From ba9928c59fc0125a4e0a80746e87a44c597773b4 Mon Sep 17 00:00:00 2001 From: Stephan Yelle Date: Wed, 18 Jun 2025 21:01:55 -0400 Subject: [PATCH] Update Set-NetworkHardening.ps1 --- test.ps1 => Set-NetworkHardening.ps1 | 79 +++++++++++++--------------- 1 file changed, 36 insertions(+), 43 deletions(-) rename test.ps1 => Set-NetworkHardening.ps1 (96%) diff --git a/test.ps1 b/Set-NetworkHardening.ps1 similarity index 96% rename from test.ps1 rename to Set-NetworkHardening.ps1 index 2122835..0d0a2e3 100644 --- a/test.ps1 +++ b/Set-NetworkHardening.ps1 @@ -66,6 +66,42 @@ function Set-NetworkHardening { [switch]$Reset ) + function Reset-NetworkHardening { + Write-Host "`n[RESET] Reverting all settings to default..." -ForegroundColor Yellow + + $keysToRemove = @( + @{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"; Name = "DisabledComponents" }, + @{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"; Name = "EnableMulticast" }, + @{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"; Name = "EnableMDNS" }, + @{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"; Name = "SMB2" } + ) + + foreach ($key in $keysToRemove) { + if (Test-Path $key.Path) { + Remove-ItemProperty -Path $key.Path -Name $key.Name -ErrorAction SilentlyContinue + Write-Host " → Removed $($key.Path)\$($key.Name)" + } + } + + $nbnsPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces" + Get-ChildItem -Path $nbnsPath | ForEach-Object { + try { + Set-ItemProperty -Path $_.PsPath -Name NetbiosOptions -Value 0 + Write-Host " → Set $($_.PsPath)\NetbiosOptions = 0" + } catch { + Write-Warning "Failed to reset NetbiosOptions for $($_.PsPath)" + } + } + + $smb1reg = "HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10" + if (Test-Path $smb1reg) { + Set-ItemProperty -Path $smb1reg -Name Start -Value 3 + Write-Host " → Set $smb1reg\Start = 3" + } + + Write-Host "`n✅ Reset complete. Reboot may be required." -ForegroundColor Green + } + if ($Reset) { Reset-NetworkHardening return @@ -179,49 +215,6 @@ function Set-NetworkHardening { Write-Host " → Set $reg\$name = $value" } - function Reset-NetworkHardening { - Write-Host "`n[RESET] Reverting all settings to default..." -ForegroundColor Yellow - - $keysToRemove = @( - @{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"; Name = "DisabledComponents" }, - @{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"; Name = "EnableMulticast" }, - @{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"; Name = "EnableMDNS" }, - @{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"; Name = "SMB2" } - ) - - foreach ($key in $keysToRemove) { - if (Test-Path $key.Path) { - Remove-ItemProperty -Path $key.Path -Name $key.Name -ErrorAction SilentlyContinue - Write-Host " → Removed $($key.Path)\$($key.Name)" - } - } - - $nbnsPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces" - Get-ChildItem -Path $nbnsPath | ForEach-Object { - try { - Set-ItemProperty -Path $_.PsPath -Name NetbiosOptions -Value 0 - Write-Host " → Set $($_.PsPath)\NetbiosOptions = 0" - } catch { - Write-Warning "Failed to reset NetbiosOptions for $($_.PsPath)" - } - } - - try { - Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart -ErrorAction Stop - Write-Host " → Enabled SMB1 via Windows Feature" - } catch { - Write-Warning "Could not enable SMB1 via Windows Feature" - } - - $smb1reg = "HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10" - if (Test-Path $smb1reg) { - Set-ItemProperty -Path $smb1reg -Name Start -Value 3 - Write-Host " → Set $smb1reg\Start = 3" - } - - Write-Host "`n✅ Reset complete. Reboot may be required." -ForegroundColor Green - } - if ($DisableIPv6) { Disable-IPv6 } if ($DisableLLMNR) { Disable-LLMNR } if ($DisableNBNS) { Disable-NBNS }