Available! Run (Protect-WindowsSecurity -GUI) to use the GUI instead of the CLI experience.
💠 Features of this module:
✅ Everything always stays up-to-date with the newest proactive security measures that are industry standards and scalable.
✅ Everything is in plain text, nothing hidden, no 3rd party executable or pre-compiled binary is involved.
✅ No Windows functionality is removed/disabled against Microsoft's recommendations.
✅ The module primarily uses Group policies, the Microsoft recommended way of configuring Windows. It also uses PowerShell cmdlets where Group Policies aren't available, and finally uses a few registry keys to configure security measures that can neither be configured using Group Policies nor PowerShell cmdlets. This is why the module doesn't break anything or cause unwanted behavior.
✅ When a hardening measure is no longer necessary because it's applied by default by Microsoft on new builds of Windows, it will also be removed from the module in order to prevent any problems and because it won't be necessary anymore.
✅ The module can be run infinite number of times, it's made in a way that it won't make any duplicate changes.
✅ The module prompts for confirmation before running each hardening category.
✅ Applying these hardening measures makes your PC compliant with Microsoft Security Baselines and Secured-core PC specifications (provided that you use modern hardware that supports the latest Windows security features)
💠 Hardening Categories from top to bottom: (⬇️Detailed info about each of them at my Github⬇️)
⏹ Commands that require Administrator Privileges
✅ Microsoft Security Baselines
✅ Microsoft 365 Apps Security Baselines
✅ Microsoft Defender
✅ Attack surface reduction rules
✅ Bitlocker Settings
✅ TLS Security
✅ Lock Screen
✅ UAC (User Account Control)
✅ Windows Firewall
✅ Optional Windows Features
✅ Windows Networking
✅ Miscellaneous Configurations
✅ Windows Update Configurations
✅ Edge Browser Configurations
✅ Certificate Checking Commands
✅ Country IP Blocking
✅ Downloads Defense Measures
⏹ Commands that don't require Administrator Privileges
✅ Non-Admin Commands that only affect the current user and do not make machine-wide changes.
💎 This module has hybrid mode of operation. It can run Interactively and non-interactively (Silent/unattended mode). More info in the document: https://github.com/HotCakeX/Harden-Windows-Security/wiki/Harden%E2%80%90Windows%E2%80%90Security%E2%80%90Module
🏴 If you have any questions, requests, suggestions etc. about this module, please open a new Discussion or Issue on GitHub
🟡 The module generates a nice output on the screen as well as giving users an option to export the results in a CSV file.
Minimum PowerShell version
7.4.2
Installation Options
Owners
Copyright
(c) HotCakeX. All rights reserved.
Package Details
Author(s)
- HotCakeX
Tags
Harden-Windows-Security Harden Windows Security Compliance Validation Baseline Security-Score Benchmark Group-Policy
Functions
Confirm-SystemCompliance Protect-WindowsSecurity Unprotect-WindowsSecurity
PSEditions
Dependencies
This module has no dependencies.
