-
Notifications
You must be signed in to change notification settings - Fork 0
/
Set-LocalSecurityPolicy.psm1
52 lines (31 loc) · 1.93 KB
/
Set-LocalSecurityPolicy.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#Requires -RunAsAdministrator
function Set-LocalSecurityPolicy
{
<#
.SYNOPSIS
Set-LocalSecurityPolicy
.DESCRIPTION
Prompt the user to use the Local Security Policy editor to edit and export a local machine's security policy.
After closing the local security policy editor, settings will be exported in plain text and Base64 format.
The Base64-encoded variable holding the local security policy can be dropped to disk using the following .NET command.
This is compatible within a PowerShell script, writing the contents of $EncodedSecPol to secpol.cfg:
[IO.File]::WriteAllBytes("secpol.cfg", [Convert]::FromBase64String($EncodedSecPol))
.EXAMPLE
PS> Import-Module .\Set-LocalSecurityPolicy.psm1
Set-LocalSecurityPolicy
#>
Write-Host "Opening Local Security Policy Editor. After making desired changes, close the editor to continue."
Write-Host "Wait a few moments after closing the editor for the process to terminate."
Start-Process "${env:windir}\System32\secpol.msc" -Wait
$save_path = Read-Host -Prompt "Enter full path to the directory where security policies will be saved"
while((Test-Path $save_path) -eq $False) {
Write-Host "Invalid path."
$save_path = Read-Host -Prompt "Enter full file path where security policies will be saved"
}
secedit /export /cfg "$save_path\secpol.cfg" /quiet
Write-Host "`r`nPlain text security policy saved to $save_path\secpol.cfg."
$EncodedSecpol = [Convert]::ToBase64String([IO.File]::ReadAllBytes("$save_path\secpol.cfg"))
New-Item -Path "$save_path\base64-encoded-policy.txt" -ItemType "file" -Value ('$EncodedSecpol = ' + $EncodedSecpol) | Out-Null
Write-Host "Base64-encoded security policy saved to $save_path\base64-encoded-policy.txt.`r`n"
Write-Host "Run Get-Help Set-LocalSecurityPolicy for more information on using this encoded file in a script."
}