Resolve Online Dependencies

Files/AccessChk/Eula.txt

@@ -0,0 +1,75 @@
+Sysinternals Software License Terms
+These license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from technet.microsoft.com/sysinternals, which includes the media on which you received it, if any. The terms also apply to any Sysinternals
+* updates,
+* supplements,
+* Internet-based services,
+* and support services
+for this software, unless other terms accompany those items. If so, those terms apply.
+BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.
+If you comply with these license terms, you have the rights below.
+
+Installation and User Rights
+
+You may install and use any number of copies of the software on your devices.
+
+Scope of License
+
+The software is licensed, not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not
+* work around any technical limitations in the software;
+* reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;
+* make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
+* publish the software for others to copy;
+* rent, lease or lend the software;
+* transfer the software or this agreement to any third party; or
+* use the software for commercial software hosting services.
+
+Sensitive Information
+
+Please be aware that, similar to other debug tools that capture “process state” information, files saved by Sysinternals tools may include personally identifiable or other sensitive information (such as usernames, passwords, paths to files accessed, and paths to registry accessed). By using this software, you acknowledge that you are aware of this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft or any other party through your use of the software.
+
+Documentation
+
+Any person that has valid access to your computer or internal network may copy and use the documentation for your internal, reference purposes.
+
+Export Restrictions
+
+The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting .
+
+Support Services
+
+Because this software is "as is," we may not provide support services for it.
+
+Entire Agreement
+
+This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.
+
+Applicable Law
+
+United States . If you acquired the software in the United States , Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.
+Outside the United States . If you acquired the software in any other country, the laws of that country apply.
+
+Legal Effect
+
+This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
+
+Disclaimer of Warranty
+
+The software is licensed "as-is." You bear the risk of using it. Sysinternals gives no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this agreement cannot change. To the extent permitted under your local laws, sysinternals excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
+
+Limitation on and Exclusion of Remedies and Damages
+
+You can recover from sysinternals and its suppliers only direct damages up to U.S. $5.00. You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages.
+This limitation applies to
+* anything related to the software, services, content (including code) on third party Internet sites, or third party programs; and
+* claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.
+
+It also applies even if Sysinternals knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.
+Please note: As this software is distributed in Quebec , Canada , some of the clauses in this agreement are provided below in French.
+Remarque : Ce logiciel étant distribué au Québec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français.
+EXONÉRATION DE GARANTIE. Le logiciel visé par une licence est offert « tel quel ». Toute utilisation de ce logiciel est à votre seule risque et péril. Sysinternals n'accorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, d'adéquation à un usage particulier et d'absence de contrefaçon sont exclues.
+LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. Vous pouvez obtenir de Sysinternals et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.
+Cette limitation concerne :
+tout ce qui est relié au logiciel, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers ; et
+les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou d'une autre faute dans la limite autorisée par la loi en vigueur.
+Elle s'applique également, même si Sysinternals connaissait ou devrait connaître l'éventualité d'un tel dommage. Si votre pays n'autorise pas l'exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l'exclusion ci-dessus ne s'appliquera pas à votre égard.
+EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d'autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas.

