About
Me 		B.C.W.H.S.
LLC 		Contact
Me 		My
Resume 		PowerShell
wbMSPmodule 		PowerShell
wbMSPSecurity 		Scan
Website 		Visitor
Information
Site Title

PowerShell - wbMSPSecurity 1.0


PowerShell for Endpoint Security. These commands will close up some endpoint issues that are defined in Microsoft's Secure Score and other Windows security products.

The install and use of the wbMSPSecurity is pretty straight forward. Open Windows PowerShell with Administrative access and copy and paste the commands below.

This module is registered with PowerShell Gallery
 

wbMSPSecurity 1.0 Installation

Install-PackageProvider -Name NuGet -RequiredVersion 2.8.5.201 -Force;
Import-PackageProvider -Name NuGet -RequiredVersion 2.8.5.201;
 
Install-Module -Name wbMSPSecurity -RequiredVersion 1.0 -Force;
Import-Module -Name wbMSPSecurity -RequiredVersion 1.0;


A majority of these controls are low impact and shouldn't disrupt your workflow however, caution is advised depending on your setup.

To enable all modules: Set-wbMSPsecAllOn
 
To revert all modules: Set-wbMSPsecAllOff
 

1) Block outdated ActiveX controls for Internet Explorer

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext" -Name 'VersionCheckEnabled' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec1On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext" -Name 'VersionCheckEnabled' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec1Off
 

2) Disable 'Autoplay for non-volume devices'

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutoplayfornonVolume' -Value 1;
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows" -Name 'Explorer' -Force;
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name 'NoAutoplayfornonVolume' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec2On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutoplayfornonVolume' -Value 0;
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Explorer" -Name 'NoAutoplayfornonVolume' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec2Off
 

3) Disable 'Autoplay' for all drives

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoDriveTypeAutoRun' -Value 255;

wbMSPSecurity 1.0: Set-wbMSPsec3On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoDriveTypeAutoRun' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec3Off
 

4) Disable 'Continue running background apps when Google Chrome is closed'

Set
New-Item -Path "HKLM:\Software\Policies" -Name 'Google' -Force;
New-Item -Path "HKLM:\Software\Policies\Google" -Name 'Chrome' -Force;
New-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BackgroundModeEnabled' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec4On
 
Revert
Set-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BackgroundModeEnabled' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec4Off
 

5) Disable 'Enumerate administrator accounts on elevation'

Set
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies" -Name 'CredUI' -Force;
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" -Name 'EnumerateAdministrators' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec5On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI" -Name 'EnumerateAdministrators' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec5Off
 

6) Disable 'Password Manager'

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name "PasswordManagerEnabled" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec28On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name "PasswordManagerEnabled" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec28Off
 

7) Disable Anonymous enumeration of shares

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name 'RestrictAnonymous' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec6On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name 'RestrictAnonymous' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec6Off
 

8) Disable Insecure guest logons in SMB

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\" -Name "AllowInsecureGuestLogons" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec39On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\" -Name "AllowInsecureGuestLogons" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec39Off
 

9) Disable Installation and configuration of Network Bridge on your DNS domain network

Set
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_AllowNetBridge_NLA" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec30On
 
Revert
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_AllowNetBridge_NLA" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec30Off
 

10) Disable IP Source routing

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\" -Name 'DisableIPSourceRouting' -Value 2;

wbMSPSecurity 1.0: Set-wbMSPsec7On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\" -Name 'DisableIPSourceRouting' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec7Off
 

11) Disable JavaScript/Flash on Adobe Reader DC

Set
New-Item -Path "HKLM:\SOFTWARE\Policies\Adobe\" -Name 'Acrobat Reader' -Force;
New-Item -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader" -Name 'DC' -Force;
New-Item -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC" -Name 'FeatureLockDown' -Force;
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bDisableJavaScript' -Value 1;
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bEnableFlash' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec8On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bDisableJavaScript' -Value 0;
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name 'bEnableFlash' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec8Off
 

12) Disable Microsoft Defender Firewall notifications when programs are blocked for Domain/Public/Private profile

Set
New-Item -Path "HKLM:\Software\Policies\Microsoft" -Name 'WindowsFirewall' -Force;
New-Item -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall" -Name 'DomainProfile' -Force;
New-Item -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall" -Name 'PrivateProfile' -Force;
New-Item -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall" -Name 'PublicProfile' -Force;
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile" -Name 'DisableNotifications' -Value 1;
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile" -Name 'DisableNotifications' -Value 1;
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile" -Name 'DisableNotifications' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec9On
 