Release Notes
Complete detailed release notes available on GitHub releases: https://github.com/HotCakeX/Harden-Windows-Security/releases/
FileList
- Harden-Windows-Security-Module.nuspec
- .NETAssembliesToLoad.txt
- C#\MpPreferenceHelper.cs
- Resources\EventViewerCustomViews\Microsoft-Windows-AppLocker And MSI and Script.xml
- Resources\Security-Baselines-X\Lock Screen Policies\Enable CTRL + ALT + DEL\GptTmpl.inf
- C#\ProcessMitigationsParser.cs
- Resources\EventViewerCustomViews\Microsoft-Windows-CodeIntegrity Operational.xml
- Resources\Security-Baselines-X\Microsoft Defender Policies\registry.pol
- Harden-Windows-Security-Module.psd1
- C#\RegistryEditor.cs
- Resources\EventViewerCustomViews\Network Protection Events.xml
- Resources\Security-Baselines-X\Microsoft Defender Policies\Optional Diagnostic Data\registry.pol
- Harden-Windows-Security-Module.psm1
- C#\SecureStringComparer.cs
- Resources\EventViewerCustomViews\Restarts.xml
- Resources\Security-Baselines-X\Miscellaneous Policies\GptTmpl.inf
- C#\AsyncDownloader.cs
- C#\SystemInfoNativeMethods.cs
- Resources\EventViewerCustomViews\Sudden Shut down events.xml
- Resources\Security-Baselines-X\Miscellaneous Policies\registry.pol
- C#\Categoriex.cs
- C#\TPM.cs
- Resources\EventViewerCustomViews\USB storage Connects & Disconnects.xml
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\GptTmpl.inf
- C#\CategoryProcessing.cs
- C#\UserPrivCheck.cs
- Resources\Media\Log.png
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\registry.pol
- C#\CSVImporter.cs
- Core\Confirm-SystemCompliance.psm1
- Resources\Media\Path.png
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\Bitlocker DMA\Bitlocker DMA Countermeasure OFF\Registry.pol
- C#\CustomExceptions.cs
- Core\Protect-WindowsSecurity.psm1
- Resources\Media\start.png
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\Bitlocker DMA\Bitlocker DMA Countermeasure ON\Registry.pol
- C#\FirmwareType.cs
- Core\Unprotect-WindowsSecurity.psm1
- Resources\Media\ToastNotificationIcon.png
- Resources\Security-Baselines-X\TLS Security\registry.pol
- C#\GetEncryptedVolumeInfo.cs
- Resources\Dangerous-Script-Hosts-Blocking.xml
- Resources\Media\Text Arts\121To160.txt
- Resources\Security-Baselines-X\User Account Control UAC Policies\GptTmpl.inf
- C#\GitExesFinder.cs
- Resources\Default Security Policy.inf
- Resources\Media\Text Arts\161To200.txt
- Resources\Security-Baselines-X\User Account Control UAC Policies\Hides the entry points for Fast User Switching\registry.pol
- C#\GitHubDesktopFinder.cs
- Resources\MDMResultClasses.txt
- Resources\Media\Text Arts\1To40.txt
- Resources\Security-Baselines-X\User Account Control UAC Policies\Only elevate executables that are signed and validated\GptTmpl.inf
- C#\GlobalVars.cs
- Resources\ProcessMitigations.csv
- Resources\Media\Text Arts\41To80.txt
- Resources\Security-Baselines-X\Windows Firewall Policies\registry.pol
- C#\GUIWritter.cs
- Resources\Registry resources.csv
- Resources\Media\Text Arts\81To120.txt
- Resources\Security-Baselines-X\Windows Networking Policies\GptTmpl.inf
- C#\IndividualResultClass.cs
- Resources\Registry.csv
