Harden-Windows-Security-Module
0.5.8
Harden Windows Safely, Securely, only with Official Microsoft methods - 🦄 Intune - 🧩 Group Policy - 🛡️ Local - ☁️ Cloud (All scenarios supported 💯)
⭕ This module provides 3 main features: Hardening, Auditing/checking the system compliance, and undoing the Hardening
⭕ Please read the GitHub's readme before running this module: https://github.com/HotCakeX/Ha
Harden Windows Safely, Securely, only with Official Microsoft methods - 🦄 Intune - 🧩 Group Policy - 🛡️ Local - ☁️ Cloud (All scenarios supported 💯)
⭕ This module provides 3 main features: Hardening, Auditing/checking the system compliance, and undoing the Hardening
⭕ Please read the GitHub's readme before running this module: https://github.com/HotCakeX/Harden-Windows-Security
💜 GUI (Graphical User Interface) is Available! Run (Protect-WindowsSecurity -GUI) to use the GUI instead of the CLI experience.
💠 Features of this module:
✅ Everything always stays up-to-date with the newest proactive security measures that are industry standards and scalable.
✅ Everything is in plain text, nothing hidden, no 3rd party executable or pre-compiled binary is involved.
✅ No Windows functionality is removed/disabled against Microsoft's recommendations.
✅ The module primarily uses Group policies, the Microsoft recommended way of configuring Windows. It also uses PowerShell cmdlets where Group Policies aren't available, and finally uses a few registry keys to configure security measures that can neither be configured using Group Policies nor PowerShell cmdlets. This is why the module doesn't break anything or cause unwanted behavior.
✅ When a hardening measure is no longer necessary because it's applied by default by Microsoft on new builds of Windows, it will also be removed from the module in order to prevent any problems and because it won't be necessary anymore.
✅ The module can be run infinite number of times, it's made in a way that it won't make any duplicate changes.
✅ The module prompts for confirmation before running each hardening category.
✅ Applying these hardening measures makes your PC compliant with Microsoft Security Baselines and Secured-core PC specifications (provided that you use modern hardware that supports the latest Windows security features)
💠 Hardening Categories from top to bottom: (⬇️Detailed info about each of them at my Github⬇️)
⏹ Commands that require Administrator Privileges
✅ Microsoft Security Baselines
✅ Microsoft 365 Apps Security Baselines
✅ Microsoft Defender
✅ Attack surface reduction rules
✅ Bitlocker Settings
✅ TLS Security
✅ Lock Screen
✅ UAC (User Account Control)
✅ Windows Firewall
✅ Optional Windows Features
✅ Windows Networking
✅ Miscellaneous Configurations
✅ Windows Update Configurations
✅ Edge Browser Configurations
✅ Certificate Checking Commands
✅ Country IP Blocking
✅ Downloads Defense Measures
⏹ Commands that don't require Administrator Privileges
✅ Non-Admin Commands that only affect the current user and do not make machine-wide changes.
💎 This module has hybrid mode of operation. It can run Interactively and non-interactively (Silent/unattended mode). More info in the document: https://github.com/HotCakeX/Harden-Windows-Security/wiki/Harden%E2%80%90Windows%E2%80%90Security%E2%80%90Module
🏴 If you have any questions, requests, suggestions etc. about this module, please open a new Discussion or Issue on GitHub
🟡 The module generates a nice output on the screen as well as giving users an option to export the results in a CSV file.
Minimum PowerShell version
7.4.4
Installation Options
Owners
Copyright
(c) HotCakeX. All rights reserved.
Package Details
Author(s)
- HotCakeX
Tags
Harden-Windows-Security Harden Windows Security Compliance Validation Baseline Security-Score Benchmark Group-Policy
Functions
Confirm-SystemCompliance Protect-WindowsSecurity Unprotect-WindowsSecurity
PSEditions
Dependencies
This module has no dependencies.
