-
Notifications
You must be signed in to change notification settings - Fork 0
/
CON_Win10EP.ps1
501 lines (464 loc) · 28.8 KB
/
CON_Win10EP.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
$Win10EP = @"
{
"@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
"deviceManagementApplicabilityRuleOsEdition": null,
"deviceManagementApplicabilityRuleOsVersion": null,
"deviceManagementApplicabilityRuleDeviceMode": null,
"description": "Advanced security profile for Windows 10 that is appropriate for corporate-owned workstations.",
"displayName": "Portall - Windows 10 - Enhanced Security Endpoint Protection baseline",
"dmaGuardDeviceEnumerationPolicy": "deviceDefault",
"xboxServicesEnableXboxGameSaveTask": false,
"xboxServicesAccessoryManagementServiceStartupMode": "manual",
"xboxServicesLiveAuthManagerServiceStartupMode": "manual",
"xboxServicesLiveGameSaveServiceStartupMode": "manual",
"xboxServicesLiveNetworkingServiceStartupMode": "manual",
"localSecurityOptionsBlockMicrosoftAccounts": false,
"localSecurityOptionsBlockRemoteLogonWithBlankPassword": true,
"localSecurityOptionsDisableAdministratorAccount": true,
"localSecurityOptionsAdministratorAccountName": null,
"localSecurityOptionsDisableGuestAccount": true,
"localSecurityOptionsGuestAccountName": null,
"localSecurityOptionsAllowUndockWithoutHavingToLogon": false,
"localSecurityOptionsBlockUsersInstallingPrinterDrivers": false,
"localSecurityOptionsBlockRemoteOpticalDriveAccess": false,
"localSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser": "notConfigured",
"localSecurityOptionsMachineInactivityLimit": 15,
"localSecurityOptionsMachineInactivityLimitInMinutes": 15,
"localSecurityOptionsDoNotRequireCtrlAltDel": false,
"localSecurityOptionsHideLastSignedInUser": false,
"localSecurityOptionsHideUsernameAtSignIn": false,
"localSecurityOptionsLogOnMessageTitle": null,
"localSecurityOptionsLogOnMessageText": null,
"localSecurityOptionsAllowPKU2UAuthenticationRequests": false,
"localSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool": false,
"localSecurityOptionsAllowRemoteCallsToSecurityAccountsManager": null,
"localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients": "ntlmV2And128BitEncryption",
"localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers": "ntlmV2And128BitEncryption",
"lanManagerAuthenticationLevel": "lmNtlmV2AndNotLmOrNtm",
"lanManagerWorkstationDisableInsecureGuestLogons": true,
"localSecurityOptionsClearVirtualMemoryPageFile": true,
"localSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn": false,
"localSecurityOptionsAllowUIAccessApplicationElevation": true,
"localSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations": true,
"localSecurityOptionsOnlyElevateSignedExecutables": true,
"localSecurityOptionsAdministratorElevationPromptBehavior": "promptForConsentOnTheSecureDesktop",
"localSecurityOptionsStandardUserElevationPromptBehavior": "promptForCredentialsOnTheSecureDesktop",
"localSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation": false,
"localSecurityOptionsDetectApplicationInstallationsAndPromptForElevation": true,
"localSecurityOptionsAllowUIAccessApplicationsForSecureLocations": false,
"localSecurityOptionsUseAdminApprovalMode": true,
"localSecurityOptionsUseAdminApprovalModeForAdministrators": true,
"localSecurityOptionsInformationShownOnLockScreen": "notConfigured",
"localSecurityOptionsInformationDisplayedOnLockScreen": "notConfigured",
"localSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees": true,
"localSecurityOptionsClientDigitallySignCommunicationsAlways": true,
"localSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers": true,
"localSecurityOptionsDisableServerDigitallySignCommunicationsAlways": true,
"localSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees": true,
"localSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares": true,
"localSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts": true,
"localSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares": true,
"localSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange": true,
"localSecurityOptionsSmartCardRemovalBehavior": "lockWorkstation",
"defenderSecurityCenterDisableAppBrowserUI": false,
"defenderSecurityCenterDisableFamilyUI": false,
