API tools faq
paste
Guest User

Untitled

a guest
May 26th, 2018
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 49.76 KB | None | 0 0
raw download clone embed print report
  1. #Program Name :- Windows Auditor Based on CIS Benchmark
  2. #Program Name :- Windows Auditor Based on CIS Benchmark
  3. #Benchmark File used :- CIS_Microsoft_Windows_Server_2012_Benchmark_v1.0.0
  4. #Author : Kaustubh Padwad
  5. #copyright : copyright (c) 2015 Kaustubh Padwad
  6. #Licnse :- Gnu-GPL-3
  7. Set-ExecutionPolicy -ExecutionPolicy restricted -force
  8. echo "1 Checks for Computer Configuration"
  9. echo "1.1 Security Settings"
  10. echo "1.1.1 Account Policies" > audit.txt
  11.  
  12. echo "1.1.1.1 Set 'Account lockout threshold' to '5 invalid logon attempt(s)'"
  13. echo "Account lockout threshold Should be 5 OR LESS invalid logon attempt(s)'" >> audit.txt
  14. $a = "Account lockout threshold-----------> "
  15. $b = net accounts | findstr /i /c:"lockout threshold"
  16. $a += if ($b -match "5") {echo "compliance"} else {echo "Non compliance this value should be less than 5"}
  17. write-output $a
  18.  
  19. echo "1.1.1.2 Set 'Account lockout duration' to '15 or more minute(s)'"
  20. echo "Account lockout duration' to '15 or more minute(s)''" >> audit.txt
  21. $a = "Account lockout duration-----------> "
  22. $b = net accounts | findstr /i /c:"lockout duration"
  23. $a += if ($b -match "15") {echo "compliance"} else {echo "Non compliance this value should be 15"}
  24. write-output $a
  25.  
  26. echo "1.1.1.3 Set 'Reset account lockout counter after' to '15 minute(s)'"
  27. echo "Reset account lockout counter after' to '15 minute(s)" >> audit.txt
  28. $a = "Reset account lockout counter-----------> "
  29. $b = net accounts | findstr /i /c:"lockout duration"
  30. $a += if ($b -match "30") {echo "compliance"} else {echo "Non compliance this value should be 30"}
  31. write-output $a
  32.  
  33. echo "1.1.1.4 Set 'Minimum password length' to '14 or more character(s)"
  34. echo "Minimum password length to '14 or more character(s)" >> audit.txt
  35. $a = "Minimum password length-----------> "
  36. $b = net accounts | findstr /i /c:"Minimum password length"
  37. $a += if ($b -match "14") {echo "compliance"} else {echo "Non compliance this value should be 14"}
  38. write-output $a
  39.  
  40. echo "1.1.1.5 Set 'Enforce password history' to '24 or more password(s)'"
  41. echo "Enforce password history' to '24" >> audit.txt
  42. $a = "Enforce password history-----------> "
  43. $b = net accounts | findstr /i /C:"password history"
  44. $a += if ($b -match "24") {echo "compliance"} else {echo "Non compliance this value should be 24"}
  45. write-output $a
  46.  
  47. echo "1.1.1.6 Set 'Password must meet complexity requirements' to 'Enabled'"
  48. echo "Password must meet complexity requirements' to 'Enabled'" >> audit.txt
  49. $a = " Password must meet complexity-----------> "
  50. $b = net accounts | findstr /i /C:"password history"
  51. $a += if ($b -match "24") {echo "compliance"} else {echo "Non compliance this value should be 24"}
  52. write-output $a
  53.  
  54. #echo "1.1.1.7 Set 'Store passwords using reversible encryption' to 'Disabled'"
  55. #echo "'Store passwords using reversible encryption' to 'Disabled'" >> audit.txt
  56. #$a = " Store passwords using reversible encryption-----------> "
  57. #$b = "
  58. #$a += if ($b -match "24") {echo "compliance"} else {echo "Non compliance this value should be 24"}
  59. #write-output $a
  60.  
  61. echo "1.1.1.8 Set 'Minimum password age' to '1 or more day(s)'"
  62. echo "Minimum password age' to '1'" >> audit.txt
  63. $a = " Minimum password age-----------> "
  64. $b = net accounts | findstr /i /c:"Minimum password age"
  65. $a += if ($b -match "1") {echo "compliance"} else {echo "Non compliance this value should be 1"}
  66. write-output $a
  67.  
  68. echo "1.1.1.9 Set 'Maximum password age' to '60 or fewer days'"
  69. echo "Maximum password age' to '60'" >> audit.txt
  70. $a = " Maximum password age-----------> "
  71. $b = net accounts | findstr /i /c:"Maximum password age"
  72. $a += if ($b -match "60") {echo "compliance"} else {echo "Non compliance this value should be 60"}
  73. write-output $a
  74.  
  75. echo "1.1.2 Advanced Audit Policy Configuration"
  76.  
  77. echo "1.1.2.1 Set 'Audit Policy: Account Logon: Credential Validation' to 'Success and Failure'"
  78. echo "Audit Policy: Account Logon: Credential Validation' to 'Success and Failure'" >> audit.txt
  79. $a = " Audit Policy: Account Logon: Credential Validation -----------> "
  80. $b = auditpol /get /category:* | findstr /i "cread"
  81. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  82. write-output $a
  83.  
  84. echo "1.1.2.2 Set 'Audit Policy: Account Logon: Kerberos Authentication Service' to 'No Auditing'"
  85. echo "Account Logon: Kerberos Authentication Service' to 'No Auditing'" >> audit.txt
  86. $a = " Account Logon: Kerberos Authentication Service -----------> "
  87. $b = auditpol /get /category:* | findstr /i /c:"Kerberos Authentication Service"
  88. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  89. write-output $a
  90.  
  91. echo "1.1.2.3 Set 'Audit Policy: Account Logon: Kerberos Service Ticket Operations' to 'No Auditing'"
  92. echo "Account Logon: Kerberos Authentication Service' to 'No Auditing'" >> audit.txt
  93. $a = " Account Logon: Kerberos Authentication Service -----------> "
  94. $b = auditpol /get /category:* | findstr /i /c:"Kerberos Service"
  95. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  96. write-output $a
  97.  