Release Notes
Complete detailed release notes available on GitHub releases: https://github.com/HotCakeX/Harden-Windows-Security/releases/
FileList
- Harden-Windows-Security-Module.nuspec
- Resources\Media\ProgramIcon.ico
- .NETAssembliesToLoad.txt
- C#\Others\MDMClassProcessor.cs
- C#\Protect Methods\WindowsUpdateConfigurations.cs
- Resources\Media\start.png
- C#\Others\Miscellaneous.cs
- C#\Types\CultureInfoProperties.cs
- Resources\Media\ToastNotificationIcon.png
- Harden-Windows-Security-Module.psd1
- C#\Others\MitigationPolicyProcessor.cs
- C#\Types\CustomExceptions.cs
- Resources\Media\Text Arts\121To160.txt
- Harden-Windows-Security-Module.psm1
- C#\Others\NewToastNotification.cs
- C#\Types\DefenderPlatformUpdatesChannels.cs
- Resources\Media\Text Arts\161To200.txt
- C#\CimInstances\FirewallHelper.cs
- C#\Others\PowerShellExecutor.cs
- C#\Types\EccCurveComparisonResult.cs
- Resources\Media\Text Arts\1To40.txt
- C#\CimInstances\GetEncryptedVolumeInfo.cs
- C#\Others\ProcessMitigationsApplication.cs
- C#\Types\IndividualResultClass.cs
- Resources\Media\Text Arts\41To80.txt
- C#\CimInstances\MDM.cs
- C#\Others\ProcessMitigationsParser.cs
- C#\Types\MDMResult.cs
- Resources\Media\Text Arts\81To120.txt
- C#\CimInstances\MpComputerStatusHelper.cs
- C#\Others\PropertyHelper.cs
- C#\Windows APIs\FirmwareType.cs
- Resources\Media\Text Arts\Above200.txt
- C#\CimInstances\MpPreferenceHelper.cs
- C#\Others\RegistryEditor.cs
- C#\Windows APIs\TPM.cs
- Resources\Security-Baselines-X\Attack Surface Reduction Rules Policies\registry.pol
- C#\CimInstances\NetConnectionProfiles.cs
- C#\Others\RunCommand.cs
- Core\Confirm-SystemCompliance.psm1
- Resources\Security-Baselines-X\Bitlocker Policies\registry.pol
- C#\CimInstances\TaskSchedulerHelper.cs
- C#\Others\SecureStringComparer.cs
- Core\Protect-WindowsSecurity.psm1
- Resources\Security-Baselines-X\Lock Screen Policies\GptTmpl.inf
- C#\Confirm Methods\InvokeConfirmation.cs
- C#\Others\SecuriryPolicyProcessor.cs
- Core\Unprotect-WindowsSecurity.psm1
- Resources\Security-Baselines-X\Lock Screen Policies\registry.pol
- C#\Confirm Methods\SYSTEMScheduledTasks.cs
- C#\Others\SecurityPolicyCsvProcessor.cs
- DLLs\Toast Notifications\Microsoft.Toolkit.Uwp.Notifications.dll
- Resources\Security-Baselines-X\Lock Screen Policies\Don't display last signed-in\GptTmpl.inf
- C#\GUI\GUIBootStrapper.cs
- C#\Others\SneakAndPeek.cs
- DLLs\Toast Notifications\Microsoft.Win32.SystemEvents.dll
- Resources\Security-Baselines-X\Lock Screen Policies\Enable CTRL + ALT + DEL\GptTmpl.inf
- C#\GUI\Confirm\SecOp.cs
- C#\Others\SystemInfoNativeMethods.cs
- DLLs\Toast Notifications\Microsoft.Windows.SDK.NET.dll
- Resources\Security-Baselines-X\Microsoft Defender Policies\registry.pol
- C#\GUI\Confirm\Variables.cs