Revert
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile" -Name 'DisableNotifications' -Value 0;
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile" -Name 'DisableNotifications' -Value 0;
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile" -Name 'DisableNotifications' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec9Off
 

13) Disable running or installing downloaded software with invalid signature

Set
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\" -Name 'Internet Explorer' -Force;
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer" -Name 'Download' -Force;
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Download\" -Name 'RunInvalidSignatures' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec10On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Download\" -Name 'RunInvalidSignatures' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec10Off
 

14) Disable sending unencrypted password to third-party SMB servers

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SealSecureChannel" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec42On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SealSecureChannel" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec42Off
 

15) Disable SMBv1 client driver

Set
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart;

wbMSPSecurity 1.0: Set-wbMSPsec40On
 
Revert
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart;

wbMSPSecurity 1.0: Set-wbMSPsec40Off
 

16) Disable SMBv1 server

Set
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force;

wbMSPSecurity 1.0: Set-wbMSPsec41On
 
Revert
Set-SmbServerConfiguration -EnableSMB1Protocol $true -Force;

wbMSPSecurity 1.0: Set-wbMSPsec41Off
 

17) Disable the local storage of passwords and credentials

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "DisableDomainCreds" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec31On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "DisableDomainCreds" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec31Off
 

18) Disable WDigest Authentication

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\" -Name "UseLogonCredential" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec43On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\" -Name "UseLogonCredential" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec43Off
 

19) Enable 'Apply UAC restrictions to local accounts on network logons'

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name 'LocalAccountTokenFilterPolicy' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec11On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name 'LocalAccountTokenFilterPolicy' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec11Off
 

20) Enable 'Block third party cookies'

Set
New-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BlockThirdPartyCookies' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec12On
 
Revert
Set-ItemProperty -Path "HKLM:\Software\Policies\Google\Chrome" -Name 'BlockThirdPartyCookies' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec12Off
 

21) Enable 'Microsoft network client: Digitally sign communications (always)'

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name 'RequireSecuritySignature' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec13On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name 'RequireSecuritySignature' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec13Off
 

22) Enable Domain member: Digitally encrypt or sign secure channel data (always)

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "RequireSignOrSeal" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec45On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "RequireSignOrSeal" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec45Off
 

23) Enable Domain member: Digitally sign secure channel data (when possible)

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SignSecureChannel" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec44On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\" -Name "SignSecureChannel" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec44Off
 

24) Enable Microsoft Defender Antivirus Email Scanning

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableEmailScanning' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec14On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableEmailScanning' -Value 1
wbMSPSecurity 1.0: Set-wbMSPsec14Off
 

25) Enable Network Protection

Set
Set-MpPreference -EnableNetworkProtection Enabled;

wbMSPSecurity 1.0: Set-wbMSPsec38On
 
Revert
Set-MpPreference -EnableNetworkProtection Disabled;

wbMSPSecurity 1.0: Set-wbMSPsec38Off
 

26) Enable Require domain users to elevate when setting a networks location

Set
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_StdDomainUserSetLocation" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec32On
 
Revert
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Network Connections\" -Name "NC_StdDomainUserSetLocation" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec32Off
 

27) Enable Safe DLL Search Mode

Set
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Session Manager\" -Name "SafeDllSearchMode" -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec37On
 
Revert
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Session Manager\" -Name "SafeDllSearchMode" -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec37Off
 

28) Enable scanning of removable drives during a full scan

Set
New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name 'Scan' -Force;
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableRemovableDriveScanning' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec15On
 
Revert
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender\Scan" -Name 'DisableRemovableDriveScanning' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec15Off
 

29) Hide Option & Enable Automatic Updates

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\cloud\office\16.0\common\officeupdate" -Name 'enableautomaticupdates' -Value 1;
New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft" -Name 'Office' -Force;
New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft\Office" -Name '16.0' -Force;
New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0" -Name 'Common' -Force;
New-Item -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common" -Name 'Officeupdate' -Force;
New-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'hideenabledisableupdates' -Value 1;
New-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'enableautomaticupdates' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec16On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\cloud\office\16.0\common\officeupdate" -Name 'enableautomaticupdates' -Value 0;
Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'hideenabledisableupdates' -Value 0;
Set-ItemProperty -Path "HKLM:\SOFTWARE\policies\Microsoft\Office\16.0\Common\Officeupdate" -Name 'enableautomaticupdates' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec16Off
 