  98. echo "1.1.2.4 Set 'Audit Policy: Account Logon: Other Account Logon Events' to 'No Auditing'"
  99. echo "'Audit Policy: Account Logon: Other Account Logon Events' to 'No Auditing'" >> audit.txt
  100. $a = " Account Logon: Other Account Logon Events -----------> "
  101. $b = auditpol /get /category:* | findstr /i /c:"Other Account Logon"
  102. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  103. write-output $a
  104.  
  105. echo "1.1.2.5 Set 'Audit Policy: Account Management: Application Group Management' to 'No Auditing'"
  106. echo "Audit Policy: Account Management: Application Group Management"' to 'No Auditing" >> audit.txt
  107. $a = " Account Management: Application Group Management -----------> "
  108. $b = auditpol /get /category:* | findstr /i /c:"Application Group Management"
  109. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  110. write-output $a
  111. echo "1.1.2.7 Set 'Audit Policy: Account Management: Distribution Group Management' to 'No Auditing'"
  112. echo "Audit Policy: Account Management: Distribution Group Management" >> audit.txt
  113. $a = " Account Management: Distribution Group Management-----------> "
  114. $b = auditpol /get /category:* | findstr /i /c:"Computer Account Management"
  115. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  116. write-output $a
  117. echo "1.1.2.8 Set 'Audit Policy: Account Management: Other Account Management Events' to 'Success and Failure'"
  118. echo "Audit Policy: Account Management: Other Account Management Events" >> audit.txt
  119. $a = " Account Management: Other Account Management Events-----------> "
  120. $b = auditpol /get /category:* | findstr /i /c:"Computer Account Management"
  121. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  122. write-output $a
  123. echo "1.1.2.9 Set 'Audit Policy: Account Management: Security Group Management' to 'Success and Failure'"
  124. echo "Audit Policy: Account Management: Security Group Management" >> audit.txt
  125. $a = " Account Management: Security Group Management-----------> "
  126. $b = auditpol /get /category:* | findstr /i /c:"Security Group Management"
  127. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  128. write-output $a
  129. echo "1.1.2.10 Set 'Audit Policy: Account Management: User Account Management' to 'Success and Failure'"
  130. echo "Audit Policy: Account Management: User Account Management" >> audit.txt
  131. $a = " Account Management: User Account Management-----------> "
  132. $b = auditpol /get /category:* | findstr /i /c:"User Account Management"
  133. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  134. write-output $a
  135. echo "1.1.2.11 Set 'Audit Policy: Detailed Tracking: DPAPI Activity' to 'No Auditing'"
  136. echo "Audit Policy: Detailed Tracking: DPAPI Activity" >> audit.txt
  137. $a = " Detailed Tracking: DPAPI Activity-----------> "
  138. $b = auditpol /get /category:* | findstr /i /c:"DPAPI Activity"
  139. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  140. write-output $a
  141. echo "1.1.2.12 Set 'Audit Policy: Detailed Tracking: Process Creation' to 'Success'"
  142. echo "Audit Policy: Detailed Tracking: Process Creation" >> audit.txt
  143. $a = " Detailed Tracking: Process Creation-----------> "
  144. $b = auditpol /get /category:* | findstr /i /c:"DPAPI Activity"
  145. $a += if ($b -match "Success") {echo "compliance"} else {echo "Non compliance this value should be Success"}
  146. write-output $a
  147. echo "1.1.2.13 Set 'Audit Policy: Detailed Tracking: Process Termination' to 'No Auditing'"
  148. echo "Audit Policy: Detailed Tracking: Process Termination" >> audit.txt
  149. $a = " Detailed Tracking: Process Termination-----------> "
  150. $b = auditpol /get /category:* | findstr /i /c:"Process Termination"
  151. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  152. write-output $a
  153. echo "1.1.2.14 Set 'Audit Policy: Detailed Tracking: RPC Events' to 'No Auditing'"
  154. echo "Audit Policy: Detailed Tracking: RPC Events" >> audit.txt
  155. $a = " Detailed Tracking: RPC Events-----------> "
  156. $b = auditpol /get /category:* | findstr /i /c:"RPC Events"
  157. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  158. write-output $a
  159. echo "1.1.2.15 Set 'Audit Policy: DS Access: Detailed Directory Service Replication' to 'No Auditing'"
  160. echo "Audit Policy: DS Access: Detailed Directory Service Replication" >> audit.txt
  161. $a = " DS Access: Detailed Directory Service Replication-----------> "
  162. $b = auditpol /get /category:* | findstr /i /c:"Detailed Directory Service Replication"
  163. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  164. write-output $a
  165. echo "1.1.2.16 Set 'Audit Policy: DS Access: Directory Service Access' to 'Success and Failure'"
  166. echo "Audit Policy: DS Access: Directory Service Access" >> audit.txt
  167. $a = " DS Access: Directory Service Access-----------> "
  168. $b = auditpol /get /category:* | findstr /i /c:"Directory Service Access"
  169. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  170. write-output $a
  171. echo "1.1.2.16 Set 'Audit Policy: DS Access: Directory Service Access' to 'Success and Failure'"
  172. echo "Audit Policy: DS Access: Directory Service Access" >> audit.txt
  173. $a = " DS Access: Directory Service Access-----------> "
  174. $b = auditpol /get /category:* | findstr /i /c:"Directory Service Access"
  175. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  176. write-output $a
  177. echo "1.1.2.17 Set 'Audit Policy: DS Access: Directory Service Changes' to 'Success and Failure'"
  178. echo "Audit Policy: DS Access: Directory Service Changes" >> audit.txt
  179. $a = " DS Access: Directory Service Changes-----------> "
  180. $b = auditpol /get /category:* | findstr /i /c:"Directory Service Changes"
  181. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  182. write-output $a
  183. echo "1.1.2.18 Set 'Audit Policy: DS Access: Directory Service Replication' to 'No Auditing'"
  184. echo "Audit Policy: DS Access: Directory Service Replication" >> audit.txt
  185. $a = " DS Access: Directory Service Replication-----------> "
