Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
After performing a threat assessment, made the decision of shipping all of the important parts of the Harden Windows Security Module with itself in 1 package, so when you install it from PowerShell gallery, it no longer downloads or runs code from the GitHub, everything is available locally on your computer. This should provide more confidence and trust for the workflow of the code. Only resources such as plain text simple CSV files are downloaded from the repository. Those are explicitly and safely imported to a type defined variable.
Substantially improved the displayed output of the Confirm-systemCompliance cmdlet. The values of the Compliant column, which are either True, False or N/A, are now color coded and False values blink. This makes it easier for you to quickly identify each value by simply scrolling through the result.
Added BitLocker check for the OS drive to make sure it's properly encrypted.
Removed the following items from the default security policy inf file because when they are used in Azure VMs using the Unprotect-WindowsSecurity cmdlet, they would cause problem, since Azure VMs use built-in administrator account and those accounts are renamed when you create the VM, set to the same username you choose during VM creation.
The module and all of its features are completely and extensively tested on physical machines and virtual machines. The Harden Windows Security Module is fully compatible with Azure VM deployment and usage.
What's Changed
After performing a threat assessment, made the decision of shipping all of the important parts of the Harden Windows Security Module with itself in 1 package, so when you install it from PowerShell gallery, it no longer downloads or runs code from the GitHub, everything is available locally on your computer. This should provide more confidence and trust for the workflow of the code. Only resources such as plain text simple CSV files are downloaded from the repository. Those are explicitly and safely imported to a type defined variable.
Improved a requirement checks in the hardening measures after reporting a documentation issue and having it fixed: https://github.com/MicrosoftDocs/microsoft-365-docs/issues/12747
Substantially improved the displayed output of the
Confirm-systemCompliancecmdlet. The values of the Compliant column, which are either True, False or N/A, are now color coded and False values blink. This makes it easier for you to quickly identify each value by simply scrolling through the result.Added BitLocker check for the OS drive to make sure it's properly encrypted.
Removed the following items from the default security policy inf file because when they are used in Azure VMs using the
Unprotect-WindowsSecuritycmdlet, they would cause problem, since Azure VMs use built-in administrator account and those accounts are renamed when you create the VM, set to the same username you choose during VM creation.