"defenderSecurityCenterDisableHealthUI": false,
"defenderSecurityCenterDisableNetworkUI": false,
"defenderSecurityCenterDisableVirusUI": false,
"defenderSecurityCenterDisableAccountUI": false,
"defenderSecurityCenterDisableClearTpmUI": false,
"defenderSecurityCenterDisableHardwareUI": false,
"defenderSecurityCenterDisableNotificationAreaUI": false,
"defenderSecurityCenterDisableRansomwareUI": false,
"defenderSecurityCenterDisableSecureBootUI": false,
"defenderSecurityCenterDisableTroubleshootingUI": false,
"defenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI": false,
"defenderSecurityCenterOrganizationDisplayName": null,
"defenderSecurityCenterHelpEmail": null,
"defenderSecurityCenterHelpPhone": null,
"defenderSecurityCenterHelpURL": null,
"defenderSecurityCenterNotificationsFromApp": "notConfigured",
"defenderSecurityCenterITContactDisplay": "notConfigured",
"windowsDefenderTamperProtection": "notConfigured",
"firewallBlockStatefulFTP": false,
"firewallIdleTimeoutForSecurityAssociationInSeconds": null,
"firewallPreSharedKeyEncodingMethod": "deviceDefault",
"firewallIPSecExemptionsAllowNeighborDiscovery": false,
"firewallIPSecExemptionsAllowICMP": false,
"firewallIPSecExemptionsAllowRouterDiscovery": false,
"firewallIPSecExemptionsAllowDHCP": false,
"firewallCertificateRevocationListCheckMethod": "deviceDefault",
"firewallMergeKeyingModuleSettings": false,
"firewallPacketQueueingMethod": "deviceDefault",
"defenderAdobeReaderLaunchChildProcess": "enable",
"defenderAttackSurfaceReductionExcludedPaths": [
],
"defenderOfficeAppsOtherProcessInjectionType": "block",
"defenderOfficeAppsOtherProcessInjection": "enable",
"defenderOfficeCommunicationAppsLaunchChildProcess": "enable",
"defenderOfficeAppsExecutableContentCreationOrLaunchType": "block",
"defenderOfficeAppsExecutableContentCreationOrLaunch": "enable",
"defenderOfficeAppsLaunchChildProcessType": "block",
"defenderOfficeAppsLaunchChildProcess": "enable",
"defenderOfficeMacroCodeAllowWin32ImportsType": "block",
"defenderOfficeMacroCodeAllowWin32Imports": "enable",
"defenderScriptObfuscatedMacroCodeType": "block",
"defenderScriptObfuscatedMacroCode": "enable",
"defenderScriptDownloadedPayloadExecutionType": "block",
"defenderScriptDownloadedPayloadExecution": "enable",
"defenderPreventCredentialStealingType": "enable",
"defenderProcessCreationType": "block",
"defenderProcessCreation": "enable",
"defenderUntrustedUSBProcessType": "block",
"defenderUntrustedUSBProcess": "enable",
"defenderUntrustedExecutableType": "block",
"defenderUntrustedExecutable": "enable",
"defenderEmailContentExecutionType": "block",
"defenderEmailContentExecution": "enable",
"defenderAdvancedRansomewareProtectionType": "enable",
"defenderGuardMyFoldersType": "auditMode",
"defenderGuardedFoldersAllowedAppPaths": [
],
"defenderAdditionalGuardedFolders": [
],
"defenderNetworkProtectionType": "enable",
"defenderExploitProtectionXml": null,
"defenderExploitProtectionXmlFileName": null,
"defenderSecurityCenterBlockExploitProtectionOverride": false,
"appLockerApplicationControl": "enforceComponentsStoreAppsAndSmartlocker",
"deviceGuardLocalSystemAuthorityCredentialGuardSettings": "notConfigured",
"deviceGuardEnableVirtualizationBasedSecurity": false,
"deviceGuardEnableSecureBootWithDMA": false,
"deviceGuardSecureBootWithDMA": "notConfigured",
"deviceGuardLaunchSystemGuard": "notConfigured",
"smartScreenEnableInShell": true,
"smartScreenBlockOverrideForFiles": true,
"applicationGuardEnabled": false,
"applicationGuardEnabledOptions": "notConfigured",
"applicationGuardBlockFileTransfer": "notConfigured",
"applicationGuardBlockNonEnterpriseContent": false,
"applicationGuardAllowPersistence": false,
"applicationGuardForceAuditing": false,
"applicationGuardBlockClipboardSharing": "notConfigured",
"applicationGuardAllowPrintToPDF": false,
"applicationGuardAllowPrintToXPS": false,
"applicationGuardAllowPrintToLocalPrinters": false,
"applicationGuardAllowPrintToNetworkPrinters": false,
"applicationGuardAllowVirtualGPU": false,
"applicationGuardAllowFileSaveOnHost": false,
"bitLockerAllowStandardUserEncryption": true,
"bitLockerDisableWarningForOtherDiskEncryption": true,
"bitLockerEnableStorageCardEncryptionOnMobile": false,
"bitLockerEncryptDevice": true,