  186. $b = auditpol /get /category:* | findstr /i /c:"Directory Service Replication"
  187. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  188. write-output $a
  189. echo "1.1.2.19 Set 'Audit Policy: Logon-Logoff: Account Lockout' to 'No Auditing'"
  190. echo "Audit Policy: Logon-Logoff: Account Lockout' to 'No Auditing" >> audit.txt
  191. $a = " Logon-Logoff: Account Lockout-----------> "
  192. $b = auditpol /get /category:* | findstr /i /c:"Account Lockout"
  193. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  194. write-output $a
  195. echo "1.1.2.20 Set 'Audit Policy: Logon-Logoff: IPsec Extended Mode' to 'No Auditing'"
  196. echo "Audit Policy: Logon-Logoff: IPsec Extended Mode' to 'No Auditing" >> audit.txt
  197. $a = " Logon-Logoff: Account Lockout-----------> "
  198. $b = auditpol /get /category:* | findstr /i /c:"IPsec Extended Mode"
  199. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  200. write-output $a
  201. echo "1.1.2.22 Set 'Audit Policy: Logon-Logoff: IPsec Quick Mode' to 'No Auditing'"
  202. echo "Audit Policy: Logon-Logoff: IPsec Quick Mode' to 'No Auditing" >> audit.txt
  203. $a = " Logon-Logoff: IPsec Quick Mode-----------> "
  204. $b = auditpol /get /category:* | findstr /i /c:"IPsec Quick Mode"
  205. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  206. write-output $a
  207. echo "1.1.2.23 Set 'Audit Policy: Logon-Logoff: Logoff' to 'Success'"
  208. echo "Audit Policy: Logon-Logoff: Logoff' to 'Success" >> audit.txt
  209. $a = " Logon-Logoff: Logoff>----------->> "
  210. $b = auditpol /get /category:* | findstr /i /c:"Logoff"
  211. $a += if ($b -match "Success") {echo "compliance"} else {echo "Non compliance this value should be Success"}
  212. write-output $a
  213. echo "1.1.2.24 Set 'Audit Policy: Logon-Logoff: Logon' to 'Success and Failure'"
  214. echo "Audit Policy: Logon-Logoff: Logon' to 'Success" >> audit.txt
  215. $a = " Logon-Logoff: Logon>----------->> "
  216. $b = auditpol /get /category:* | findstr /i /c:"Logon"
  217. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  218. write-output $a
  219. echo "1.1.2.25 Set 'Audit Policy: Logon-Logoff: Network Policy Server' to 'No Auditing'"
  220. echo "Audit Policy: Logon-Logoff: Network Policy Server' to 'No Auditing" >> audit.txt
  221. $a = " Logon-Logoff: Network Policy Server-----------> "
  222. $b = auditpol /get /category:* | findstr /i /c:"Network Policy Server"
  223. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  224. write-output $a
  225. echo "1.1.2.26 Set 'Audit Policy: Logon-Logoff: Other Logon/Logoff Events' to 'No Auditing'"
  226. echo "Audit Policy: Logon-Logoff: Other Logon/Logoff Events' to 'No Auditing" >> audit.txt
  227. $a = " Logon-Logoff: Other Logon/Logoff Events-----------> "
  228. $b = auditpol /get /category:* | findstr /i /c:"Other Logon/Logoff Events"
  229. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  230. write-output $a
  231. echo "1.1.2.27 Set 'Audit Policy: Logon-Logoff: Special Logon' to 'Success'"
  232. echo "Audit Policy: Logon-Logoff: Special Logon' to 'Success" >> audit.txt
  233. $a = " Logon-Logoff: Special Logon-----------> "
  234. $b = auditpol /get /category:* | findstr /i /c:"Special Logon"
  235. $a += if ($b -match "Success") {echo "compliance"} else {echo "Non compliance this value should be Success"}
  236. write-output $a
  237. echo "1.1.2.27 Set 'Audit Policy: Logon-Logoff: Special Logon' to 'Success'"
  238. echo "Audit Policy: Logon-Logoff: Special Logon' to 'Success" >> audit.txt
  239. $a = " Logon-Logoff: Special Logon-----------> "
  240. $b = auditpol /get /category:* | findstr /i /c:"Special Logon"
  241. $a += if ($b -match "Success") {echo "compliance"} else {echo "Non compliance this value should be Success"}
  242. write-output $a
  243. echo "1.1.2.28 Set 'Audit Policy: Object Access: Application Generated' to 'No Auditing'"
  244. echo "Audit Policy: Object Access: Application Generated'' to 'No Auditing" >> audit.txt
  245. $a = " Object Access: Application Generated'-----------> "
  246. $b = auditpol /get /category:* | findstr /i /c:"Application Generated"
  247. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  248. write-output $a
  249. echo "1.1.2.29 Set 'Audit Policy: Object Access: Central Access Policy Staging' to 'No Auditing'"
  250. echo "Audit Policy: Object Access: Central Access Policy Staging' to 'No Auditing" >> audit.txt
  251. $a = " Object Access: Central Access Policy Staging'-----------> "
  252. $b = auditpol /get /category:* | findstr /i /c:"Central Access Policy Staging"
  253. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  254. write-output $a
  255. echo "1.1.2.30 Set 'Audit Policy: Object Access: Certification Services' to 'No Auditing'"
  256. echo "Audit Policy: Object Access: Certification Services' to 'No Auditing" >> audit.txt
  257. $a = " Object Access: Central Certification Services-----------> "
  258. $b = auditpol /get /category:* | findstr /i /c:"Certification Services"
  259. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  260. write-output $a
  261. echo "1.1.2.31 Set 'Audit Policy: Object Access: Detailed File Share' to 'No Auditing'"
  262. echo "Audit Policy: Object Access: Detailed File Share' to 'No Auditing" >> audit.txt
  263. $a = " Object Access: Detailed File Share-----------> "
  264. $b = auditpol /get /category:* | findstr /i /c:"Detailed File Share"
  265. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  266. write-output $a
  267. echo "1.1.2.32 Set 'Audit Policy: Object Access: File Share' to 'No Auditing'"
  268. echo "Audit Policy: Object Access: File Share' to 'No Auditing" >> audit.txt
  269. $a = " Object Access: File Share-----------> "
  270. $b = auditpol /get /category:* | findstr /i /c:" File Share"
  271. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  272. write-output $a
  273. echo "1.1.2.33 Set 'Audit Policy: Object Access: File System' to 'No Auditing'"
  274. echo "Audit Policy: Object Access: File System to 'No Auditing" >> audit.txt
  275. $a = " Object Access: File System-----------> "
  276. $b = auditpol /get /category:* | findstr /i /c:"File System"
