Closed peg-ui closed 3 months ago
Message that will be displayed on users' first issue
@peg-ui Github issues are not a place for reviews or complaints. It is stated that home editions aren't supported. This is because home edition is missing gpo, software, and many entire features. Home Edition has multiple technical limitations as it isn't meant to be configured through automated methods. You did something that was clearly mentioned as unsupported and then complained about it on the wrong repo...
Home Ed - Considered to lack of features and req
I know these lack of abilities for the home features but i tried it anyway Because i tried these if would really works, for some of my knowledge in MS windows these are just Inherent model for both 10 & 11 Pro arch.
*May your network some break with resolving with your host router but not the internet itself
I hated the fact it's just really removing/uninstalling things, in STIG's, fair in SoS config and cannot undo the things that executed
It does not have gpedit.msc, Windows Defender Application Guard, Windows Defender Credential Guard, Group Policy Objects, AppLocker, Windows baseline security, and Bitlocker.
Mostly too in Users & Groups they are uncontrollable when it's manual but it would harden i think in terms of inbuilt
Here's the things that actual log for the .exe
/Removing Existing Local GPOs Installing the Latest Windows Updates
Id Name PSJobTypeName State HasMoreData Location Command
1 Windows Updates BackgroundJob Running True localhost ...
Implementing the Adobe STIGs Importing Group Policies from .\Files\GPOs\DoD\Adobe ... Importing DoD - Adobe Acrobat Pro DC Cont. - Computer GPOs... Importing DoD - Adobe Acrobat Pro DC Cont. - User GPOs... Importing DoD - Adobe Acrobat Reader DC Cont. - Computer GPOs... Importing DoD - Adobe Acrobat Reader DC Cont. - User GPOs... 3 Adobe Reader... BackgroundJob Running True localhost ...
Implementing the FireFox STIGs Importing Group Policies from .\Files\GPOs\DoD\FireFox ... Importing DoD - Mozilla FireFox GPOs... Importing Group Policies from .\Files\GPOs\SoS\FireFox ... Importing SOS - FireFox STIG GPOs... simeononsecurity/FireFox-STIG-Script https://github.com/simeononsecurity/FireFox-STIG-Script Installing Firefox Configurations - Please Wait. Window will close after install is complete Firefox 64-Bit Configurations Installed FireFox 32-Bit Is Not Installed Implementing the Google Chrome STIGs Importing Group Policies from .\Files\GPOs\DoD\Chrome ... Importing DoD - Google Chrome GPOs... Implementing the Internet Explorer 11 STIGs Importing Group Policies from .\Files\GPOs\DoD\IE11 ... Importing DoD - Internet Explorer 11 - Computer GPOs... Importing DoD - Internet Explorer 11 - User GPOs... Implementing the Microsoft Edge STIGs Importing Group Policies from .\Files\GPOs\DoD\Edge ... Importing DoD - Microsoft Chromium Edge GPOs...
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Privac
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge
PSChildName : Privacy
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Privacy
Implementing the Dot Net Framework STIGs Implementing simeononsecurity/.NET-STIG-Script https://github.com/simeononsecurity/.NET-STIG-Script Beginning .NET STIG Script .Net StrongName Verification Registry Does Not Exist Set Trust Providers Software Publishing State to 146432/0x23C00 for SID .DEFAULT Set Trust Providers Software Publishing State to 146432/0x23C00 for SID S-1-5-19 Set Trust Providers Software Publishing State to 146432/0x23C00 for SID S-1-5-20 Set Trust Providers Software Publishing State to 146432/0x23C00 for SID S-1-5-21-1845226485-2070369282-3020182508-1001 Set Trust Providers Software Publishing State to 146432/0x23C00 for SID S-1-5-21-1845226485-2070369282-3020182508-1001_Classes Set Trust Providers Software Publishing State to 146432/0x23C00 for SID S-1-5-18 .Net 32-Bit v1.0.3705 Is Installed Disabled Strong Name Bypass