syelle/Logo
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
05cee909e94a2ba8b6336dfba64c0777fbea3c71
Logo/test.ps1
Stephan Yelle 05cee909e9 Add test.ps1
2025-06-18 20:39:04 -04:00

130 lines
4.5 KiB
PowerShell
Raw Blame History

function Set-NetworkHardening {
<#
.SYNOPSIS
Disables legacy or insecure network protocols and services.
.DESCRIPTION
Applies registry and system settings to harden network configuration:
- IPv6
- LLMNR
- NBNS
- mDNS
- SMB 1.0
- SMB 2.0 (also disables SMB 3.0)
.PARAMETER DisableIPv6
.PARAMETER DisableLLMNR
.PARAMETER DisableNBNS
.PARAMETER DisableMDNS
.PARAMETER DisableSMB1
.PARAMETER DisableSMB2
.EXAMPLE
Set-NetworkHardening -DisableIPv6 -DisableLLMNR -DisableNBNS -DisableMDNS -DisableSMB1 -DisableSMB2
.NOTES
Some settings may require a reboot.
#>
[CmdletBinding()]
param (
[switch]$DisableIPv6,
[switch]$DisableLLMNR,
[switch]$DisableNBNS,
[switch]$DisableMDNS,
[switch]$DisableSMB1,
[switch]$DisableSMB2
)
function Disable-IPv6 {
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
$name = "DisabledComponents"
$value = 0xFF
Write-Host "`n[IPv6] Disabling via registry..." -ForegroundColor Cyan
New-ItemProperty -Path $regPath -Name $name -PropertyType DWORD -Value $value -Force | Out-Null
Write-Host " → Set $regPath\$name = $value"
}
function Disable-LLMNR {
$regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"
$name = "EnableMulticast"
$value = 0
Write-Host "`n[LLMNR] Disabling via registry..." -ForegroundColor Cyan
if (-not (Test-Path $regPath)) {
New-Item -Path $regPath -Force | Out-Null
}
New-ItemProperty -Path $regPath -Name $name -PropertyType DWORD -Value $value -Force | Out-Null
Write-Host " → Set $regPath\$name = $value"
}
function Disable-NBNS {
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces"
Write-Host "`n[NBNS] Disabling NetBIOS over TCP/IP on all adapters..." -ForegroundColor Cyan
Get-ChildItem -Path $regPath | ForEach-Object {
$path = $_.PsPath
try {
Set-ItemProperty -Path $path -Name NetbiosOptions -Value 2
Write-Host " → Set $path\NetbiosOptions = 2"
} catch {
Write-Warning "Failed to set NetbiosOptions on $path - $_"
}
}
}
function Disable-mDNS {
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"
$name = "EnableMDNS"
$value = 0
Write-Host "`n[mDNS] Disabling via registry..." -ForegroundColor Cyan
if (-not (Test-Path $regPath)) {
New-Item -Path $regPath -Force | Out-Null
}
New-ItemProperty -Path $regPath -Name $name -PropertyType DWORD -Value $value -Force | Out-Null
Write-Host " → Set $regPath\$name = $value"
}
function Disable-SMB1 {
Write-Host "`n[SMB1] Disabling SMB 1.0..." -ForegroundColor Cyan
try {
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart -ErrorAction Stop
Write-Host " → Disabled via Windows Optional Features"
} catch {
Write-Warning "SMB1 disable via feature failed. Falling back to registry."
$reg = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
$name = "SMB1"
$value = 0
New-ItemProperty -Path $reg -Name $name -PropertyType DWORD -Value $value -Force | Out-Null
Write-Host " → Set $reg\$name = $value"
}
$clientReg = "HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10"
if (Test-Path $clientReg) {
Set-ItemProperty -Path $clientReg -Name Start -Value 4
Write-Host " → Set $clientReg\Start = 4 (Disabled)"
}
}
function Disable-SMB2And3 {
Write-Host "`n[SMB2/3] Disabling SMB 2.0 and 3.0..." -ForegroundColor Cyan
$reg = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
$name = "SMB2"
$value = 0
New-ItemProperty -Path $reg -Name $name -PropertyType DWORD -Value $value -Force | Out-Null
Write-Host " → Set $reg\$name = $value"
}
# --- Execute requested settings ---
if ($DisableIPv6) { Disable-IPv6 }
if ($DisableLLMNR) { Disable-LLMNR }
if ($DisableNBNS) { Disable-NBNS }
if ($DisableMDNS) { Disable-mDNS }
if ($DisableSMB1) { Disable-SMB1 }
if ($DisableSMB2) { Disable-SMB2And3 }
Write-Host "`n✅ Network hardening complete. Reboot may be required for changes to apply." -ForegroundColor Green
}
Reference in New Issue View Git Blame Copy Permalink