Update Set-NetworkHardening.ps1
This commit is contained in:
@@ -66,6 +66,42 @@ function Set-NetworkHardening {
|
||||
[switch]$Reset
|
||||
)
|
||||
|
||||
function Reset-NetworkHardening {
|
||||
Write-Host "`n[RESET] Reverting all settings to default..." -ForegroundColor Yellow
|
||||
|
||||
$keysToRemove = @(
|
||||
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"; Name = "DisabledComponents" },
|
||||
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"; Name = "EnableMulticast" },
|
||||
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"; Name = "EnableMDNS" },
|
||||
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"; Name = "SMB2" }
|
||||
)
|
||||
|
||||
foreach ($key in $keysToRemove) {
|
||||
if (Test-Path $key.Path) {
|
||||
Remove-ItemProperty -Path $key.Path -Name $key.Name -ErrorAction SilentlyContinue
|
||||
Write-Host " → Removed $($key.Path)\$($key.Name)"
|
||||
}
|
||||
}
|
||||
|
||||
$nbnsPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces"
|
||||
Get-ChildItem -Path $nbnsPath | ForEach-Object {
|
||||
try {
|
||||
Set-ItemProperty -Path $_.PsPath -Name NetbiosOptions -Value 0
|
||||
Write-Host " → Set $($_.PsPath)\NetbiosOptions = 0"
|
||||
} catch {
|
||||
Write-Warning "Failed to reset NetbiosOptions for $($_.PsPath)"
|
||||
}
|
||||
}
|
||||
|
||||
$smb1reg = "HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10"
|
||||
if (Test-Path $smb1reg) {
|
||||
Set-ItemProperty -Path $smb1reg -Name Start -Value 3
|
||||
Write-Host " → Set $smb1reg\Start = 3"
|
||||
}
|
||||
|
||||
Write-Host "`n✅ Reset complete. Reboot may be required." -ForegroundColor Green
|
||||
}
|
||||
|
||||
if ($Reset) {
|
||||
Reset-NetworkHardening
|
||||
return
|
||||
@@ -179,49 +215,6 @@ function Set-NetworkHardening {
|
||||
Write-Host " → Set $reg\$name = $value"
|
||||
}
|
||||
|
||||
function Reset-NetworkHardening {
|
||||
Write-Host "`n[RESET] Reverting all settings to default..." -ForegroundColor Yellow
|
||||
|
||||
$keysToRemove = @(
|
||||
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"; Name = "DisabledComponents" },
|
||||
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"; Name = "EnableMulticast" },
|
||||
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"; Name = "EnableMDNS" },
|
||||
@{ Path = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"; Name = "SMB2" }
|
||||
)
|
||||
|
||||
foreach ($key in $keysToRemove) {
|
||||
if (Test-Path $key.Path) {
|
||||
Remove-ItemProperty -Path $key.Path -Name $key.Name -ErrorAction SilentlyContinue
|
||||
Write-Host " → Removed $($key.Path)\$($key.Name)"
|
||||
}
|
||||
}
|
||||
|
||||
$nbnsPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces"
|
||||
Get-ChildItem -Path $nbnsPath | ForEach-Object {
|
||||
try {
|
||||
Set-ItemProperty -Path $_.PsPath -Name NetbiosOptions -Value 0
|
||||
Write-Host " → Set $($_.PsPath)\NetbiosOptions = 0"
|
||||
} catch {
|
||||
Write-Warning "Failed to reset NetbiosOptions for $($_.PsPath)"
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart -ErrorAction Stop
|
||||
Write-Host " → Enabled SMB1 via Windows Feature"
|
||||
} catch {
|
||||
Write-Warning "Could not enable SMB1 via Windows Feature"
|
||||
}
|
||||
|
||||
$smb1reg = "HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10"
|
||||
if (Test-Path $smb1reg) {
|
||||
Set-ItemProperty -Path $smb1reg -Name Start -Value 3
|
||||
Write-Host " → Set $smb1reg\Start = 3"
|
||||
}
|
||||
|
||||
Write-Host "`n✅ Reset complete. Reboot may be required." -ForegroundColor Green
|
||||
}
|
||||
|
||||
if ($DisableIPv6) { Disable-IPv6 }
|
||||
if ($DisableLLMNR) { Disable-LLMNR }
|
||||
if ($DisableNBNS) { Disable-NBNS }
|
||||
Reference in New Issue
Block a user