for v1.0.3705 32-Bit Enforced Strong Crypto for v1.0.3705 32-Bit .Net 32-Bit v1.1.4322 Is Installed Disabled Strong Name Bypass for v1.1.4322 32-Bit Enforced Strong Crypto for v1.1.4322 32-Bit .Net 32-Bit v2.0.50727 Is Installed Set CAS policy for v2.0.50727 32-Bit Disabled Strong Name Bypass for v2.0.50727 32-Bit Enforced Strong Crypto for v2.0.50727 32-Bit .Net 32-Bit v3.0 Is Installed Disabled Strong Name Bypass for v3.0 32-Bit Enforced Strong Crypto for v3.0 32-Bit .Net 32-Bit v3.5 Is Installed Disabled Strong Name Bypass for v3.5 32-Bit Enforced Strong Crypto for v3.5 32-Bit .Net 32-Bit v4.0.30319 Is Installed Set CAS policy for v4.0.30319 32-Bit Disabled Strong Name Bypass for v4.0.30319 32-Bit Enforced Strong Crypto for v4.0.30319 32-Bit .Net 64-Bit v2.0.50727 Is Installed Set CAS policy for v2.0.50727 64-Bit Disabled Strong Name Bypass for v2.0.50727 64-Bit Enforced Strong Crypto for v2.0.50727 64-Bit .Net 64-Bit v3.0 Is Installed Disabled Strong Name Bypass for v3.0 64-Bit Enforced Strong Crypto for v3.0 64-Bit .Net 64-Bit v3.5 Is Installed Disabled Strong Name Bypass for v3.5 64-Bit Enforced Strong Crypto for v3.5 64-Bit .Net 64-Bit v4.0.30319 Is Installed Set CAS policy for v4.0.30319 64-Bit Disabled Strong Name Bypass for v4.0.30319 64-Bit Enforced Strong Crypto for v4.0.30319 64-Bit Implementing the Microsoft Office STIGs Importing Group Policies from .\Files\GPOs\DoD\Office ... Importing DoD - Access 2013 GPOs... Importing DoD - Access 2016 GPOs... Importing DoD - Excel 2013 GPOs... Importing DoD - Excel 2016 GPOs... Importing DoD - Infopath 2013 - Computer GPOs... Importing DoD - Infopath 2013 - User GPOs... Importing DoD - Lync 2013 GPOs... Importing DoD - Office 2013 System - Computer GPOs... Importing DoD - Office 2013 System - User GPOs... Importing DoD - Office 2016 System - Computer GPOs... Importing DoD - Office 2016 System - User GPOs... Importing DoD - Office 2019 System - Computer GPOs... Importing DoD - Office 2019 System - User GPOs... Importing DoD - OneDrive for Business 2016 - Computer GPOs... Importing DoD - OneDrive for Business 2016 - User GPOs... Importing DoD - Outlook 2013 GPOs... Importing DoD - Outlook 2016 GPOs... Importing DoD - PowerPoint 2013 GPOs... Importing DoD - PowerPoint 2016 GPOs... Importing DoD - Project 2013 GPOs... Importing DoD - Project 2016 GPOs... Importing DoD - Publisher 2013 GPOs... Importing DoD - Publisher 2016 GPOs... Importing DoD - Skype for Business 2016 GPOs... Importing DoD - Visio 2013 GPOs... Importing DoD - Visio 2016 GPOs... Importing DoD - Word 2013 GPOs... Implementing the Microsoft OneDrive STIGs Importing Group Policies from .\Files\GPOs\SoS\Onedrive ... Importing SOS - OneDrive GPOs... Implementing the Oracle Java JRE 8 STIGs Implementing simeononsecurity/JAVA-STIG-Script https://github.com/simeononsecurity/JAVA-STIG-Script JAVA Deployment Config Already Installed JAVA Configs Already Deployed Implementing the Windows 10/11 STIGs Importing Group Policies from .\Files\GPOs\DoD\Windows ... Importing DoD - Windows 10 - Computer - Ansible Fixes GPOs... Importing DoD - Windows 10 - User GPOs... Importing DoD - Windows 8 - Computer GPOs... Importing DoD - Windows 8 - User GPOs... Implementing simeononsecurity/Windows-Audit-Policy https://github.com/simeononsecurity/Windows-Audit-Policy
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\temp
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\
PSChildName : temp
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : True
Name : temp
FullName : C:\temp
Parent :
Exists : True
Root : C:\
Extension :
CreationTime : 6/15/2024 7:17:04 AM
CreationTimeUtc : 6/15/2024 2:17:04 PM
LastAccessTime : 6/15/2024 7:18:49 AM
LastAccessTimeUtc : 6/15/2024 2:18:49 PM
LastWriteTime : 6/15/2024 7:17:17 AM
LastWriteTimeUtc : 6/15/2024 2:17:17 PM
Attributes : Directory
Mode : d-----
BaseName : temp
Target : {}
LinkType :
The command was successfully executed.