- Resources\Media\Text Arts\Above200.txt
- Resources\Security-Baselines-X\Windows Networking Policies\registry.pol
- C#\IniFileConverter.cs
- Resources\EventViewerCustomViews\Attack Surface Reduction rule events.xml
- Resources\Security-Baselines-X\Attack Surface Reduction Rules Policies\registry.pol
- Resources\Security-Baselines-X\Windows Update Policies\registry.pol
- C#\Initializer.cs
- Resources\EventViewerCustomViews\Controlled Folder Access events.xml
- Resources\Security-Baselines-X\Bitlocker Policies\registry.pol
- Shared\HardeningFunctions.ps1
- C#\MDM.cs
- Resources\EventViewerCustomViews\Exploit Protection Events.xml
- Resources\Security-Baselines-X\Lock Screen Policies\GptTmpl.inf
- Shared\Update-self.psm1
- C#\Miscellaneous.cs
- Resources\EventViewerCustomViews\Failed Lock screen login attempts using PIN.xml
- Resources\Security-Baselines-X\Lock Screen Policies\registry.pol
- XAML\Main.xml
- C#\MpComputerStatusHelper.cs
- Resources\EventViewerCustomViews\LockScreen Unlocks and Locks.xml
- Resources\Security-Baselines-X\Lock Screen Policies\Don't display last signed-in\GptTmpl.inf
Version History
Version | Downloads | Last updated |
---|---|---|
0.6.9 | 10,439 | 11/4/2024 |
0.6.8 | 2,947 | 10/29/2024 |
0.6.7 | 5,286 | 10/16/2024 |
0.6.6 | 2,666 | 10/9/2024 |
0.6.5 | 1,689 | 10/5/2024 |
0.6.4 | 567 | 10/4/2024 |
0.6.3 | 5,526 | 9/18/2024 |
0.6.2 | 377 | 9/18/2024 |
0.6.1 | 3,192 | 9/7/2024 |
0.6.0 | 764 | 9/4/2024 |
0.5.9 | 1,176 | 9/1/2024 |
0.5.8 | 1,119 | 8/28/2024 |
0.5.7 | 717 | 8/26/2024 |
0.5.6 | 414 | 8/25/2024 |
0.5.5 | 68 | 8/25/2024 |
0.5.4 | 5,047 | 8/10/2024 |
0.5.3 | 1,905 | 8/2/2024 |
0.5.2 | 1,266 | 7/29/2024 |
0.5.1 | 351 | 7/28/2024 |
0.5.0 | 886 | 7/21/2024 |
0.4.9 | 831 | 7/15/2024 |
0.4.8 (current version) | 429 | 7/14/2024 |
0.4.7 | 1,396 | 7/12/2024 |
0.4.6 | 1,263 | 7/7/2024 |
0.4.5 | 2,245 | 6/14/2024 |
0.4.4 | 519 | 6/10/2024 |
0.4.3 | 1,026 | 5/25/2024 |
0.4.2 | 619 | 5/16/2024 |
0.4.1 | 447 | 5/11/2024 |
0.4.0 | 672 | 5/4/2024 |
0.3.9 | 1,141 | 4/24/2024 |
0.3.8 | 779 | 4/14/2024 |
0.3.7 | 318 | 4/9/2024 |
0.3.6 | 272 | 4/3/2024 |
0.3.5 | 629 | 3/22/2024 |
0.3.4 | 1,096 | 3/7/2024 |
0.3.3 | 320 | 3/4/2024 |
0.3.2 | 809 | 2/24/2024 |
0.3.1 | 1,965 | 1/25/2024 |
0.3.0 | 653 | 1/15/2024 |
0.3.0-Beta3 | 8 | 1/15/2024 |
0.2.9 | 414 | 1/9/2024 |
0.2.8 | 68 | 1/9/2024 |
0.2.8-Beta2 | 10 | 1/8/2024 |
0.2.8-Beta1 | 9 | 1/8/2024 |
0.2.7 | 1,225 | 12/15/2023 |
0.2.6 | 349 | 11/23/2023 |
0.2.5 | 119 | 11/18/2023 |
0.2.4 | 132 | 11/8/2023 |
0.2.3 | 32 | 11/6/2023 |
0.2.2 | 54 | 11/3/2023 |
0.2.1 | 17 | 11/3/2023 |
0.2.0 | 190 | 10/19/2023 |
0.1.9 | 55 | 10/17/2023 |
0.1.8 | 55 | 10/12/2023 |
0.1.7 | 121 | 10/4/2023 |
0.1.6.1 | 107 | 9/26/2023 |
0.1.6 | 9 | 9/26/2023 |
0.1.5 | 37 | 9/24/2023 |
0.1.4 | 189 | 9/12/2023 |
0.1.3 | 43 | 9/7/2023 |
0.1.2 | 246 | 8/24/2023 |
0.1.1 | 54 | 8/21/2023 |
0.1.0 | 70 | 8/18/2023 |
0.0.9 | 33 | 8/17/2023 |
0.0.8 | 74 | 8/11/2023 |
0.0.7 | 54 | 8/9/2023 |
0.0.6 | 28 | 8/9/2023 |
0.0.5 | 13 | 8/9/2023 |
0.0.4 | 18 | 8/9/2023 |
0.0.3 | 80 | 8/5/2023 |
0.0.2 | 51 | 8/2/2023 |
0.0.1 | 81 | 7/29/2023 |