A awesome script that reinforces Windows security with many options
There are many great hardening script available on GitHub, however, I didn't find one that really suit my needs so I created this enhanced one.
Here's why:
- One script for different types of use: pentest, home, work, ... Choose your environement at the setup.
- A script that makes sure the configuration doesn't change
- A script that checks the health status of Windows
- A script to manage a group of machines without a Domain
- A script that updates and self-checks itself. So if github is compromised, a hacker won't be able to make any changes to the script.
Of course, no one script will serve all projects since your needs may be different. So I'll be adding more in the near future. You may also suggest changes by forking this repo and creating a pull request or opening an issue.
A list of commonly used resources that I find helpful are listed in the acknowledgements.
- At least Powershell version 2
- Open a CMD.exe (or a powershell.exe) with administrator privileges
- Run the following command
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://github.com/1mm0rt41PC/AutoHarden/raw/master/AutoHarden_RELEASE.ps1');"- Answers to a few parameterization questions
To merge all ps1 into AutoHarden_RELEASE.ps1, use the build.ps1
This script will create your own CA for script security
powershell -exec bypass -nop -File .\build.ps1- Block auto rules in the Windows firewall
- Check writable path in
$pathand inC:\Program Files - Check writable services and tasks
- All the configuration is stored in
C:\Windows\AutoHarden\