- C#\Others\UserPrivCheck.cs
- DLLs\Toast Notifications\System.Drawing.Common.dll
- Resources\Security-Baselines-X\Microsoft Defender Policies\Optional Diagnostic Data\registry.pol
- C#\GUI\Confirm\View.cs
- C#\Others\VerboseLogger.cs
- DLLs\Toast Notifications\WinRT.Runtime.dll
- Resources\Security-Baselines-X\Miscellaneous Policies\GptTmpl.inf
- C#\GUI\Main\FindVisualChild.cs
- C#\Others\WindowsFeatureChecker.cs
- Resources\Dangerous-Script-Hosts-Blocking.xml
- Resources\Security-Baselines-X\Miscellaneous Policies\registry.pol
- C#\GUI\Main\GUI.cs
- C#\Protect Methods\AttackSurfaceReductionRules.cs
- Resources\Default Security Policy.inf
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\GptTmpl.inf
- C#\GUI\Main\Variables.cs
- C#\Protect Methods\BitLockerSettings.cs
- Resources\MDMResultClasses.csv
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\registry.pol
- C#\GUI\Protection\EventHandlers.cs
- C#\Protect Methods\CertificateCheckingCommands.cs
- Resources\ProcessMitigations.csv
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\Bitlocker DMA\Bitlocker DMA Countermeasure OFF\Registry.pol
- C#\GUI\Protection\Miscellaneous Methods.cs
- C#\Protect Methods\ClipboardSync.cs
- Resources\Registry resources.csv
- Resources\Security-Baselines-X\Overrides for Microsoft Security Baseline\Bitlocker DMA\Bitlocker DMA Countermeasure ON\Registry.pol
- C#\GUI\Protection\Variables.cs
- C#\Protect Methods\CountryIPBlocking.cs
- Resources\Registry.csv
- Resources\Security-Baselines-X\TLS Security\registry.pol
- C#\GUI\Protection\View.cs
- C#\Protect Methods\CountryIPBlocking_OFAC.cs
- Resources\SecurityPoliciesVerification.csv
- Resources\Security-Baselines-X\User Account Control UAC Policies\GptTmpl.inf
- C#\Others\ActivityTracker.cs
- C#\Protect Methods\DangerousScriptHostsBlocking.cs
- Resources\EventViewerCustomViews\Attack Surface Reduction rule events.xml
- Resources\Security-Baselines-X\User Account Control UAC Policies\Hides the entry points for Fast User Switching\registry.pol
- C#\Others\AsyncDownloader.cs
- C#\Protect Methods\DownloadsDefenseMeasures.cs
- Resources\EventViewerCustomViews\Controlled Folder Access events.xml
- Resources\Security-Baselines-X\User Account Control UAC Policies\Only elevate executables that are signed and validated\GptTmpl.inf
- C#\Others\Categoriex.cs
- C#\Protect Methods\EdgeBrowserConfigurations.cs
- Resources\EventViewerCustomViews\Exploit Protection Events.xml
- Resources\Security-Baselines-X\Windows Firewall Policies\registry.pol
- C#\Others\CategoryProcessing.cs
- C#\Protect Methods\LGPORunner.cs
- Resources\EventViewerCustomViews\Failed Lock screen login attempts using PIN.xml
- Resources\Security-Baselines-X\Windows Networking Policies\GptTmpl.inf
- C#\Others\ConditionalResultAdd.cs