  277. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  278. write-output $a
  279. echo "1.1.2.34 Set 'Audit Policy: Object Access: Filtering Platform Connection' to 'No Auditing'"
  280. echo "Audit Policy: Object Access: Filtering Platform Connection to 'No Auditing" >> audit.txt
  281. $a = " Object Access: Filtering Platform Connection-----------> "
  282. $b = auditpol /get /category:* | findstr /i /c:"Filtering Platform Connection"
  283. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  284. write-output $a
  285. echo "1.1.2.35 Set 'Audit Policy: Object Access: Filtering Platform Packet Drop' to 'No Auditing'"
  286. echo "Audit Policy: Object Access: Filtering Platform Packet Drop to 'No Auditing" >> audit.txt
  287. $a = " Object Access: Filtering Platform Packet Drop-----------> "
  288. $b = auditpol /get /category:* | findstr /i /c:"Filtering Platform Packet Drop"
  289. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  290. write-output $a
  291. echo "1.1.2.36 Set 'Audit Policy: Object Access: Handle Manipulation' to 'No Auditing'"
  292. echo "Audit Policy: Object Access: Handle Manipulation to 'No Auditing" >> audit.txt
  293. $a = " Object Access: Handle Manipulation-----------> "
  294. $b = auditpol /get /category:* | findstr /i /c:"Handle Manipulation"
  295. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  296. write-output $a
  297. echo "1.1.2.37 Set 'Audit Policy: Object Access: Kernel Object' to 'No Auditing'"
  298. echo "Audit Policy: Object Access: Kernel Object to 'No Auditing" >> audit.txt
  299. $a = " Object Access: Kernel Object-----------> "
  300. $b = auditpol /get /category:* | findstr /i /c:"Kernel Object"
  301. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  302. write-output $a
  303. echo "1.1.2.38 Set 'Audit Policy: Object Access: Other Object Access Events' to 'No Auditing'"
  304. echo "Audit Policy: Object Access: Other Object Access Events to 'No Auditing" >> audit.txt
  305. $a = " Object Access: Other Object Access Events-----------> "
  306. $b = auditpol /get /category:* | findstr /i /c:"Other Object Access Events"
  307. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  308. write-output $a
  309. echo "1.1.2.39 Set 'Audit Policy: Object Access: Registry' to 'No Auditing'"
  310. echo "Audit Policy: Object Access: Registry to 'No Auditing" >> audit.txt
  311. $a = " Object Access: Registry-----------> "
  312. $b = auditpol /get /category:* | findstr /i /c:"Registry"
  313. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  314. write-output $a
  315. echo "1.1.2.40 Set 'Audit Policy: Object Access: Removable Storage' to 'No Auditing'"
  316. echo "Audit Policy: Object Access: Removable Storage to 'No Auditing" >> audit.txt
  317. $a = " Object Access: Removable Storage-----------> "
  318. $b = auditpol /get /category:* | findstr /i /c:"Removable Storage"
  319. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  320. write-output $a
  321. echo "1.1.2.41 Set 'Audit Policy: Object Access: SAM to 'No Auditing'"
  322. echo "Audit Policy: Object Access: SAM to 'No Auditing" >> audit.txt
  323. $a = " Object Access: SAM-----------> "
  324. $b = auditpol /get /category:* | findstr /i /c:"SAM"
  325. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  326. write-output $a
  327. echo "1.1.2.42 Set 'Audit Policy: Policy Change: Audit Policy Change' to 'Success and Failure'"
  328. echo "Audit Policy: Policy Change: Audit Policy Change to 'No Auditing" >> audit.txt
  329. $a = " Policy Change: Audit Policy Change-----------> "
  330. $b = auditpol /get /category:* | findstr /i /c:"Audit Policy Change"
  331. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  332. write-output $a
  333. echo "1.1.2.43 Set 'Audit Policy: Policy Change: Authentication Policy Change' to 'Success'"
  334. echo "Audit Policy: Policy Change: Authentication Policy Change to 'No Auditing'" >> audit.txt
  335. $a = " Policy Change: Audit Policy Change-----------> "
  336. $b = auditpol /get /category:* | findstr /i /c:"Authentication Policy Change"
  337. $a += if ($b -match "Success") {echo "compliance"} else {echo "Non compliance this value should be Success"}
  338. write-output $a
  339. echo "1.1.2.44 Set 'Audit Policy: Policy Change: Authorization Policy Change' to 'No Auditing'"
  340. echo "Audit Policy: Policy Change: Authorization Policy Change to 'No Auditing'" >> audit.txt
  341. $a = " Policy Change: Authorization Policy Change-----------> "
  342. $b = auditpol /get /category:* | findstr /i /c:"Authorization Policy Change"
  343. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  344. write-output $a
  345. echo "1.1.2.45 Set 'Audit Policy: Policy Change: Filtering Platform Policy Change' to 'No Auditing'"
  346. echo "Audit Policy: Policy Change: Filtering Platform Policy Change to 'No Auditing'" >> audit.txt
  347. $a = " Policy Change: Filtering Platform Policy Change-----------> "
  348. $b = auditpol /get /category:* | findstr /i /c:"Filtering Platform Policy Change"
  349. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  350. write-output $a
  351. echo "1.1.2.46 Set 'Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change' to 'No Auditing'"
  352. echo "Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change to 'No Auditing'" >> audit.txt
  353. $a = " Policy Change: MPSSVC Rule-Level Policy Change-----------> "
  354. $b = auditpol /get /category:* | findstr /i /c:"MPSSVC Rule-Level Policy Change"
  355. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  356. write-output $a
  357. echo "1.1.2.47 Set 'Audit Policy: Policy Change: Other Policy Change Events' to 'No Auditing'"
  358. echo "Audit Policy: Policy Change: Other Policy Change Events to 'No Auditing'" >> audit.txt
  359. $a = " Policy Change: Other Policy Change Events-----------> "
  360. $b = auditpol /get /category:* | findstr /i /c:"Other Policy Change Events"
  361. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  362. write-output $a
  363. echo "1.1.2.48 Set 'Audit Policy: Privilege Use: Non Sensitive Privilege Use' to 'No Auditing'"
