syelle/Logo
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Update Set-NetworkHardening.ps1

Browse Source
This commit is contained in:
Stephan Yelle
2025-06-18 21:01:55 -04:00
parent bbb4a5c1b9
commit ba9928c59f
1 changed files with 36 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
test.ps1 → Set-NetworkHardening.ps1
View File

@@ -66,6 +66,42 @@ function Set-NetworkHardening {
[switch]$Reset [switch]$Reset
) )
function Reset-NetworkHardening {
Write-Host "`n[RESET] Reverting all settings to default..." -ForegroundColor Yellow
$keysToRemove = @(
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"; Name = "DisabledComponents" },
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"; Name = "EnableMulticast" },
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"; Name = "EnableMDNS" },
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"; Name = "SMB2" }
)
foreach ($key in $keysToRemove) {
if (Test-Path $key.Path) {
Remove-ItemProperty -Path $key.Path -Name $key.Name -ErrorAction SilentlyContinue
Write-Host " → Removed $($key.Path)\$($key.Name)"
}
}
$nbnsPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces"
Get-ChildItem -Path $nbnsPath | ForEach-Object {
try {
Set-ItemProperty -Path $_.PsPath -Name NetbiosOptions -Value 0
Write-Host " → Set $($_.PsPath)\NetbiosOptions = 0"
} catch {
Write-Warning "Failed to reset NetbiosOptions for $($_.PsPath)"
}
}
$smb1reg = "HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10"
if (Test-Path $smb1reg) {
Set-ItemProperty -Path $smb1reg -Name Start -Value 3
Write-Host " → Set $smb1reg\Start = 3"
}
Write-Host "`n✅ Reset complete. Reboot may be required." -ForegroundColor Green
}
if ($Reset) { if ($Reset) {
Reset-NetworkHardening Reset-NetworkHardening
return return
@@ -179,49 +215,6 @@ function Set-NetworkHardening {
Write-Host " → Set $reg\$name = $value" Write-Host " → Set $reg\$name = $value"
} }
function Reset-NetworkHardening {
Write-Host "`n[RESET] Reverting all settings to default..." -ForegroundColor Yellow
$keysToRemove = @(
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"; Name = "DisabledComponents" },
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"; Name = "EnableMulticast" },
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"; Name = "EnableMDNS" },
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"; Name = "SMB2" }
)
foreach ($key in $keysToRemove) {
if (Test-Path $key.Path) {
Remove-ItemProperty -Path $key.Path -Name $key.Name -ErrorAction SilentlyContinue
Write-Host " → Removed $($key.Path)\$($key.Name)"
}
}
$nbnsPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces"
Get-ChildItem -Path $nbnsPath | ForEach-Object {
try {
Set-ItemProperty -Path $_.PsPath -Name NetbiosOptions -Value 0
Write-Host " → Set $($_.PsPath)\NetbiosOptions = 0"
} catch {
Write-Warning "Failed to reset NetbiosOptions for $($_.PsPath)"
}
}
try {
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart -ErrorAction Stop
Write-Host " → Enabled SMB1 via Windows Feature"
} catch {
Write-Warning "Could not enable SMB1 via Windows Feature"
}
$smb1reg = "HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10"
if (Test-Path $smb1reg) {
Set-ItemProperty -Path $smb1reg -Name Start -Value 3
Write-Host " → Set $smb1reg\Start = 3"
}
Write-Host "`n✅ Reset complete. Reboot may be required." -ForegroundColor Green
}
if ($DisableIPv6) { Disable-IPv6 } if ($DisableIPv6) { Disable-IPv6 }
if ($DisableLLMNR) { Disable-LLMNR } if ($DisableLLMNR) { Disable-LLMNR }
if ($DisableNBNS) { Disable-NBNS } if ($DisableNBNS) { Disable-NBNS }