Files/Scripts/Security, Hardening, and Mitigations/HardeningKitty/soskitty.ps1

@@ -1,5 +1,4 @@
-choco install accesschk -y
 Import-Module .\Scripts\"Security, Hardening, and Mitigations"\HardeningKitty\Invoke-HardeningKitty.ps1
-Invoke-HardeningKitty -EmojiSupport -Log $true -Report $true -Mode HailMary -FileFindingList .\Scripts\"Security, Hardening, and Mitigations"\HardeningKitty\lists\finding_list_0x6d69636b_machine.csv -BinaryAccesschk "C:\ProgramData\chocolatey\lib\accesschk\tools\accesschk64.exe" 
-Invoke-HardeningKitty -EmojiSupport -Log $true -Report $true -Mode HailMary -FileFindingList .\Scripts\"Security, Hardening, and Mitigations"\HardeningKitty\lists\finding_list_0x6d69636b_user.csv -BinaryAccesschk "C:\ProgramData\chocolatey\lib\accesschk\tools\accesschk64.exe" 
-Invoke-HardeningKitty -EmojiSupport -Log $true -Report $true -Mode HailMary -FileFindingList .\Scripts\"Security, Hardening, and Mitigations"\HardeningKitty\lists\finding_list_msft_edge_machine.csv -BinaryAccesschk "C:\ProgramData\chocolatey\lib\accesschk\tools\accesschk64.exe" 
+Invoke-HardeningKitty -EmojiSupport -Log $true -Report $true -Mode HailMary -FileFindingList .\Files\Scripts\"Security, Hardening, and Mitigations"\HardeningKitty\lists\finding_list_0x6d69636b_machine.csv -BinaryAccesschk .\Files\AccessChk\accesschk64.exe
+Invoke-HardeningKitty -EmojiSupport -Log $true -Report $true -Mode HailMary -FileFindingList .\Files\Scripts\"Security, Hardening, and Mitigations"\HardeningKitty\lists\finding_list_0x6d69636b_user.csv -BinaryAccesschk .\Files\AccessChk\accesschk64.exe 
+Invoke-HardeningKitty -EmojiSupport -Log $true -Report $true -Mode HailMary -FileFindingList .\Files\Scripts\"Security, Hardening, and Mitigations"\HardeningKitty\lists\finding_list_msft_edge_machine.csv -BinaryAccesschk .\Files\AccessChk\accesschk64.exe

README.md

@@ -1,7 +1,5 @@
 # Optimizing and Hardening Windows 10 Deployments
 
-**75% Works offline. Working to make it fully independent from internet connections** 
-
 **Download all the required files from the [GitHub Repository](https://github.com/smiltech/W10-Optimize-and-Harden)**
 
 Windows 10 is an invasive and insecure operating system out of the box. 
@@ -45,6 +43,8 @@ Organizations like [PrivacyTools.io](https://PrivacyTools.io), [Microsoft](https
 
 - [0x6d69636b - Windows Hardening](https://github.com/0x6d69636b/windows_hardening)
 
+- [SysInternals - AccessChk](https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk)
+
 ## Additional configurations were considered from:
 
 - [NSACyber - Hardware-and-Firmware-Security-Guidance](https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance)

installallstandalone.ps1

@@ -5,44 +5,39 @@ $ErrorActionPreference= 'silentlycontinue'
 start-job -ScriptBlock {ls *.ps*1 -recurse | Unblock-File}
 
 #Copy Files to Required Directories
-#Install PowerShell Modules
-#start-job -ScriptBlock {copy-item -Path .\Files\"PowerShell Modules"\*  -Destination C:\Windows\System32\WindowsPowerShell\v1.0\Modules -Force -Recurse -ErrorAction SilentlyContinue}
 #Windows 10 Defenter Exploit Guard Configuration File
 start-job -ScriptBlock {mkdir C:\temp\; mkdir "C:\temp\Windows Defender"; copy-item -Path .\Files\DOD_EP_V3.xml -Destination "C:\temp\Windows Defender" -Force -Recurse -ErrorAction SilentlyContinue}
 #Copy Policy Definitions for gpedit.msc
-start-job -ScriptBlock {copy-item -Path .\Files\PolicyDefinitions\* -Destination C:\Windows\PolicyDefinitions -Force -Recurse -ErrorAction SilentlyContinue}
 