  364. echo "Audit Policy: Privilege Use: Non Sensitive Privilege Use to 'No Auditing'" >> audit.txt
  365. $a = "Privilege Use: Non Sensitive Privilege Use -----------> "
  366. $b = auditpol /get /category:* | findstr /i /c:"Non Sensitive Privilege Use"
  367. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  368. write-output $a
  369. echo "1.1.2.49 Set 'Audit Policy: Privilege Use: Other Privilege Use Events' to 'No Auditing'"
  370. echo "Audit Policy: Privilege Use: Other Privilege Use Events to 'No Auditing'" >> audit.txt
  371. $a = "Privilege Use: Other Privilege Use Events -----------> "
  372. $b = auditpol /get /category:* | findstr /i /c:"Other Privilege Use Events"
  373. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  374. write-output $a
  375. echo "1.1.2.50 Set 'Audit Policy: Privilege Use: Sensitive Privilege Use' to 'Success and Failure'"
  376. echo "Audit Policy: Privilege Use: Sensitive Privilege Use to 'No Auditing'" >> audit.txt
  377. $a = "Privilege Use: Sensitive Privilege Use -----------> "
  378. $b = auditpol /get /category:* | findstr /i /c:"Sensitive Privilege Use"
  379. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  380. write-output $a
  381. echo "1.1.2.51 Set 'Audit Policy: System: IPsec Driver' to 'Success and Failure'"
  382. echo "Audit Policy: System: IPsec Driver' to 'Success and Failure'" >> audit.txt
  383. $a = "System: IPsec Driver -----------> "
  384. $b = auditpol /get /category:* | findstr /i /c:"IPsec Driver"
  385. $a += if ($b -match "Success and Failure") {echo "compliance"} else {echo "Non compliance this value should be Success and Failure"}
  386. write-output $a
  387. echo "1.1.2.52 Set 'Audit Policy: System: Other System Events' to 'No Auditing'"
  388. echo "Audit Policy: System: Other System Events' to ''No Auditing'" >> audit.txt
  389. $a = "System: Other System Events>----------->> "
  390. $b = auditpol /get /category:* | findstr /i /c:"Other System Events"
  391. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  392. write-output $a
  393. echo "1.1.2.53 Set 'Audit Policy: System: Security State Change' to 'Success and Failure'"
  394. echo "Audit Policy: System: Security State Change' to 'Success and Failure'" >> audit.txt
  395. $a = "System: Security State Change-----------> "
  396. $b = auditpol /get /category:* | findstr /i /c:"Other System Events"
  397. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  398. write-output $a
  399. echo "1.1.2.54 Set 'Audit Policy: System: Security System Extension' to 'Success and Failure'"
  400. echo "Audit Policy: System: Security System Extension' to 'Success and Failure'" >> audit.txt
  401. $a = "System: Security System Extension-----------> "
  402. $b = auditpol /get /category:* | findstr /i /c:"Security System Extension"
  403. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  404. write-output $a
  405. echo "1.1.2.55 Set 'Audit Policy: System: System Integrity' to 'Success and Failure'"
  406. echo "Audit Policy: System: System Integrity' to 'Success and Failure'" >> audit.txt
  407. $a = "System: System Integrity>----------->> "
  408. $b = auditpol /get /category:* | findstr /i /c:"System Integrity"
  409. $a += if ($b -match "No Auditing") {echo "compliance"} else {echo "Non compliance this value should be No Auditing"}
  410. write-output $a
  411. echo "1.1.3 Security Options"
  412. echo "Major 1.1.3 Security Options" >> audit.txt
  413. echo ""Minor 1.1.3.1 Accounts" >> audit.txt
  414.  
  415. echo "Checking for Security Options"
  416.  
  417.  
  418. echo "1.1.3.1.1 Configure 'Accounts: Rename administrator account'"
  419. echo "Configure 'Accounts: Rename administrator account''" >> audit.txt
  420. $a = "Rename administrator account-----------> "
  421. $b = net user | findstr /i "administrator"
  422. $a += if ($b -match "Administrator" ) {echo "Non compliance Administartor account should be rename"} else {echo "compliance"}
  423. write-output $a
  424.  
  425.  
  426. echo "1.1.3.1.2 Configure 'Accounts: Rename guest account'"
  427. echo "Configure 'Accounts: Rename guest account'" >> audit.txt
  428. $a = "Rename administrator account-----------> "
  429. $b = net user | findstr /i "guest"
  430. $a += if ($b -match "Guest" ) {echo "Non compliance Guest account should be rename"} else {echo "compliance"}
  431. write-output $a
  432.  
  433. echo "1.1.3.1.3 Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled'"
  434. echo "Limit local account use of blank passwords to console logon only' to 'Enabled'" >> audit.txt
  435. $a = "Limit local account use of blank passwords-----------> "
  436. $b = reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA | findstr /i "limit"
  437. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance "}
  438. write-output $a
  439.  
  440. echo "1.1.3.2.1 Configure 'Audit: Audit the access of global system objects'"
  441. echo " access of global system objects" >> audit.txt
  442. $a = "access of global system objects-----------> "
  443. $b = reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA | findstr /i "auditbaseobjects"
  444. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  445. write-output $a
  446.  
  447. echo "1.1.3.2.2 Configure 'Audit: Audit the use of Backup and Restore privilege'"
  448. echo "Audit the use of Backup and Restore privilege" >> audit.txt
  449. $a = "use of Backup and Restore privilege-----------> "
  450. $b = reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA | findstr /i "fullprivilegeauditing"
  451. $a += if ($b -match 1 ) {echo "compliance"} else {echo "Non compliance"}
  452. write-output $a
  453.  
  454. echo "1.1.3.2.3 Set 'Audit: Force audit policy subcategory settings to override audit policy category settings' to 'Enabled'"
  455. echo "Force audit policy subcategory settings to override audit policy category settings" >> audit.txt
  456. $a = "Force audit policy subcategory settings to override audit policy category settings-----------> "
  457. $b = reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA | findstr /i "scenoapplylegacyauditpolicy"
  458. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  459. write-output $a
  460.  
