Skip to content

Commit 1278edb

Browse files
0x6d69636b0x6d69636b
committed
Update to HardeningKitty v.0.8.1
1 parent 7523b98 commit 1278edb

22 files changed

+684
-515
lines changed

Invoke-HardeningKitty.ps1

Lines changed: 646 additions & 472 deletions
Large diffs are not rendered by default.

README.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -176,7 +176,7 @@ HardeningKitty can be used to audit systems against the following baselines / be
176176
| Microsoft Security baseline for Microsoft Edge | 95 | Final |
177177
| Microsoft Security baseline for Microsoft Edge | 96 | Final |
178178
| Microsoft Security baseline for Microsoft Edge | 97 | Final |
179-
| Microsoft Security baseline for Microsoft Edge | 98, 99, 100, 101, 102, 103 | Final |
179+
| Microsoft Security baseline for Microsoft Edge | 98, 99, 100, 101, 102, 103, 104 | Final |
180180
| Microsoft Security baseline for Windows 10 | 2004 | Final |
181181
| Microsoft Security baseline for Windows 10 | 20H2, 21H1 | Final |
182182
| Microsoft Security baseline for Windows 10 | 21H2 | Final |
@@ -197,4 +197,3 @@ HardeningKitty can be used to audit systems against the following baselines / be
197197
| Microsoft Security Baseline for Microsoft 365 Apps for enterprise (User) | v2206 | Final |
198198
| Microsoft Windows Server TLS Settings | 1809 | 1.0 |
199199
| Microsoft Windows Server TLS Settings (Future Use with TLSv1.3) | 1903 | 1.0 |
200-

lists/finding_list_0x6d69636b_machine.csv

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
3636
1319,"Security Options","Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0,RestrictSendingNTLMTraffic,,,,0,1,=,Medium
3737
1320,"Security Options","Shutdown: Allow system to be shut down without having to log on",Registry,,HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System,ShutdownWithoutLogon,,,,1,0,=,Medium
3838
1321,"Security Options","User Account Control: Admin Approval Mode for the Built-in Administrator account",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,FilterAdministratorToken,,,,0,1,=,Medium
39-
1322,"Security Options","User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,ConsentPromptBehaviorAdmin,,,,5,5,=,Medium
39+
1322,"Security Options","User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,ConsentPromptBehaviorAdmin,,,,5,2,=,Medium
4040
1323,"Security Options","User Account Control: Behavior of the elevation prompt for standard users",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,ConsentPromptBehaviorUser,,,,0,1,=,Medium
4141
1400,"Windows Firewall","EnableFirewall (Domain Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile,EnableFirewall,,,,0,1,=,Medium
4242
1418,"Windows Firewall","EnableFirewall (Domain Profile)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile,EnableFirewall,,,,1,1,=,Medium
@@ -110,6 +110,7 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
110110
1764,"Administrative Templates: Printer","Point and Print Restrictions: When installing drivers for a new connection (CVE-2021-34527)",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint",NoWarningNoElevationOnInstall,,,,0,0,=,High
111111
1765,"Administrative Templates: Printer","Point and Print Restrictions: When updating drivers for an existing connection (CVE-2021-34527)",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint",UpdatePromptSettings,,,,0,0,=,High
112112
1766,"Administrative Templates: Printer","Point and Print Restrictions: Only administrators can install printer drivers on a print server (CVE-2021-34527)",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint",RestrictDriverInstallationToAdministrators,,,,0,1,=,Medium
113+
1771,"Administrative Templates: Start Menu and Taskbar","Notifications: Turn off notifications network usage",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications,NoCloudApplicationNotification,,,,0,1,=,Medium
113114
1605,"Administrative Templates: System","Credentials Delegation: Allow delegation default credentials",Registry,,HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation,AllowDefaultCredentials,,,,1,0,=,Medium
114115
1606,"Administrative Templates: System","Credentials Delegation: Encryption Oracle Remediation",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters,AllowEncryptionOracle,,,,0,0,=,Medium
115116
1607,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices that match an ID",Registry,,HKLM:\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions,DenyDeviceIDs,,,,0,1,=,Medium
@@ -177,8 +178,7 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
177178
1718,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup key",Registry,,HKLM:\Software\Policies\Microsoft\FVE,UseTPMKey,,,,0,0,=,Medium
178179
1719,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup key and PIN",Registry,,HKLM:\Software\Policies\Microsoft\FVE,UseTPMKeyPIN,,,,0,0,=,Medium
179180
1712,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Operating System Drives: Allow enhanced PINs for startup",Registry,,HKLM:\Software\Policies\Microsoft\FVE,UseEnhancedPin,,,,0,1,=,Medium
180-
1713,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Operating System Drives: Configure use of hardware-based encryption for operating system drives",Registry,,HKLM:\Software\Policies\Microsoft\FVE,OSHardwareEncryption,,,,0,1,=,Medium
181-
1714,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Operating System Drives: Use BitLocker software-based encryption when hardware encryption is not available",Registry,,HKLM:\Software\Policies\Microsoft\FVE,OSAllowSoftwareEncryptionFailover,,,,0,1,=,Medium
181+
1713,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Operating System Drives: Configure use of hardware-based encryption for operating system drives",Registry,,HKLM:\Software\Policies\Microsoft\FVE,OSHardwareEncryption,,,,0,0,=,Medium
182182
1763,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Operating System Drives: Configure minimum PIN length for startup",Registry,,HKLM:\Software\Policies\Microsoft\FVE,MinimumPIN,,,,,8,>=,Medium
183183
1720,"Administrative Templates: Windows Components","Cloud Content: Do not show Windows tips",Registry,,HKLM:\Software\Policies\Microsoft\Windows\CloudContent,DisableSoftLanding,,,,0,1,=,Medium
184184
1721,"Administrative Templates: Windows Components","Cloud Content: Turn off Microsoft consumer experiences",Registry,,HKLM:\Software\Policies\Microsoft\Windows\CloudContent,DisableWindowsConsumerFeatures,,,,0,1,=,Medium