30) Prohibit use of Internet Connection Sharing on your DNS domain network

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Network Connections" -Name 'NC_ShowSharedAccessUI' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec17On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Network Connections" -Name 'NC_ShowSharedAccessUI' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec17Off
 

31) Secure Microsoft Defender Firewall domain profile

Set
Set-NetFirewallProfile -Profile Domain -Enabled True;

wbMSPSecurity 1.0: Set-wbMSPsec34On
 
Revert
Set-NetFirewallProfile -Profile Domain -Enabled False;

wbMSPSecurity 1.0: Set-wbMSPsec34Off
 

32) Secure Microsoft Defender firewall private profile

Set
Set-NetFirewallProfile -Profile Private -Enabled True;

wbMSPSecurity 1.0: Set-wbMSPsec36On
 
Revert
Set-NetFirewallProfile -Profile Private -Enabled False;

wbMSPSecurity 1.0: Set-wbMSPsec36Off
 

33) Secure Microsoft Defender Firewall public profile

Set
Set-NetFirewallProfile -Profile Public -Enabled True;

wbMSPSecurity 1.0: Set-wbMSPsec35On
 
Revert
Set-NetFirewallProfile -Profile Public -Enabled False;

wbMSPSecurity 1.0: Set-wbMSPsec35Off
 

34) Set 'Account lockout duration' to 15 minutes or more

Set
net accounts /lockoutduration:15
wbMSPSecurity 1.0: Set-wbMSPsec18On
 

35) Set 'Account lockout threshold' to 1-10 invalid login attempts

Set
net accounts /lockoutthreshold:10
wbMSPSecurity 1.0: Set-wbMSPsec19On
 

36) Set 'Enforce Password History' to '24 or more password(s)'

Set
net accounts /uniquepw:24
wbMSPSecurity 1.0: Set-wbMSPsec20On
 

37) Set 'Interactive logon: Machine inactivity limit' to '1-900 seconds'

Set
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" -Name 'InactivityTimeoutSecs' -PropertyType DWORD -Value 0x00000384 -Force
wbMSPSecurity 1.0: Set-wbMSPsec21On
 

38) set 'Minimum Password Age' to '1 or more day(s)'

Set
net accounts /minpwage:1
wbMSPSecurity 1.0: Set-wbMSPsec22On
 

39) Set 'Reset account lockout counter after' to 15 minutes or more

Set
net accounts /lockoutwindow:15
wbMSPSecurity 1.0: Set-wbMSPsec23On
 

40) Set default behavior for 'AutoRun' to 'Enabled: Do not execute any autorun commands'

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutorun' -Value 1;

wbMSPSecurity 1.0: Set-wbMSPsec24On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name 'NoAutorun' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec24Off
 

41) Set IPV6 source routing to highest protection

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name 'DisableIPSourceRouting' -Value 2;

wbMSPSecurity 1.0: Set-wbMSPsec25On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name 'DisableIPSourceRouting' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec25Off
 

42) Set LAN Manager authentication level to 'Send NTLMv2 response only. Refuse LM & NTLM'

Set
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\" -Name 'LmCompatibilityLevel' -Value 5;

wbMSPSecurity 1.0: Set-wbMSPsec26On
 
Revert
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\" -Name 'LmCompatibilityLevel' -Value 3;

wbMSPSecurity 1.0: Set-wbMSPsec26Off
 

43) Set User Account Control (UAC) to automatically deny elevation requests

Set
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" -Name 'ConsentPromptBehaviorUser' -Value 0;

wbMSPSecurity 1.0: Set-wbMSPsec27On
 
Revert
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" -Name 'ConsentPromptBehaviorUser' -Value 3;

wbMSPSecurity 1.0: Set-wbMSPsec27Off
 

44) Set user authentication for remote connections by using Network Level Authentication to Enabled

Set
Set-NetworkLevelAuthentication -EnableNLA $true;

wbMSPSecurity 1.0: Set-wbMSPsec29On
 
Revert
Set-NetworkLevelAuthentication -EnableNLA $false;

wbMSPSecurity 1.0: Set-wbMSPsec29Off
 

45) Update Microsoft Defender Antivirus definitions

Set
Update-MpSignature;

wbMSPSecurity 1.0: Set-wbMSPsec33On
 
About
Me 		B.C.W.H.S.
LLC 		Contact
Me 		My
Resume 		PowerShell
wbMSPmodule 		PowerShell
wbMSPSecurity 		Scan
Website 		Visitor
Information