  461. echo "1.1.3.2.4 Set 'Audit: Shut down system immediately if unable to log security audits' to 'Disabled'"
  462. echo "Shut down system immediately if unable to log security audits" >> audit.txt
  463. $a = "Shut down system immediately if unable to log security audits-----------> "
  464. $b = reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA | findstr /i "crashonauditfail"
  465. $a += if ($b -match "0x0" ) {echo "compliance"} else {echo "Non compliance"}
  466. write-output $a
  467.  
  468. echo "1.1.3.4.5 Set 'Devices: Prevent users from installing printer drivers' to 'Enabled'"
  469. echo "prevent users from installing printer drivers" >> audit.txt
  470. $a = "prevent users from installing printer drivers-----------> "
  471. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers" | findstr /i "AddPrinterDriver"
  472. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  473. write-output $a
  474.  
  475. #echo "1.1.3.5.1 Set 'Domain controller: Allow server operators to schedule tasks' to 'Disabled'"
  476. #echo "Allow server operators to schedule tasks" >> audit.txt
  477. #$a = "Allow server operators to schedule tasks-----------> "
  478. #$b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers" | findstr /i "AddPrinterDriver"
  479. #$a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  480. #write-output $a
  481.  
  482. #echo "1.1.3.5.2 Set 'Domain controller: LDAP server signing requirements' to 'Require signing'"
  483. #echo "Domain controller: LDAP server signing requirements' to 'Require signing'" >> audit.txt
  484. #$a = "LDAP server signing requirements-----------> "
  485. #$b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers" | findstr /i "AddPrinterDriver"
  486. #$a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  487. #write-output $a
  488.  
  489.  
  490. echo "1.1.3.5.3 Set 'Domain controller: Refuse machine account password changes' to 'Disabled'"
  491. echo "'Domain controller: Refuse machine account password changes' to 'Disabled'" >> audit.txt
  492. $a = "Refuse machine account password changes-----------> "
  493. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters" | findstr /i "Disable"
  494. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  495. write-output $a
  496.  
  497. echo "1.1.3.6.1 Set 'Domain member: Digitally encrypt or sign secure channel data (always)' to 'Enabled'"
  498. echo "Domain member: Digitally encrypt or sign secure channel data" >> audit.txt
  499. $a = "Digitally encrypt or sign secure channel data-----------> "
  500. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters" | findstr /i "SignOnSeal"
  501. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  502. write-output $a
  503.  
  504. echo "1.1.3.6.2 Set 'Domain member: Digitally encrypt secure channel data (when possible)' to 'Enabled'"
  505. echo "Domain member: Digitally encrypt secure channel data " >> audit.txt
  506. $a = " Digitally encrypt secure channel data -----------> "
  507. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters" | findstr /i "sealsecure"
  508. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  509. write-output $a
  510.  
  511. echo "1.1.3.6.3 Set 'Domain member: Digitally sign secure channel data (when possible)' to 'Enabled'"
  512. echo "Domain member: Digitally sign secure channel data " >> audit.txt
  513. $a = " Digitally sign secure channel data -----------> "
  514. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters" | findstr /i "signsecure"
  515. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  516. write-output $a
  517.  
  518. echo "1.1.3.6.4 Set 'Domain member: Disable machine account password changes' to 'Disabled'"
  519. echo "Domain member: Disable machine account password changes" >> audit.txt
  520. $a = " Disable machine account password changes -----------> "
  521. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters" | findstr /i "Disable"
  522. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  523. write-output $a
  524.  
  525. echo "1.1.3.6.5 Set 'Domain member: Maximum machine account password age' to '30 or fewer day(s)'"
  526. echo "Domain member: Maximum machine account password age" >> audit.txt
  527. $a = " Maximum machine account password age -----------> "
  528. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters" | findstr /i "Disable"
  529. $a += if ($b -match 0x1e ) {echo "compliance"} else {echo "Non compliance"}
  530. write-output $a
  531.  
  532. echo "1.1.3.6.6 Set 'Domain member: Require strong (Windows 2000 or later) session key' to 'Enabled'"
  533. echo "Domain member: Require strong session key" >> audit.txt
  534. $a = " Require strong session key -----------> "
  535. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters" | findstr /i "requirestrong"
  536. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  537. write-output $a
  538.  
  539. echo "1.1.3.7.1 Configure 'Interactive logon: Display user information when the session is locked'"
  540. echo "Interactive logon: Display user information when the session is locked'" >> audit.txt
  541. $a = "Interactive logon: Display user information when the session is locked' -----------> "
  542. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters" | findstr /i "DontDisplaylockedUserId"
  543. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  544. write-output $a
  545.  
  546. echo "1.1.3.7.2 Configure 'Interactive logon: Message text for users attempting to log on'"
  547. echo "Interactive logon: Message text for users attempting to log on'" >> audit.txt
  548. $a = "Interactive logon: Message text for users attempting to log on' -----------> "
  549. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" | findstr /i "legalnoticetext"
  550. $a += if ($b -match "****") {echo "compliance"} else {echo "Non compliance"}
  551. write-output $a
  552.  
  553. echo "1.1.3.7.3 Configure 'Interactive logon: Message title for users attempting to log on'"
  554. echo "Interactive logon: Message title for users attempting to log on" >> audit.txt
  555. $a = "Interactive logon: Message title for users attempting to log on -----------> "
  556. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" | findstr /i "legalnoticeCaption"
  557. $a += if ($b -match "Warning") {echo "compliance"} else {echo "Non compliance"}
  558. write-output $a
  559.  
  560. echo "1.1.3.7.5 Set 'Interactive logon: Do not display last user name' to 'Enabled'"
  561. echo "Interactive logon: Do not display last user name" >> audit.txt
  562. $a = "Interactive logon: Do not display last user name -----------> "
  563. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" | findstr /i "DontDisplay"
  564. $a += if ($b -match "0x1" ) {echo "compliance"} else {echo "Non compliance"}
  565. write-output $a
  566.  
  567. echo "1.1.3.7.6 Set 'Interactive logon: Do not require CTRL+ALT+DEL' to 'Disabled'"
  568. echo "Interactive logon: Do not require CTRL+ALT+DEL" >> audit.txt
  569. $a = "Interactive logon: Do not require CTRL+ALT+DEL -----------> "
  570. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" | findstr /i "CAD"
  571. $a += if ($b -match "0x0" ) {echo "compliance"} else {echo "Non compliance"}
  572. write-output $a
  573.  
