Table of Contents

STIG Compliant Domain Prep

Import all the GPOs provided by SimeonOnSecurity to assist in making your domain compliant with all applicable STIGs and SRGs.

Notes:

This script is designed for use in Enterprise environments

STIGS/SRGs Applied:

• Windows 10 V1R23

• Windows Defender Antivirus V1R9

• Windows Firewall V1R7

• Internet Explorer 11 V1R19

• Adobe Reader Pro DC Continous V1R2

• Adobe Reader Pro DC Classic V1R3

• Microsoft Office 2019/Office 365 Pro Plus V1R2

• Microsoft Office 2016 V1R2

• Microsoft Office 2013 V1R5

• Google Chrome V1R19

• Firefox V4R29

• Microsoft .Net Framework 4 V1R9 - Work in Progress

• Oracle JRE 8 V1R5

Additional configurations were considered from:

• NSACyber - Hardware-and-Firmware-Security-Guidance

• NSACyber - Application Whitelisting Using Microsoft AppLocker

• Whonix - Disable TCP Timestamps

• CERT - IE Scripting Engine Memory Corruption

• Dirteam - SSL Hardening

• Microsoft - Specture and Meltdown Mitigations

• Microsoft - Windows 10 Privacy

• Microsoft - Managing Windows 10 Telemetry and Callbacks

• Microsoft - Windows 10 VDI Recomendations

How to run the script:

The script may be launched from the extracted GitHub download like this:

.\sos-stig-compliant-domain-prep.ps1

The script we will be using must be launched from the directory containing all the other files from the GitHub Repository