The command was successfully executed.
Audit policy is defined for the following user accounts:
System audit policy
Category/Subcategory Setting
System
Security System Extension Success and Failure
System Integrity Success and Failure
IPsec Driver Success and Failure
Other System Events Success and Failure
Security State Change Success and Failure
Logon/Logoff
Logon Success and Failure
Logoff Success and Failure
Account Lockout Success and Failure
IPsec Main Mode Success and Failure
IPsec Quick Mode Success and Failure
IPsec Extended Mode Success and Failure
Special Logon Success and Failure
Other Logon/Logoff Events Success and Failure
Network Policy Server Success and Failure
User / Device Claims Success and Failure
Group Membership Success and Failure
Object Access
File System Success and Failure
Registry Success and Failure
Kernel Object Success and Failure
SAM Success and Failure
Certification Services Success and Failure
Application Generated Success and Failure
Handle Manipulation Success and Failure
File Share Success and Failure
Filtering Platform Packet Drop Success and Failure
Filtering Platform Connection Success and Failure
Other Object Access Events Success and Failure
Detailed File Share Success and Failure
Removable Storage Success and Failure
Central Policy Staging Success and Failure
Privilege Use
Non Sensitive Privilege Use Success and Failure
Other Privilege Use Events Success and Failure
Sensitive Privilege Use Success and Failure
Detailed Tracking
Process Creation Success and Failure
Process Termination Success and Failure
DPAPI Activity Success and Failure
RPC Events Success and Failure
Plug and Play Events Success and Failure
Token Right Adjusted Events Success and Failure
Policy Change
Audit Policy Change Success and Failure
Authentication Policy Change Success and Failure
Authorization Policy Change Success and Failure
MPSSVC Rule-Level Policy Change Success and Failure
Filtering Platform Policy Change Success and Failure
Other Policy Change Events Success and Failure
Account Management
Computer Account Management Success and Failure
Security Group Management Success and Failure
Distribution Group Management Success and Failure
Application Group Management Success and Failure
Other Account Management Events Success and Failure
User Account Management Success and Failure
DS Access
Directory Service Access Success and Failure
Directory Service Changes Success and Failure
Directory Service Replication Success and Failure
Detailed Directory Service Replication Success and Failure
Account Logon
Kerberos Service Ticket Operations Success and Failure
Other Account Logon Events Success and Failure
Kerberos Authentication Service Success and Failure
Credential Validation Success and Failure
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
PSChildName : Feeds
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
PSChildName : Software Publishing
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\WinTrust\Trust Providers\Software
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
PSChildName : Software Publishing
PSDrive : HKCU
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\WinTrust\Trust Providers\Software
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
PSChildName : Main Criteria
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Criteria
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
PSChildName : Main Criteria
PSDrive : HKCU
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Criteria
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Polici
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Polici
PSChildName : Main Criteria
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\Main Criteria
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersi
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersi
PSChildName : PushNotifications
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
PSChildName : CloudContent
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
PSChildName : AppPrivacy
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Polici
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Polici
PSChildName : Explorer
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Property : {}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
PSChildName : PassportForWork
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount : 0
View : Default
Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount : 0
Name : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork
Implementing the Windows Defender STIGs Importing Group Policies from .\Files\GPOs\DoD\Defender ... Importing DoD - Windows Defender GPOs... Implementing the Windows Firewall STIGs Importing Group Policies from .\Files\GPOs\DoD\FireWall ... Importing DoD - Windows Firewall GPOs... Implementing the General Vulnerability Mitigations 5 Mitigations BackgroundJob Running True localhost ...
Implementing Windows Defender Hardening Beyond STIGs Importing Group Policies from .\Files\GPOs\SoS\WDAC ... Importing SOS - Windows Defender Application Control - Audit GPOs... 7 Windows Defe... BackgroundJob Running True localhost ...
