diff --git a/GPO.ps1 b/GPO.ps1 index 86015a1..0200a7a 100644 --- a/GPO.ps1 +++ b/GPO.ps1 @@ -372,6 +372,36 @@ New-GPO -Name "[1mm0rt41][Hardening](GPO,Computer) WinRM - Configuration" -Comme } +########################################################################################### +# [1mm0rt41][Hardening](GPO,Computer) WSUS - Configuration with HTTPS +########################################################################################### +New-GPO -Name "[1mm0rt41][Hardening](GPO,Computer) WSUS - Configuration with HTTPS" -Comment "##################################`r`n`r`nWSUS configuration:`r`n- Force HTTPS`r`n`r`nIf disabled: Restore WSUS default configuration" | %{ + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName "WUServer" -Value "https://xxxxx.corp.lo:8531" -Type String >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName "WUStatusServer" -Value "https://xxxxx.corp.lo:8531" -Type String >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName "UseWUServer" -Value 1 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName "NoAutoUpdate" -Value 0 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName "AUOptions" -Value 2 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName "ScheduledInstallDay" -Value 0 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName "ScheduledInstallTime" -Value 3 -Type DWord >$null + $_ +} + + +########################################################################################### +# [1mm0rt41][Hardening](GPO,Computer) Print spooler configuration +########################################################################################### +New-GPO -Name "[1mm0rt41][Hardening](GPO,Computer) Print spooler configuration" -Comment "##################################`r`n`r`nConfigure spooler to avoid priviledge escalation.`r`n`r`nSide effect: Block installation of new printers ! Package your printer drivers in the image or via WSUS/SCCM`r`nIf disabled: Lost logs information" | %{ + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint" -ValueName "RestrictDriverInstallationToAdministrators" -Value 1 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint" -ValueName "NoWarningNoElevationOnInstall" -Value 0 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint" -ValueName "UpdatePromptSettings" -Value 0 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint" -ValueName "InForest" -Value 0 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint" -ValueName "TrustedServers" -Value 1 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint" -ValueName "PackagePointAndPrintOnly" -Value 1 -Type DWord >$null + $_ | Set-GPRegistryValue -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint" -ValueName "PackagePointAndPrintServerList" -Value 1 -Type DWord >$null + $_ +} + + ########################################################################################### # [1mm0rt41][Log](GPO,Computer) LSA & NTLM Audit Mode ########################################################################################### @@ -1076,4 +1106,4 @@ New-GPO -Name "[1mm0rt41][Audit] Syslog" | %{ "@ ).Trim() | Out-File -Encoding ASCII "$gpoPath\ScheduledTasks.xml" Get-AdObject -Filter "(objectClass -eq 'groupPolicyContainer') -and (name -eq '$gpoId')" | Set-ADObject -Replace @{gPCMachineExtensionNames="[{00000000-0000-0000-0000-000000000000}{CAB54552-DEEA-4691-817E-ED4A4D1AFC72}][{AADCED64-746C-4633-A97C-D61349046527}{CAB54552-DEEA-4691-817E-ED4A4D1AFC72}]"}; $_ -} +} \ No newline at end of file diff --git a/logger/logger.ps1 b/logger/logger.ps1 index fbcf889..5b154d9 100644 Binary files a/logger/logger.ps1 and b/logger/logger.ps1 differ