- C#\Protect Methods\LockScreen.cs
- Resources\EventViewerCustomViews\LockScreen Unlocks and Locks.xml
- Resources\Security-Baselines-X\Windows Networking Policies\registry.pol
- C#\Others\ConfirmSystemComplianceMethods.cs
- C#\Protect Methods\LockScreen_CtrlAltDel.cs
- Resources\EventViewerCustomViews\Microsoft-Windows-AppLocker And MSI and Script.xml
- Resources\Security-Baselines-X\Windows Update Policies\registry.pol
- C#\Others\ControlledFolderAccessHandler.cs
- C#\Protect Methods\LockScreen_LastSignedIn.cs
- Resources\EventViewerCustomViews\Microsoft-Windows-CodeIntegrity Operational.xml
- Resources\XAML\Confirm.xaml
- C#\Others\CSVImporter.cs
- C#\Protect Methods\Microsoft365AppsSecurityBaselines.cs
- Resources\EventViewerCustomViews\Network Protection Events.xml
- Resources\XAML\Main.xaml
- C#\Others\CultureInfoHelper.cs
- C#\Protect Methods\MicrosoftDefender.cs
- Resources\EventViewerCustomViews\Restarts.xml
- Resources\XAML\Protect.xaml
- C#\Others\EccCurveComparer.cs
- C#\Protect Methods\MicrosoftSecurityBaselines.cs
- Resources\EventViewerCustomViews\Sudden Shut down events.xml
- Resources\XAML\ResourceDictionaries\Button.xaml
- C#\Others\ExportSecurityPolicy.cs
- C#\Protect Methods\MiscellaneousConfigurations.cs
- Resources\EventViewerCustomViews\USB storage Connects & Disconnects.xml
- Resources\XAML\ResourceDictionaries\ConfirmationDataGridStyles.xaml
- C#\Others\ForceRelocateImagesForFiles.cs
- C#\Protect Methods\MSFTDefender_BetaChannels.cs
- Resources\Media\3d-glassy-fuzzy-gradient-ball.png
- Resources\XAML\ResourceDictionaries\ConfirmationPageToggleButtonStyles.xaml
- C#\Others\GetLocalUser.cs
- C#\Protect Methods\MSFTDefender_EnableDiagData.cs
- Resources\Media\3d-glassy-gradient-plastic-twisted-torus.png
- Resources\XAML\ResourceDictionaries\CustomCheckBoxTemplate.xaml
- C#\Others\GetMDMResultValue.cs
- C#\Protect Methods\MSFTDefender_SAC.cs
- Resources\Media\3d-techny-secure-lock-and-key-successfully-unlocked.png
- Resources\XAML\ResourceDictionaries\CutePastelTooltips.xaml
- C#\Others\GetOneDriveDirectories.cs
- C#\Protect Methods\MSFTDefender_ScheduledTask.cs
- Resources\Media\background.jpg
- Resources\XAML\ResourceDictionaries\Gradients.xaml
- C#\Others\GitExesFinder.cs
- C#\Protect Methods\NonAdminCommands.cs
- Resources\Media\ConfirmationFalse.png
- Resources\XAML\ResourceDictionaries\Image.xaml
- C#\Others\GitHubDesktopFinder.cs
- C#\Protect Methods\OptionalWindowsFeatures.cs
- Resources\Media\ConfirmationTrue.png
- Resources\XAML\ResourceDictionaries\MoreStyles.xaml
- C#\Others\GlobalVars.cs
- C#\Protect Methods\SecBaselines_Overrides.cs
- Resources\Media\ExecuteButton.png
- Resources\XAML\ResourceDictionaries\Page.xaml
- C#\Others\HashtableChecker.cs
- C#\Protect Methods\TLSSecurity.cs