  574. #echo "1.1.3.7.7 Set 'Interactive logon: Machine inactivity limit' to '900 or fewer seconds'"
  575. #echo "Interactive logon: Machine inactivity limit' to '900 or fewer seconds " >> audit.txt
  576. #a = "Interactive logon: Machine inactivity limit' to '900 or fewer seconds -----------> "
  577. #$b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" | findstr /i "CAD"
  578. #$a += if ($b -match "0x0" ) {echo "compliance"} else {echo "Non compliance"}
  579. #write-output $a
  580.  
  581. echo "1.1.3.7.8 Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '4 or fewer logon(s)'"
  582. echo "Interactive logon: Number of previous logons to cache to '4 or fewer logon" >> audit.txt
  583. $a = "Interactive logon: Number of previous logons to cache to '4 or fewer logon -----------> "
  584. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon" | findstr "CachedLogonsCount"
  585. $a += if ($b -match "4" ) {echo "compliance"} else {echo "Non compliance"}
  586. write-output $a
  587.  
  588. echo "1.1.3.7.9 Set 'Interactive logon: Prompt user to change password before expiration' to '14 or more day(s)'"
  589. echo "Interactive logon: Prompt user to change password before expiration" >> audit.txt
  590. $a = "Interactive logon: Prompt user to change password before expiration -----------> "
  591. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon" | findstr /i "password"
  592. $a += if ($b -match 0x14 ) {echo "compliance"} else {echo "Non compliance"}
  593. write-output $a
  594.  
  595. echo "1.1.3.7.10 Set 'Interactive logon: Require Domain Controller authentication to unlock workstation' to 'Disabled'"
  596. echo "Interactive logon: Require Domain Controller authentication to unlock workstation" >> audit.txt
  597. $a = "Interactive logon: Require Domain Controller authentication to unlock workstation -----------> "
  598. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon" | findstr /i "ForceUnlock"
  599. $a += if ($b -match "0x0" ) {echo "compliance"} else {echo "Non compliance"}
  600. write-output $a
  601.  
  602. echo "1.1.3.7.11 Set 'Interactive logon: Smart card removal behavior' to 'Lock Workstation'"
  603. echo "Interactive logon: Smart card removal behavior' to 'Lock Workstation'" >> audit.txt
  604. $a = "Interactive logon: Smart card removal behavior' to 'Lock Workstation' -----------> "
  605. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon" | findstr /i "ForceUnlock"
  606. $a += if ($b -match "0" ) {echo "Non compliance"} else {echo "compliance"}
  607. write-output $a
  608.  
  609.  
  610. #echo "1.1.3.7.12 Set 'Interactive logon: Machine account lockout threshold' to 10 or fewer invalid logon attempts"
  611. #echo "Interactive logon: Machine account lockout threshold' to 10 or fewer invalid logon attempts" >> audit.txt#
  612. #$a = "Interactive logon: Machine account lockout threshold' to 10 or fewer invalid logon attempts -----------> "
  613. #$b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon" | findstr /i "ForceUnlock"
  614. #$a += if ($b -match "0x0" ) {echo "compliance"} else {echo "Non compliance"}
  615. #write-output $a
  616.  
  617. echo "1.1.3.8.1 Set 'Microsoft network client: Digitally sign communications (always)' to 'Enabled'"
  618. echo "Microsoft network client: Digitally sign communications (always)' to 'Enabled'" >> audit.txt
  619. $a = "Microsoft network client: Digitally sign communications -----------> "
  620. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" | findstr /i "Require"
  621. $a += if ($b -match "0x1" ) {echo "Non compliance"} else {echo "compliance"}
  622. write-output $a
  623.  
  624. echo "1.1.3.8.2 Set 'Microsoft network client: Digitally sign communications (if server agrees)' to 'Enabled'"
  625. echo "Microsoft network client: Digitally sign communications (if server agrees) to 'Enabled'" >> audit.txt
  626. $a = "Microsoft network client: Digitally sign communications (if server agrees) -----------> "
  627. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" | findstr /i "EnableSecuritySignature"
  628. $a += if ($b -match "0x1" ) {echo "Non compliance"} else {echo "compliance"}
  629. write-output $a
  630.  
  631. echo "1.1.3.8.3 Set 'Microsoft network client: Send unencrypted password to third-party SMB servers' to 'Disabled'"
  632. echo "Microsoft network client: Send unencrypted password to third-party SMB servers' to 'Disabled'" >> audit.txt
  633. $a = "Microsoft network client: Send unencrypted password to third-party SMB servers' -----------> "
  634. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" | findstr /i "enableplain"
  635. $a += if ($b -match "0x0" ) {echo "Non compliance"} else {echo "compliance"}
  636. write-output $a
  637.  
  638. echo "1.1.3.9.2 Set 'Microsoft network server: Amount of idle time required before suspending session' to '15 or fewer minute(s)'"
  639. echo "Microsoft network server: Amount of idle time required before suspending session' to '15 or fewer minute(s)" >> audit.txt
  640. $a = "Microsoft network server: Amount of idle time required before suspending session' to '15 or fewer minute(s)' -----------> "
  641. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters" | findstr /i "auto"
  642. $a += if ($b -match 0xf ) {echo "Non compliance"} else {echo "compliance"}
  643. write-output $a
  644.  
  645. echo "1.1.3.9.3 Set 'Microsoft network server: Digitally sign communications (always)' to 'Enabled'"
  646. echo "Microsoft network server: Digitally sign communications (always)" >> audit.txt
  647. $a = "Microsoft network server: Digitally sign communications (always)' -----------> "
  648. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters" | findstr /i "require"
  649. $a += if ($b -match "0x1" ) {echo "Non compliance"} else {echo "compliance"}
  650. write-output $a
  651.  
  652. echo "1.1.3.9.4 Set 'Microsoft network server: Digitally sign communications (if client agrees)' to 'Enabled'"
  653. echo "Microsoft network server: Digitally sign communications (if client agrees)" >> audit.txt
  654. $a = "Microsoft network server: Digitally sign communications (if client agrees) -----------> "
  655. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters" | findstr /i "enablesecurity"
  656. $a += if ($b -match "0x1" ) {echo "Non compliance"} else {echo "compliance"}
  657. write-output $a
  658.  
