Harden-Windows-Security
2023.9.6
⭕ You need to read the GitHub's readme page before running this script: https://github.com/HotCakeX/Harden-Windows-Security
⭕ Check out Compliance checking + Security score module: https://www.powershellgallery.com/packages/Harden-Windows-Security-Module/
💠 Features of this Hardening script:
✅ Always stays up-to-date with the newest security measures.
✅ Everything
⭕ Check out Compliance checking + Security score module: https://www.powershellgallery.com/packages/Harden-Windows-Security-Module/
💠 Features of this Hardening script:
✅ Always stays up-to-date with the newest security measures.
✅ Everything
⭕ You need to read the GitHub's readme page before running this script: https://github.com/HotCakeX/Harden-Windows-Security
⭕ Check out Compliance checking + Security score module: https://www.powershellgallery.com/packages/Harden-Windows-Security-Module/
💠 Features of this Hardening script:
✅ Always stays up-to-date with the newest security measures.
✅ Everything is in plain text, nothing hidden, no 3rd party executable or pre-compiled binary is involved.
✅ Doesn't remove or disable Windows functionalities against Microsoft's recommendations.
✅ The script primarily uses Group policies, the Microsoft recommended way of configuring Windows. It also uses PowerShell cmdlets where Group Policies aren't available, and finally uses a few registry keys to configure security measures that can neither be configured using Group Policies nor PowerShell cmdlets. This is why the script doesn't break anything or cause unwanted behavior.
✅ When a hardening measure is no longer necessary because it's applied by default by Microsoft on new builds of Windows, it will also be removed from this script in order to prevent any problems and because it won't be necessary anymore.
✅ The script can be run infinite number of times, it's made in a way that it won't make any duplicate changes.
✅ The script prompts for confirmation before running each hardening category and some sub-categories, so you can selectively run (or don't run) each of them.
✅ Applying this script makes your PC compliant with Microsoft Security Baselines and Secured-core PC specifications (provided that you use modern hardware that supports the latest Windows security features)
🛑 Note: Windows by default is secure and safe, this script does not imply nor claim otherwise. just like anything, you have to use it wisely and don't compromise yourself with reckless behavior and bad user configuration; Nothing is foolproof. this script only uses the tools and features that have already been implemented by Microsoft in Windows OS to fine-tune it towards the highest security and locked-down state, using well-documented, supported, recommended and official methods. continue reading on GitHub for comprehensive info.
💠 Hardening Categories from top to bottom: (🔻Detailed info about each of them at my Github🔻)
⏹ Commands that require Administrator Privileges
✅ Microsoft Security Baselines
✅ Microsoft 365 Apps Security Baselines
✅ Microsoft Defender
✅ Attack surface reduction rules
✅ Bitlocker Settings
✅ TLS Security
✅ Lock Screen
✅ UAC (User Account Control)
✅ Device Guard
✅ Windows Firewall
✅ Optional Windows Features
✅ Windows Networking
✅ Miscellaneous Configurations
✅ Windows Update Configurations
✅ Edge Browser Configurations
✅ Certificate Checking Commands
✅ Country IP Blocking
⏹ Commands that don't require Administrator Privileges
✅ Non-Admin Commands that only affect the current user and do not make machine-wide changes.
💎 Note: If there are multiple Windows user accounts in your computer, it's recommended to run this script in each of them, without administrator privileges, because Non-admin commands only apply to the current user and are not machine wide.
🏴 If you have any questions, requests, suggestions etc. about this script, please open a new Discussion or Issue on GitHub
Show more
⭕ Check out Compliance checking + Security score module: https://www.powershellgallery.com/packages/Harden-Windows-Security-Module/
💠 Features of this Hardening script:
✅ Always stays up-to-date with the newest security measures.
✅ Everything is in plain text, nothing hidden, no 3rd party executable or pre-compiled binary is involved.
✅ Doesn't remove or disable Windows functionalities against Microsoft's recommendations.
✅ The script primarily uses Group policies, the Microsoft recommended way of configuring Windows. It also uses PowerShell cmdlets where Group Policies aren't available, and finally uses a few registry keys to configure security measures that can neither be configured using Group Policies nor PowerShell cmdlets. This is why the script doesn't break anything or cause unwanted behavior.
✅ When a hardening measure is no longer necessary because it's applied by default by Microsoft on new builds of Windows, it will also be removed from this script in order to prevent any problems and because it won't be necessary anymore.
✅ The script can be run infinite number of times, it's made in a way that it won't make any duplicate changes.
✅ The script prompts for confirmation before running each hardening category and some sub-categories, so you can selectively run (or don't run) each of them.
✅ Applying this script makes your PC compliant with Microsoft Security Baselines and Secured-core PC specifications (provided that you use modern hardware that supports the latest Windows security features)
🛑 Note: Windows by default is secure and safe, this script does not imply nor claim otherwise. just like anything, you have to use it wisely and don't compromise yourself with reckless behavior and bad user configuration; Nothing is foolproof. this script only uses the tools and features that have already been implemented by Microsoft in Windows OS to fine-tune it towards the highest security and locked-down state, using well-documented, supported, recommended and official methods. continue reading on GitHub for comprehensive info.
💠 Hardening Categories from top to bottom: (🔻Detailed info about each of them at my Github🔻)
⏹ Commands that require Administrator Privileges
✅ Microsoft Security Baselines
✅ Microsoft 365 Apps Security Baselines
✅ Microsoft Defender
✅ Attack surface reduction rules
✅ Bitlocker Settings
✅ TLS Security
✅ Lock Screen
✅ UAC (User Account Control)
✅ Device Guard
✅ Windows Firewall
✅ Optional Windows Features
✅ Windows Networking
✅ Miscellaneous Configurations
✅ Windows Update Configurations
✅ Edge Browser Configurations
✅ Certificate Checking Commands
✅ Country IP Blocking
⏹ Commands that don't require Administrator Privileges
✅ Non-Admin Commands that only affect the current user and do not make machine-wide changes.
💎 Note: If there are multiple Windows user accounts in your computer, it's recommended to run this script in each of them, without administrator privileges, because Non-admin commands only apply to the current user and are not machine wide.
🏴 If you have any questions, requests, suggestions etc. about this script, please open a new Discussion or Issue on GitHub
The owner has unlisted this package.
This could mean that the script is deprecated or shouldn't be used anymore.
Installation Options
Owners
Copyright
2023
Package Details
Author(s)
- HotCakeX
Tags
Windows Hardening Security Bitlocker Defender Firewall Edge Protection Baseline TLS UAC Encryption
Functions
Select-Option Edit-Registry Test-IsAdmin Invoke-WithoutProgress Compare-SecureString Block-CountryIP
Dependencies
This script has no dependencies.
Release Notes
Full Change log always available on GitHub: https://github.com/HotCakeX/Harden-Windows-Security/releases
FileList
- Harden-Windows-Security.nuspec
- Harden-Windows-Security.ps1
Version History
| Version | Downloads | Last updated |
|---|