Increase your logging abilities to further your ability to detect threats and malicious activity on your systems.

For those who seek to minimize their Windows 10 installs.

A collection of example configurations and scripts to aid system administrators in hardening Apache web servers.GLVK Auto Install Script for KMS Activation

Apply the Adobe Reader Pro DC STIGs in one simple script.

Automate STIGing Windows 10

On July 14, 2020, Microsoft released a security updatApplying the .NET STIG is definitely not straightforward. For many administrators it can take hours to fully implement on a single system. This script applies the required registry changes and modifies the machine.config file to implement FIPS and other controls as required.

Organizations like PrivacyTools.io and ffprofile have suggested changes to make FireFox more secure and private. These changes cover suggested browser extentions, blocking telemetry, disabling 3rd-party cookies, disabling trackers, etc.

The Firefox V4R29 isn’t the easiest of STIGs to apply. This script will implement most of the required FireFox policies. In the future, the FireFox ADMX templates and GPO’s will be applied in this script.

Many organizations have a need or want to control the branding of a Windows system. This includes the desktop wallpaper, the users avatar, the Windows lock screen, and sometimes the OEM Logo. In Windows 10, Windows Server 2016, and Windows Server 2019 this is not particularly easy. But, with the aide of the linked script, we can partially automate it and make the process much easier.

The Oracle JRE STIGs aren’t so straight forward, requiring administrators to research JAVA documentation and generate java config files, when most administrators are used to solely STIG-ing using group policy.

A collection of example configurations and scripts to aid system administrators in hardening Apache web servers.

On July 14, 2020, Microsoft released a security update for the issue that is described in CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability. This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS Server role. We strongly recommend that server administrators apply the security update at their earliest convenience.

Windows 10 is an invasive and insecure operating system out of the box. Organizations like PrivacyTools.io, Microsoft, Cyber.mil, the Department of Defense, and the [National Security Agency have recommended configuration changes to lockdown, harden, and secure the operating system. These changes cover a wide range of mitigations including blocking telemetry, macros, removing bloatware, and preventing many digital and physical attacks on a system. This script aims to automate the configurations recommended by those organizations.

In today’s modern workplace environment, system administrators constantly are battling for time. Rolling out the latest Windows updates can be extremely time consuming taking up to a week given enough systems. Along with some assistance from Chocolatey, PSWindowsUpdates, and Startup Scripts, Systems Administrators can roll out update with as little as a single reboot of each machine.

Automate STIGing Windows Server 2012, 2016, and 2019