security.ps1
|
function sec_admin { $id = [Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent() return $id.IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator") } function sec_uac { $key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' setprop $key 'ConsentPromptBehaviorAdmin' 'DWORD' 0 setprop $key 'EnableLUA' 'DWORD' 0 } function sec_pwsh { Set-ExecutionPolicy -force -scope LocalMachine -ExecutionPolicy bypass Set-ExecutionPolicy -force -scope currentuser -ExecutionPolicy bypass if (installed pwsh) { pwsh -c '& {Set-ExecutionPolicy -force -scope localmachine -ExecutionPolicy bypass}' pwsh -c '& {Set-ExecutionPolicy -force -scope currentuser -ExecutionPolicy bypass}' } if (installed powershell) { powershell -c '& {Set-ExecutionPolicy -force -scope LocalMachine -ExecutionPolicy bypass}' powershell -c '& {Set-ExecutionPolicy -force -scope currentuser -ExecutionPolicy bypass}' } } function sec_defender { $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' setprop $key 'DisableAntiVirus' 'DWORD' 1 setprop $key 'DisableBehaviorMonitoring' 'DWORD' 1 setprop $key 'DisableOnAccessDetection' 'DWord' 1 setprop $key 'DisableScanOnRealtimeEnable' 'DWord' 1 setprop $key 'DisableAntiSpyware' 'DWord' 1 setprop $key 'DisableSpecialRunningModes' 'DWORD' 1 setprop $key 'DisableTamperProtection' 'DWORD' 1 setprop $key 'DisableAntiSpywareDefinitionUpdate' 'DWORD' 1 setprop $key 'AllowCloudProtection' 'DWORD' 0 $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' setprop $key 'DisableRealtimeMonitoring' 'DWORD' 1 setprop $key 'DisableBehaviorMonitoring' 'DWord' 1 setprop $key 'DisableOnAccessProtection' 'DWord' 1 setprop $key 'DisableScanOnRealtimeEnable' 'DWord' 1 $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet' setprop $key 'DisableBlockAtFirstSeen' 'DWORD' 1 $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' setprop $key 'DisableEnhancedNotifications' 'DWORD' 1 setprop $key 'DisableGenericReports' 'DWORD' 1 setprop $key 'DisableGenericRemediation' 'DWORD' 1 } function sec_pw { # password expiry: disable $key = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordPolicy" setprop $key "DisablePasswordExpiration" "DWORD" 1 # require sign-in $key = 'HKCU:\Control Panel\Desktop' setprop $key 'DelayLockInterval' 'DWORD' 0xffffffff $key = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' setprop $key 'DisableLockWorkstation' 'DWORD' 1 # dev mode, sudo $key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock' setprop $key 'AllowDevelopmentWithoutDevLicense' 'DWORD' 1 $key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Sudo' setprop $key 'Enabled' 'DWORD' 1 } function sec_ucpd { # requires restart to take effect [void](Disable-ScheduledTask '\Microsoft\Windows\AppxDeploymentClient\UCPD velocity') $key = 'HKLM:\SYSTEM\CurrentControlSet\Services\UCPD' setprop $key 'Start' 'DWORD' 4 } function sec_ie { $key = 'HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}' setprop $key 'IsInstalled' 'DWORD' 0 $key = 'HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}' setprop $key 'IsInstalled' 'DWORD' 0 } function sec_spy { $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' setprop $key 'EnableSmartScreen' 'DWORD' 0 setprop $key 'EnableActivityFeed' 'DWORD' 0 setprop $key 'PublishUserActivities' 'DWORD' 0 setprop $key 'UploadUserActivities' 'DWORD' 0 } |