PowerShell Script to Harden a Windows 2019 Server to HITRUST Cybersecurity Standards

 HITRUST is a cybersecurity framework that aims to protect sensitive information and manage risks in the healthcare industry. Hardening a Windows Server 2019 to meet HITRUST standards involves implementing a range of security controls to ensure the confidentiality, integrity, and availability of the system and the data it processes.


Here's a PowerShell script that you can use to harden a Windows Server 2019 to HITRUST standards:

# Disable SMBv1
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

# Enable SMBv2 and SMBv3
Set-SmbServerConfiguration -EnableSMB2Protocol $true
Set-SmbServerConfiguration -EnableSMB3Protocol $true

# Disable NetBIOS over TCP/IP
Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.TcpipNetbiosOptions -ne 0 } | ForEach-Object {
    $_.DisableNetbios()
}

# Enable Windows Defender
Set-MpPreference -DisableRealtimeMonitoring $false
Set-MpPreference -DisableBehaviorMonitoring $false
Set-MpPreference -DisableBlockAtFirstSeen $false

# Enable Windows Firewall
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
Set-NetFirewallRule -DisplayGroup 'File and Printer Sharing' -Enabled True
Set-NetFirewallRule -DisplayGroup 'Remote Administration' -Enabled True
Set-NetFirewallRule -DisplayGroup 'Remote Desktop' -Enabled True
Set-NetFirewallRule -DisplayGroup 'Windows Management Instrumentation (WMI)' -Enabled True

# Configure audit policy
$auditPolicy = Get-AuditPolicy
$auditPolicy.AuditLogonEvents = "Success,Failure"
$auditPolicy.AuditObjectAccess = "Success,Failure"
$auditPolicy.AuditProcessTracking = "Success"
$auditPolicy.AuditPolicyChange = "Success"
$auditPolicy.AuditSystemEvents = "Success"
Set-AuditPolicy -InputObject $auditPolicy

# Disable LM and NTLMv1 authentication
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'LMCompatibilityLevel' -Value 5
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'LmCompatibilityLevel' -Value 5
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0' -Name 'NtlmMinClientSec' -Value 5376
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0' -Name 'NtlmMinServerSec' -Value 5376

# Enable Secure LDAP (LDAPS)
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LDAP' -Name 'LDAPServerIntegrity' -Value 2

# Disable anonymous access to shares
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name 'NullSessionShares' -Value ''

# Disable unnecessary services
Get-Service -Name RemoteRegistry | Set-Service -StartupType Disabled
Get-Service -Name Telnet | Set-Service -StartupType Disabled
Get-Service -Name TFTP | Set-Service -StartupType Disabled
Get-Service -Name SNMP | Set-Service -StartupType Disabled
Get-Service -Name SNMPTRAP | Set-Service -StartupType Disabled

# Install the latest security updates
Install-PackageProvider -Name NuGet -MinimumVersion 2

Comments

Post a Comment

Popular posts from this blog

Unveiling the Power of PowerShell Regions: A Comprehensive Guide

 Introduction PowerShell has gained widespread popularity as a powerful task automation and configuration management framework. As your PowerShell scripts grow in size and complexity, it's essential to maintain readability and organization. One often under-utilized feature of PowerShell that can significantly improve code readability is the use of 'regions'. In this blog post, we will delve into the concept of regions in PowerShell, exploring their applications, benefits, and how you can make the most of them in your scripts. What are PowerShell Regions? PowerShell regions are collapsible sections of code, demarcated by special comments, that allow you to group and organize related code snippets. The primary purpose of regions is to improve the readability of your scripts by allowing you to fold or collapse sections of code that are not actively being worked on. These regions can be expanded or collapsed using the 'Expand-Collapse' functionality available in most mo...
Read more

PowerShell Script to Remotely Update Firmware on Brother Printers Microsoft

While this does not work for all models or configurations of Brother printers, it can be a lifesaver so I thought I would share: # Set your printer's IP address and model number $PrinterIP = "192.168.1.100" $PrinterModel = "HL-L8360CDW" # Define the URL for the firmware download page $FirmwareURL = "https://support.brother.com/g/b/downloadtop.aspx?c=us&lang=en&prod=$($PrinterModel.ToLower())_eus" # Get the latest firmware version from Brother's website $LatestFirmwareInfo = (Invoke-WebRequest -Uri $FirmwareURL -UseBasicParsing).Links | Where-Object { $_.href -like "*.firm" } | ForEach-Object { @{ Version = $_.innerText.Trim() -replace '[^0-9.]', ''; DownloadUrl = $_.href } } | Sort-Object -Descending -Property Version | Select-Object -First 1 if (!$LatestFirmwareInfo) { Write-Host "Couldn't retrieve the latest firmware version for the printer model. Please verify the printer model an...
Read more

PowerShell Script to Reset Permissions on all Documents in a Document Library in SharePoint Online.

Here's a PowerShell script that resets permissions on all documents in a SharePoint Online document library: #Connect to SharePoint Online Site $SiteURL = "https://yourdomain.sharepoint.com/sites/sitename" $UserName = "yourusername@yourdomain.com" $Password = "yourpassword" $SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force $Cred = New-Object System.Management.Automation.PSCredential($UserName, $SecurePassword) Connect-PnPOnline -Url $SiteURL -Credentials $Cred #Set Variables $ListName = "Documents" $FolderPath = "/Shared Documents" #Get all Documents from the document library $Documents = Get-PnPListItem -List $ListName -Folder $FolderPath #Loop through each document and reset permissions foreach ($Doc in $Documents) { Set-PnPListItemPermission -List $ListName -Identity $Doc.Id -InheritPermissions $true -ClearAllPermissions $true } Write-Host "Permissions reset complete." You will need to re...
Read more