Skip to content

Commit 7ce36a1

Browse files
committed
chore(docs): Update comments and instructions in security script (#25)
* chore(docs): Update comments and instructions in security script * chore: commit to kick cicd
1 parent d4e3ac4 commit 7ce36a1

1 file changed

Lines changed: 4 additions & 1 deletion

File tree

Task/Windows Workstation Security Tweaks Combined Script.ps1

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
<#
22
Author: Logan Cook
33
Notes: Requires `WinFeatureShould-Be` Helper function
4+
Instructions: To discover new items to enforce, visit https://security.microsoft.com/exposure-recommendations -> Devices -> Misconfigurations.
5+
After selecting a misconfiguration and selecting the 'remediation options' tab, check if there is a registry control. If there is, that is what you use here.
6+
If there is no registry control, the hardening is likely intended to be done via device CSPs. Intune (usually Attack Surface Reduction) is a great secondary enforcement mechanism.
47
#>
58

69
param(
@@ -176,4 +179,4 @@ Get-WindowsRegistryValue -Path "HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\F
176179
# Granular State gathering
177180
# CMDlet DSC block
178181

179-
WinFeatureShould-Be -Feature "SMB1Protocol" -State $SMB1
182+
WinFeatureShould-Be -Feature "SMB1Protocol" -State $SMB1

0 commit comments

Comments
 (0)