- Resources\Media\ExecuteButtonBig.png
- Resources\XAML\ResourceDictionaries\Scrollbars.xaml
- C#\Others\IniFileConverter.cs
- C#\Protect Methods\UAC_NoFastSwitching.cs
- Resources\Media\Log.png
- Resources\XAML\ResourceDictionaries\Text.xaml
- C#\Others\Initializer.cs
- C#\Protect Methods\UAC_OnlyElevateSigned.cs
- Resources\Media\notification (1).png
- Shared\HardeningFunctions.ps1
- C#\Others\JsonToHashtable.cs
- C#\Protect Methods\UserAccountControl.cs
- Resources\Media\notification (2).png
- Shared\SYSTEMInfoGathering.ps1
- C#\Others\LocalGroupMember.cs
- C#\Protect Methods\WindowsFirewall.cs
- Resources\Media\notification (3).png
- Shared\Update-self.psm1
- C#\Others\Logger.cs
- C#\Protect Methods\WindowsNetworking.cs
- Resources\Media\Path.png
Version History
Version | Downloads | Last updated |
---|---|---|
0.6.9 | 9,411 | 11/4/2024 |
0.6.8 | 2,947 | 10/29/2024 |
0.6.7 | 5,286 | 10/16/2024 |
0.6.6 | 2,666 | 10/9/2024 |
0.6.5 | 1,689 | 10/5/2024 |
0.6.4 | 567 | 10/4/2024 |
0.6.3 | 5,526 | 9/18/2024 |
0.6.2 | 377 | 9/18/2024 |
0.6.1 | 3,192 | 9/7/2024 |
0.6.0 | 764 | 9/4/2024 |
0.5.9 | 1,176 | 9/1/2024 |
0.5.8 (current version) | 1,119 | 8/28/2024 |
0.5.7 | 717 | 8/26/2024 |
0.5.6 | 414 | 8/25/2024 |
0.5.5 | 68 | 8/25/2024 |
0.5.4 | 5,047 | 8/10/2024 |
0.5.3 | 1,905 | 8/2/2024 |
0.5.2 | 1,266 | 7/29/2024 |
0.5.1 | 351 | 7/28/2024 |
0.5.0 | 886 | 7/21/2024 |
0.4.9 | 831 | 7/15/2024 |
0.4.8 | 429 | 7/14/2024 |
0.4.7 | 1,396 | 7/12/2024 |
0.4.6 | 1,263 | 7/7/2024 |
0.4.5 | 2,245 | 6/14/2024 |
0.4.4 | 519 | 6/10/2024 |
0.4.3 | 1,026 | 5/25/2024 |
0.4.2 | 619 | 5/16/2024 |
0.4.1 | 447 | 5/11/2024 |
0.4.0 | 672 | 5/4/2024 |
0.3.9 | 1,141 | 4/24/2024 |
0.3.8 | 779 | 4/14/2024 |
0.3.7 | 318 | 4/9/2024 |
0.3.6 | 272 | 4/3/2024 |
0.3.5 | 629 | 3/22/2024 |
0.3.4 | 1,096 | 3/7/2024 |
0.3.3 | 320 | 3/4/2024 |
0.3.2 | 809 | 2/24/2024 |
0.3.1 | 1,965 | 1/25/2024 |
0.3.0 | 653 | 1/15/2024 |
0.3.0-Beta3 | 8 | 1/15/2024 |
0.2.9 | 414 | 1/9/2024 |
0.2.8 | 68 | 1/9/2024 |
0.2.8-Beta2 | 10 | 1/8/2024 |
0.2.8-Beta1 | 9 | 1/8/2024 |
0.2.7 | 1,225 | 12/15/2023 |
0.2.6 | 349 | 11/23/2023 |
0.2.5 | 119 | 11/18/2023 |
0.2.4 | 132 | 11/8/2023 |
0.2.3 | 32 | 11/6/2023 |
0.2.2 | 54 | 11/3/2023 |
0.2.1 | 17 | 11/3/2023 |
0.2.0 | 190 | 10/19/2023 |
0.1.9 | 55 | 10/17/2023 |
0.1.8 | 55 | 10/12/2023 |
0.1.7 | 121 | 10/4/2023 |
0.1.6.1 | 107 | 9/26/2023 |
0.1.6 | 9 | 9/26/2023 |
0.1.5 | 37 | 9/24/2023 |
0.1.4 | 189 | 9/12/2023 |
0.1.3 | 43 | 9/7/2023 |
0.1.2 | 246 | 8/24/2023 |
0.1.1 | 54 | 8/21/2023 |
0.1.0 | 70 | 8/18/2023 |
0.0.9 | 33 | 8/17/2023 |
0.0.8 | 74 | 8/11/2023 |
0.0.7 | 54 | 8/9/2023 |
0.0.6 | 28 | 8/9/2023 |
0.0.5 | 13 | 8/9/2023 |
0.0.4 | 18 | 8/9/2023 |
0.0.3 | 80 | 8/5/2023 |
0.0.2 | 51 | 8/2/2023 |
0.0.1 | 81 | 7/29/2023 |