+#Install PowerShell Modules
+start-job -ScriptBlock {copy-item -Path .\Files\"PowerShell Modules"\*  -Destination C:\Windows\System32\WindowsPowerShell\v1.0\Modules -Force -Recurse -ErrorAction SilentlyContinue}
 #Unblock New PowerShell Modules
-#start-job -ScriptBlock {Unblock-File -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PowerSTIG\; Unblock-File -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate\; Unblock-File -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PowerShellAccessControl\)
-
+start-job -ScriptBlock {Unblock-File -Path "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PowerSTIG\"; Unblock-File -Path "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate\"; Unblock-File -Path "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PowerShellAccessControl\"}
 #Import New PowerShell Modules
-#start-job -ScriptBlock {Import-Module -Name PowerSTIG -Force -Global; Import-Module -Name PSWindowsUpdate -Force -Global; Import-Module -Name PowerShellAccessControl -Force -Global}
+start-job -ScriptBlock {Import-Module -Name PowerSTIG -Force -Global; Import-Module -Name PSWindowsUpdate -Force -Global; Import-Module -Name PowerShellAccessControl -Force -Global}
 
-#Package Management Scripts
-#.\Files\Scripts\"Package Management and Windows Updates"\installrsat.ps1
-.\Files\Scripts\"Package Management and Windows Updates"\chocoautomatewindowsupdates.ps1
+##Install Latest Windows Updates
+start-script -ScriptBlock {Install-WindowsUpdate -MicrosoftUpdate -AcceptAll; Get-WuInstall -AcceptAll -IgnoreReboot; Get-WuInstall -AcceptAll -Install -IgnoreReboot}
+
+#Optional Scripts 
+#.\Files\Scripts\"Security, Hardening, and Mitigations"\"SSL Hardening Registries.ps1"
+#.\Files\Scripts\"Debloating, Optimization, and Privacy"\"Windows_10_VDI"\1909_WindowsUpdateEnabled\Win10_1909_VDI_Optimize.ps1
 
 #Security Scripts
+.\Files\Scripts\"Security, Hardening, and Mitigations"\installadmxtemplates.ps1
 .\Files\Scripts\"Security, Hardening, and Mitigations"\"disable tcp timestamps.bat"
 .\Files\Scripts\"Security, Hardening, and Mitigations"\"IE Scripting Engine Memory Corruption.bat"
 .\Files\Scripts\"Security, Hardening, and Mitigations"\"specture meltdown mitigations.bat"
 .\Files\Scripts\"Security, Hardening, and Mitigations"\HardeningKitty\soskitty.ps1
 .\Files\Scripts\"Security, Hardening, and Mitigations"\FireFoxConfInstall.ps1
 
-#Security Scripts Testing Required
-#Only enable after testing in your environment
-#.\Files\Scripts\"Security, Hardening, and Mitigations"\"SSL Hardening Registries.ps1"
-
 #Debloating Scripts
 .\Files\Scripts\"Debloating, Optimization, and Privacy"\"Windows 10 Debloater"\Windows10SysPrepDebloater.ps1 -Sysprep -Debloat -Privacy
 .\Files\Scripts\"Debloating, Optimization, and Privacy"\"ultimate performance mode.ps1"
 .\Files\Scripts\"Debloating, Optimization, and Privacy"\optimizevmvirtalization.ps1
 .\Files\Scripts\"Debloating, Optimization, and Privacy"\startupcleantelem.ps1
 .\Files\Scripts\"Debloating, Optimization, and Privacy"\sharpapp\sharpappscripts.ps1
 .\Files\Scripts\"Debloating, Optimization, and Privacy"\debotnet\debotnetscripts.ps1
-#ONLY ENABLE IF ON VM
-#.\Files\Scripts\"Debloating, Optimization, and Privacy"\"Windows_10_VDI"\1909_WindowsUpdateEnabled\Win10_1909_VDI_Optimize.ps1
-
 
 #GPO Configurations
 #Microsoft Security Baselines
@@ -54,4 +49,4 @@ start-job -ScriptBlock {copy-item -Path .\Files\PolicyDefinitions\* -Destination
 #NSACyber GPOs
 .\Files\LGPO\LGPO.exe /g .\Files\GPOs\NSACyber\Computer
 #SIMEONONSECURITY GPOS
-.\Files\LGPO\LGPO.exe /g .\Files\GPOs\simeononsecurity
+.\Files\LGPO\LGPO.exe /g .\Files\GPOs\simeononsecurity