"bitLockerRecoveryPasswordRotation": "notConfigured",
"defenderDisableScanArchiveFiles": null,
"defenderAllowScanArchiveFiles": null,
"defenderDisableBehaviorMonitoring": null,
"defenderAllowBehaviorMonitoring": null,
"defenderDisableCloudProtection": null,
"defenderAllowCloudProtection": null,
"defenderEnableScanIncomingMail": null,
"defenderEnableScanMappedNetworkDrivesDuringFullScan": null,
"defenderDisableScanRemovableDrivesDuringFullScan": null,
"defenderAllowScanRemovableDrivesDuringFullScan": null,
"defenderDisableScanDownloads": null,
"defenderAllowScanDownloads": null,
"defenderDisableIntrusionPreventionSystem": null,
"defenderAllowIntrusionPreventionSystem": null,
"defenderDisableOnAccessProtection": null,
"defenderAllowOnAccessProtection": null,
"defenderDisableRealTimeMonitoring": null,
"defenderAllowRealTimeMonitoring": null,
"defenderDisableScanNetworkFiles": null,
"defenderAllowScanNetworkFiles": null,
"defenderDisableScanScriptsLoadedInInternetExplorer": null,
"defenderAllowScanScriptsLoadedInInternetExplorer": null,
"defenderBlockEndUserAccess": null,
"defenderAllowEndUserAccess": null,
"defenderScanMaxCpuPercentage": null,
"defenderCheckForSignaturesBeforeRunningScan": null,
"defenderCloudBlockLevel": null,
"defenderCloudExtendedTimeoutInSeconds": null,
"defenderDaysBeforeDeletingQuarantinedMalware": null,
"defenderDisableCatchupFullScan": null,
"defenderDisableCatchupQuickScan": null,
"defenderEnableLowCpuPriority": null,
"defenderFileExtensionsToExclude": [
],
"defenderFilesAndFoldersToExclude": [
],
"defenderProcessesToExclude": [
],
"defenderPotentiallyUnwantedAppAction": null,
"defenderScanDirection": null,
"defenderScanType": null,
"defenderScheduledQuickScanTime": null,
"defenderScheduledScanDay": null,
"defenderScheduledScanTime": null,
"defenderSignatureUpdateIntervalInHours": null,
"defenderSubmitSamplesConsentType": null,
"defenderDetectedMalwareActions": null,
"firewallRules": [
],
"userRightsAccessCredentialManagerAsTrustedCaller": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsAllowAccessFromNetwork": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsBlockAccessFromNetwork": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsActAsPartOfTheOperatingSystem": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsLocalLogOn": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsDenyLocalLogOn": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsBackupData": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsChangeSystemTime": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsCreateGlobalObjects": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsCreatePageFile": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsCreatePermanentSharedObjects": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsCreateSymbolicLinks": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsCreateToken": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsDebugPrograms": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsRemoteDesktopServicesLogOn": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsDelegation": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsGenerateSecurityAudits": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsImpersonateClient": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsIncreaseSchedulingPriority": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsLoadUnloadDrivers": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsLockMemory": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsManageAuditingAndSecurityLogs": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsManageVolumes": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsModifyFirmwareEnvironment": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsModifyObjectLabels": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsProfileSingleProcess": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsRemoteShutdown": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsRestoreData": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"userRightsTakeOwnership": {
"state": "notConfigured",
"localUsersOrGroups": [
]
},
"firewallProfileDomain": {
"firewallEnabled": "allowed",
"stealthModeRequired": false,
"stealthModeBlocked": false,
"incomingTrafficRequired": false,