lists/finding_list_0x6d69636b_user.csv

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Namespace,Property,DefaultValue,RecommendedValue,Operator,Severity
2-
4000,"Administrative Templates: Start Menu and Taskbar","Notifications: Turn off notifications network usage",Registry,,HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion,NoCloudApplicationNotification,,,,0,1,=,Medium
32
4001,"Administrative Templates: Start Menu and Taskbar","Notifications: Turn off toast notifications on the lock screen",Registry,,HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications,NoToastApplicationNotificationOnLockScreen,,,,0,1,=,Medium
43
4100,"Administrative Templates: System","Internet Communication Management: Internet Communication Settings: Turn off Help Experience Improvement Program",Registry,,HKCU:\Software\Policies\Microsoft\Assistance\Client\1.0,NoImplicitFeedback,,,,0,1,=,Medium
54
4200,"Administrative Templates: Windows Components","Cloud Content: Do not use diagnostic data for tailored experiences",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,DisableTailoredExperiencesWithDiagnosticData,,,,0,1,=,Medium
@@ -11,8 +10,8 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
1110
4303,PowerShell,"PowerShell Language Mode",LanguageMode,,,,,,,FullLanguage,ConstrainedLanguage,=,Medium
1211
4400,"Office 2016 / Office 365","Security Settings: Macro Runtime Scan Scope",Registry,,HKCU:\software\policies\microsoft\office\16.0\common\security,macroruntimescanscope,,,,0,2,=,Medium
1312
4401,"Office 2016 / Office 365","Microsoft Excel: Always prevent untrusted Microsoft Query files from opening",Registry,,"HKCU:\software\policies\microsoft\office\16.0\excel\security\external content",enableblockunsecurequeryfiles,,,,0,1,=,Medium
14-
4405,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDE) server launch in Excel",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDEAllowed,,,,1,0,=,Medium
15-
4406,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDE) server lookup in Excel",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDECleaned,,,,0,1,=,Medium
13+
4405,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDE) server launch in Excel",Registry,,"HKCU:\software\policies\microsoft\office\16.0\excel\security\external content",disableddeserverlaunch,,,,0,1,=,Medium
14+
4406,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDE) server lookup in Excel",Registry,,"HKCU:\software\policies\microsoft\office\16.0\excel\security\external content",disableddeserverlookup,,,,0,1,=,Medium
1615
4407,"Office 2016 / Office 365","Microsoft Excel: Block macros from running in Office files from the Internet",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Excel\Security,blockcontentexecutionfrominternet,,,,0,1,=,Medium
1716
4408,"Office 2016 / Office 365","Microsoft Excel: VBA Macro Notification Settings",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Security,vbawarnings,,,,2,4,=,Medium
1817
4409,"Office 2016 / Office 365","Microsoft Excel: VBA Macro Notification Settings (Policy)",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Excel\Security,vbawarnings,,,,2,4,=,Medium
@@ -22,8 +21,8 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
2221
4416,"Office 2016 / Office 365","Microsoft Word: VBA Macro Notification Settings",Registry,,HKCU:\Software\Microsoft\Office\16.0\Word\Security,vbawarnings,,,,2,4,=,Medium
2322
4417,"Office 2016 / Office 365","Microsoft Word: VBA Macro Notification Settings (Policy)",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Word\Security,vbawarnings,,,,2,4,=,Medium
2423
4402,"Office 2016 / Office 365","Microsoft Excel: Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DontUpdateLinks,,,,0,1,=,Medium
25-
4403,"Office 2016 / Office 365","Microsoft Excel: Allow DDE",Registry,,"HKCU:\software\policies\microsoft\office\16.0\excel\security\external content",disableddeserverlaunch,,,,0,1,=,Medium
26-
4404,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDE) server lookup in Excel",Registry,,"HKCU:\software\policies\microsoft\office\16.0\excel\security\external content",disableddeserverlookup,,,,0,1,=,Medium
24+
4403,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDEAllowed)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDEAllowed,,,,1,1,=,Medium
25+
4404,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDECleaned)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDECleaned,,,,0,1,=,Medium
2726
4410,"Office 2016 / Office 365","Microsoft OneNote: Disable embedded files",Registry,,HKCU:\Software\Microsoft\Office\16.0\OneNote\Options,DisableEmbeddedFiles,,,,0,1,=,Medium
2827
4413,"Office 2016 / Office 365","Microsoft Word: Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Word\Options,DontUpdateLinks,,,,0,1,=,Medium
2928
4414,"Office 2016 / Office 365","Microsoft Word (Mail): Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Word\Options\WordMail,DontUpdateLinks,,,,0,1,=,Medium