Implementing PowerShell Hardening Beyond STIGs Importing Group Policies from .\Files\GPOs\SoS\Powershell ... Importing SOS - PowerShell GPOs... 9 PowerShell H... BackgroundJob Running True localhost ...
Implementing Applocker Hardening Beyond STIGs Importing Group Policies from .\Files\GPOs\NSACyber\Applocker ... Importing NSACyber - Applocker (Audit) GPOs... Implementing Bitlocker Hardening Beyond STIGs Importing Group Policies from .\Files\GPOs\NSACyber\Bitlocker ... Importing NSACyber - BitLocker GPOs... Implementing SSL Hardening Beyond STIGs 11 SSL Hardening BackgroundJob Running True localhost ...
Implementing SMB Hardening Beyond STIGs 13 SMB Optimiza... BackgroundJob Running True localhost ...
Removing Windows Bloatware 15 Remove Windo... BackgroundJob Running True localhost ...
17 Start-Debloat BackgroundJob Running True localhost ...
19 Remove-Keys BackgroundJob Running True localhost ...
Disabling Telemetry Reporting and Related Services 21 Disable Tele... BackgroundJob Running True localhost ...
Enabling Privacy and Security Focused 23 Enable Priva... BackgroundJob Running True localhost ...
Cleaning Up Install Files and Cleanining Up the Image 25 Image Cleanup BackgroundJob Running True localhost ...
Resolve: Nessus Plugin ID 63155 - Microsoft Windows Unquoted Service Path Enumeration 27 Nessus Plugi... BackgroundJob Running True localhost ...
Implementing simeononsecurity/Automate-Sysmon https://github.com/simeononsecurity/Automate-Sysmon Compressing Disk to Save Space 29 Enable Disk ... BackgroundJob Running True localhost ...
Implementing the EMET Hardening Beyond STIGs Importing Group Policies from .\Files\GPOs\SoS\EMET ... Importing SOS - EMET Configuration GPOs... Implementing the SoS Update Management Configurations Importing Group Policies from .\Files\GPOs\SoS\Update Management ... Importing SOS - Update Management GPOs... Implementing the SoS Device Guard Configurations Importing Group Policies from .\Files\GPOs\SoS\Device Guard ... Importing SOS - Device Guard GPOs... Implementing the SoS Browser Configurations Importing Group Policies from .\Files\GPOs\SoS\Browsers ... Importing SOS - Browser Configurations GPOs... Checking Backgrounded Processes 1 Windows Updates BackgroundJob Running True localhost ...
3 Adobe Reader... BackgroundJob Completed True localhost ...
5 Mitigations BackgroundJob Completed True localhost ...
7 Windows Defe... BackgroundJob Failed False localhost ...
9 PowerShell H... BackgroundJob Running True localhost ...
11 SSL Hardening BackgroundJob Completed True localhost ...
13 SMB Optimiza... BackgroundJob Running True localhost ...
15 Remove Windo... BackgroundJob Running True localhost ...
17 Start-Debloat BackgroundJob Running True localhost ...
19 Remove-Keys BackgroundJob Completed True localhost ...
21 Disable Tele... BackgroundJob Running True localhost ...
23 Enable Priva... BackgroundJob Running True localhost ...
25 Image Cleanup BackgroundJob Running True localhost ...
27 Nessus Plugi... BackgroundJob Completed True localhost ...
29 Enable Disk ... BackgroundJob Completed True localhost ...
Performing Group Policy Update Updating policy...
Computer Policy update has completed successfully.
User Policy update has completed successfully.
WARNING: A reboot is required for all changed to take effect
/
total eventlog = 20,480 0 OverwriteAsNeeded 285,000 Security
and thus simple unable to resolve in my router host & firefox browser ctfmon.exe gives Unknown Hard Error Missing default notepad (sys)
May some due to proxy server in my system and somethings i missed
Describe the solution Unlike the other harden tools and debloat tools they have undo command for these type to be considered the things
Alternatives Download other independent harden tools & debloat tools for quality controls that's remove and added to your machine thus may lead to another hole to your system or for specific edition
Additional context This script may like a add-ons for both Pro & Enterprise because i tried those independent tools found to be not ENOUGH, because MS make these OS as like but different features, remember their recent vulnerabilities in User & Groups when kiosk/ Other Users can logon as anon in drivers and GPO, are important to know these,
I don't recommend this script in Home Edition