"incomingTrafficBlocked": false,
"unicastResponsesToMulticastBroadcastsRequired": false,
"unicastResponsesToMulticastBroadcastsBlocked": false,
"inboundNotificationsRequired": false,
"inboundNotificationsBlocked": false,
"authorizedApplicationRulesFromGroupPolicyMerged": false,
"authorizedApplicationRulesFromGroupPolicyNotMerged": false,
"globalPortRulesFromGroupPolicyMerged": false,
"globalPortRulesFromGroupPolicyNotMerged": false,
"connectionSecurityRulesFromGroupPolicyMerged": false,
"connectionSecurityRulesFromGroupPolicyNotMerged": false,
"outboundConnectionsRequired": false,
"outboundConnectionsBlocked": false,
"inboundConnectionsRequired": false,
"inboundConnectionsBlocked": true,
"securedPacketExemptionAllowed": false,
"securedPacketExemptionBlocked": false,
"policyRulesFromGroupPolicyMerged": false,
"policyRulesFromGroupPolicyNotMerged": false
},
"firewallProfilePublic": {
"firewallEnabled": "allowed",
"stealthModeRequired": false,
"stealthModeBlocked": false,
"incomingTrafficRequired": false,
"incomingTrafficBlocked": false,
"unicastResponsesToMulticastBroadcastsRequired": false,
"unicastResponsesToMulticastBroadcastsBlocked": false,
"inboundNotificationsRequired": false,
"inboundNotificationsBlocked": false,
"authorizedApplicationRulesFromGroupPolicyMerged": false,
"authorizedApplicationRulesFromGroupPolicyNotMerged": false,
"globalPortRulesFromGroupPolicyMerged": false,
"globalPortRulesFromGroupPolicyNotMerged": false,
"connectionSecurityRulesFromGroupPolicyMerged": false,
"connectionSecurityRulesFromGroupPolicyNotMerged": false,
"outboundConnectionsRequired": false,
"outboundConnectionsBlocked": false,
"inboundConnectionsRequired": false,
"inboundConnectionsBlocked": true,
"securedPacketExemptionAllowed": false,
"securedPacketExemptionBlocked": false,
"policyRulesFromGroupPolicyMerged": false,
"policyRulesFromGroupPolicyNotMerged": false
},
"firewallProfilePrivate": {
"firewallEnabled": "allowed",
"stealthModeRequired": false,
"stealthModeBlocked": false,
"incomingTrafficRequired": false,
"incomingTrafficBlocked": false,
"unicastResponsesToMulticastBroadcastsRequired": false,
"unicastResponsesToMulticastBroadcastsBlocked": false,
"inboundNotificationsRequired": false,
"inboundNotificationsBlocked": false,
"authorizedApplicationRulesFromGroupPolicyMerged": false,
"authorizedApplicationRulesFromGroupPolicyNotMerged": false,
"globalPortRulesFromGroupPolicyMerged": false,
"globalPortRulesFromGroupPolicyNotMerged": false,
"connectionSecurityRulesFromGroupPolicyMerged": false,
"connectionSecurityRulesFromGroupPolicyNotMerged": false,
"outboundConnectionsRequired": false,
"outboundConnectionsBlocked": false,
"inboundConnectionsRequired": false,
"inboundConnectionsBlocked": true,
"securedPacketExemptionAllowed": false,
"securedPacketExemptionBlocked": false,
"policyRulesFromGroupPolicyMerged": false,
"policyRulesFromGroupPolicyNotMerged": false
},
"bitLockerSystemDrivePolicy": {
"encryptionMethod": "xtsAes256",
"startupAuthenticationRequired": true,
"startupAuthenticationBlockWithoutTpmChip": true,
"startupAuthenticationTpmUsage": "required",
"startupAuthenticationTpmPinUsage": "blocked",
"startupAuthenticationTpmKeyUsage": "blocked",
"startupAuthenticationTpmPinAndKeyUsage": "blocked",
"minimumPinLength": null,
"prebootRecoveryEnableMessageAndUrl": false,
"prebootRecoveryMessage": null,
"prebootRecoveryUrl": null,
"recoveryOptions": {
"blockDataRecoveryAgent": true,
"recoveryPasswordUsage": "allowed",
"recoveryKeyUsage": "allowed",
"hideRecoveryOptions": true,
"enableRecoveryInformationSaveToStore": true,
"recoveryInformationToStore": "passwordAndKey",
"enableBitLockerAfterRecoveryInformationToStore": true
}
},
"bitLockerFixedDrivePolicy": {
"encryptionMethod": "xtsAes256",
"requireEncryptionForWriteAccess": true,
"recoveryOptions": {
"blockDataRecoveryAgent": true,
"recoveryPasswordUsage": "allowed",
"recoveryKeyUsage": "allowed",
"hideRecoveryOptions": true,
"enableRecoveryInformationSaveToStore": true,
"recoveryInformationToStore": "passwordAndKey",
"enableBitLockerAfterRecoveryInformationToStore": true
}
},
"bitLockerRemovableDrivePolicy": {
"encryptionMethod": "aesCbc256",
"requireEncryptionForWriteAccess": true,
"blockCrossOrganizationWriteAccess": false
}
}
"@