lists/finding_list_cis_microsoft_windows_10_enterprise_21h2_machine.csv

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -160,7 +160,7 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
160160
5.21.1,"System Services","Remote Desktop Configuration (SessionEnv)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\SessionEnv,Start,,,,3,4,=,Medium
161161
5.21.2,"System Services","Remote Desktop Configuration (SessionEnv) (Service Startup type)",service,SessionEnv,,,,,,Manual,Disabled,=,Medium
162162
5.22.1,"System Services","Remote Desktop Services (TermService)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\TermService,Start,,,,3,4,=,Medium
163-
5.22.1,"System Services","Remote Desktop Services (TermService) (Service Startup type)",service,TermService,,,,,,Manual,Disabled,=,Medium
163+
5.22.2,"System Services","Remote Desktop Services (TermService) (Service Startup type)",service,TermService,,,,,,Manual,Disabled,=,Medium
164164
5.23.1,"System Services","Remote Desktop Services UserMode Port Redirector (UmRdpService)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\UmRdpService,Start,,,,3,4,=,Medium
165165
5.23.2,"System Services","Remote Desktop Services UserMode Port Redirector (UmRdpService) (Service Startup type)",service,UmRdpService,,,,,,Manual,Disabled,=,Medium
166166
5.24.1,"System Services","Remote Procedure Call (RPC) Locator (RpcLocator)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\RpcLocator,Start,,,,3,4,=,Medium
@@ -196,7 +196,7 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
196196
5.39.1,"System Services","Windows PushToInstall Service (PushToInstall)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\PushToInstall,Start,,,,3,4,=,Medium
197197
5.39.2,"System Services","Windows PushToInstall Service (PushToInstall) (Service Startup type)",service,PushToInstall,,,,,,Manual,Disabled,=,Medium
198198
5.40.1,"System Services","Windows Remote Management (WS-Management) (WinRM)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\WinRM,Start,,,,3,4,=,Medium
199-
5.40.1,"System Services","Windows Remote Management (WS-Management) (WinRM) (Service Startup type)",service,WinRM,,,,,,Manual,Disabled,=,Medium
199+
5.40.2,"System Services","Windows Remote Management (WS-Management) (WinRM) (Service Startup type)",service,WinRM,,,,,,Manual,Disabled,=,Medium
200200
5.41.1,"System Services","World Wide Web Publishing Service (W3SVC)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\W3SVC,Start,,,,,4,=|0,Medium
201201
5.41.2,"System Services","World Wide Web Publishing Service (W3SVC) (Service Startup type)",service,W3SVC,,,,,,,Disabled,=|0,Medium
202202
5.42.1,"System Services","Xbox Accessory Management Service (XboxGipSvc)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\XboxGipSvc,Start,,,,3,4,=,Medium

0 commit comments

Comments
 (0)