  659. echo "1.1.3.9.5 Set 'Microsoft network server: Disconnect clients when logon hours expire' to 'Enabled'"
  660. echo "Microsoft network server: Disconnect clients when logon hours expire" >> audit.txt
  661. $a = "Microsoft network server: Disconnect clients when logon hours expire -----------> "
  662. $b = reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters" | findstr /i "enableforcelogoff"
  663. $a += if ($b -match "0x1" ) {echo "Non compliance"} else {echo "compliance"}
  664. write-output $a
  665.  
  666. echo "1.1.3.10.11 Set 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' to 'Disabled'"
  667. echo "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' to 'Disabled'" >> audit.txt
  668. $a = "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' to 'Disabled' -----------> "
  669. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" | findstr /i "autoadmin"
  670. $a += if ($b -match "0") {echo "Non compliance"} else {echo "compliance"}
  671. write-output $a
  672.  
  673.  
  674. #echo "1.1.3.10.12 Set 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' to 'Highest protection, source routing is completely disabled'"
  675. #echo "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' to 'Disabled'" >> audit.txt
  676. #$a = "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' to 'Disabled' -----------> "
  677. #$b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" | findstr /i "autoadmin"
  678. #$a += if ($b -match "0") {echo "Non compliance"} else {echo "compliance"}
  679. #write-output $a
  680.  
  681.  
  682. echo "1.1.3.10.15 Set 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' to '0'"
  683. echo "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)'" >> audit.txt
  684. $a = "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' -----------> "
  685. $b = reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" | findstr /i "ScreenSaverGracePeriod"
  686. $a += if ($b -match "5") {echo "Non compliance"} else {echo "compliance"}
  687. write-output $a
  688.  
  689. echo "1.1.3.10.16 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '0.9 or less'"
  690. echo "MSS: Percentage threshold for the security event log at which the system will generate a warning' to '0.9" >> audit.txt
  691. $a = "MSS: Percentage threshold for the security event log at which the system will generate a warning' to '0.9 -----------> "
  692. $b = reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security" | findstr /i "WarningLevel"
  693. $a += if ($b -match "9") {echo "Non compliance"} else {echo "compliance"}
  694. write-output $a
  695.  
  696. echo "1.1.3.10.16 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '0.9 or less'"
  697. echo "MSS: Percentage threshold for the security event log at which the system will generate a warning' to '0.9" >> audit.txt
  698. $a = "MSS: Percentage threshold for the security event log at which the system will generate a warning' to '0.9 -----------> "
  699. $b = reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security" | findstr /i "WarningLevel"
  700. $a += if ($b -match "9") {echo "Non compliance"} else {echo "compliance"}
  701. write-output $a
  702.  
  703.  
  704. #echo "1.1.3.11.4 Set 'Network access: Allow anonymous SID/Name translation' to 'Disabled'"
  705. #echo "Network access: Allow anonymous SID/Name translation' to 'Disabled'" >> audit.txt
  706. #$a = "Network access: Allow anonymous SID/Name translation' to 'Disabled' -----------> "
  707. #$b = reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security" | findstr /i "WarningLevel"
  708. #$a += if ($b -match "9") {echo "Non compliance"} else {echo "compliance"}
  709. #write-output $a
  710.  
  711. echo "1.1.3.11.5 Set 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' to 'Enabled'"
  712. echo "Network access: Do not allow anonymous enumeration of SAM accounts and shares' to 'Enabled'" >> audit.txt
  713. $a = "Network access: Do not allow anonymous enumeration of SAM accounts and shares' to 'Enabled' -----------> "
  714. $b = reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" | findstr /i "restrictanonymous"
  715. $a += if ($b -match "0x1") {echo "Non compliance"} else {echo "compliance"}
  716. write-output $a
  717.  
  718. echo "1.1.3.11.6 Set 'Network access: Do not allow anonymous enumeration of SAM accounts' to 'Enabled'"
  719. echo "Network access: Do not allow anonymous enumeration of SAM accounts' to 'Enabled'" >> audit.txt
  720. $a = "Network access: Do not allow anonymous enumeration of SAM accounts -----------> "
  721. $b = reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" | findstr /i "restrictanonymoussam"
  722. $a += if ($b -match "0x1") {echo "Non compliance"} else {echo "compliance"}
  723. write-output $a
  724.  
  725. echo "1.1.3.11.7 Set 'Network access: Let Everyone permissions apply to anonymous users' to 'Disabled'"
  726. echo "Network access: Let Everyone permissions apply to anonymous users' to 'Enabled'" >> audit.txt
  727. $a = "Network access: Let Everyone permissions apply to anonymous users -----------> "
  728. $b = reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" | findstr /i "Everyone"
  729. $a += if ($b -match "0x0") {echo "Non compliance"} else {echo "compliance"}
  730. write-output $a
  731.  
  732. #echo "1.1.3.11.8 Set 'Network access: Remotely accessible registry paths and sub-paths' to 'System\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Services\Eventlog Software\Microsoft\OLAP Server Software\Microsoft\Windows NT\CurrentVersion\Print Softwar"
  733. #echo "Network access: Remotely accessible registry paths and sub-paths" >> audit.txt
  734. #$a = "Network access: Remotely accessible registry paths and sub-paths -----------> "
  735. #$b = reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" | findstr /i "Everyone"
  736. #$a += if ($b -match "0x0") {echo "Non compliance"} else {echo "compliance"}
  737. #write-output $a
  738.  
  739. echo "1.1.3.11.10 Set 'Network access: Restrict anonymous access to Named Pipes and Shares' to 'Enabled'"
  740. echo "Network access: Restrict anonymous access to Named Pipes and Shares' to 'Enabled'" >> audit.txt
  741. $a = "Network access: Restrict anonymous access to Named Pipes and Shares' to 'Enabled' -----------> "
  742. $b = reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" | findstr /i " restrictnullsessaccess"
  743. $a += if ($b -match "0x0") {echo "Non compliance"} else {echo "compliance"}
  744. write-output $a
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!