¶ Stopping and Disabling Services (ez)
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
- Active Directory Hardening (2019):
- https://github.com/LoicVeirman/SecureAD (source)
- You need to download the whole repository in order for HardenAD.ps1 to run correctly
- If that doesn't work, try:
- Other stuff you can try that didn't work for me:
Install-Module -Name AuditPolicyDsc
Install-Module -Name SecurityPolicyDsc
Install-Module -Name NetworkingDsc
Install-Module -Name PSDesiredStateConfiguration
- PowerShell Incident Response Windows Cheat Sheet (ps file):
- You can find any script online! Just make sure it's safe and test it on a practice environment first!
- To run a script:
./program_name
- or just type the program name out
- To get into Group Policy Management Editor
- Domains > Default Domain Policy > Right Click > Edit
- This will bring you to the editor
- Main pathways:
Computer Configuration -> Policies -> Administrative TemplatesComputer Configuration -> `Windows Settings -> Security Settings
- Enable do not store LAN Manager hash value
Security Settings > Local Policies > Security Options > double click Network security - Do not store LM hash value on next password change policy > select "Define policy setting" > Enabled
- Changing remote desktop settings
Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security
- Disable Guest Accounts
- Set Audit Policies
Security Settings > Local Policies > Audit Policy
- Set User Rights Assignments
- `Security Settings > Local Policies > User Rights Assignment
- Set Security Options
- `Security Settings > Local Policies > Security Options
- Enable SMB Signing
Security Settings > Local Policies > Security Options > double click Microsoft network server: Digitally sign communication (always) > select Enable
- Enable LDAP Signing
Security Settings > Local Policies > Security Options > Domain controller: LDAP server signing requirements > select Require
- Account Policies (Password, Account Lockout, Kerberos)
- `Windows Settings > Security Settings > Account Policies
- Password and Lockout seem most important