├── _config.yml
├── README.md
├── LICENSE
└── Compliance.ps1


/_config.yml:
--------------------------------------------------------------------------------
1 | theme: jekyll-theme-midnight


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # PowerShell-Compliance-Scripts
2 | *1 Control numbers in script are references to Qualys Compliance scanner's policy/control numbers.
3 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | CC0 1.0 Universal
  2 | 
  3 | Statement of Purpose
  4 | 
  5 | The laws of most jurisdictions throughout the world automatically confer
  6 | exclusive Copyright and Related Rights (defined below) upon the creator and
  7 | subsequent owner(s) (each and all, an "owner") of an original work of
  8 | authorship and/or a database (each, a "Work").
  9 | 
 10 | Certain owners wish to permanently relinquish those rights to a Work for the
 11 | purpose of contributing to a commons of creative, cultural and scientific
 12 | works ("Commons") that the public can reliably and without fear of later
 13 | claims of infringement build upon, modify, incorporate in other works, reuse
 14 | and redistribute as freely as possible in any form whatsoever and for any
 15 | purposes, including without limitation commercial purposes. These owners may
 16 | contribute to the Commons to promote the ideal of a free culture and the
 17 | further production of creative, cultural and scientific works, or to gain
 18 | reputation or greater distribution for their Work in part through the use and
 19 | efforts of others.
 20 | 
 21 | For these and/or other purposes and motivations, and without any expectation
 22 | of additional consideration or compensation, the person associating CC0 with a
 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
 25 | and publicly distribute the Work under its terms, with knowledge of his or her
 26 | Copyright and Related Rights in the Work and the meaning and intended legal
 27 | effect of CC0 on those rights.
 28 | 
 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be
 30 | protected by copyright and related or neighboring rights ("Copyright and
 31 | Related Rights"). Copyright and Related Rights include, but are not limited
 32 | to, the following:
 33 | 
 34 |   i. the right to reproduce, adapt, distribute, perform, display, communicate,
 35 |   and translate a Work;
 36 | 
 37 |   ii. moral rights retained by the original author(s) and/or performer(s);
 38 | 
 39 |   iii. publicity and privacy rights pertaining to a person's image or likeness
 40 |   depicted in a Work;
 41 | 
 42 |   iv. rights protecting against unfair competition in regards to a Work,
 43 |   subject to the limitations in paragraph 4(a), below;
 44 | 
 45 |   v. rights protecting the extraction, dissemination, use and reuse of data in
 46 |   a Work;
 47 | 
 48 |   vi. database rights (such as those arising under Directive 96/9/EC of the
 49 |   European Parliament and of the Council of 11 March 1996 on the legal
 50 |   protection of databases, and under any national implementation thereof,
 51 |   including any amended or successor version of such directive); and
 52 | 
 53 |   vii. other similar, equivalent or corresponding rights throughout the world
 54 |   based on applicable law or treaty, and any national implementations thereof.
 55 | 
 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of,
 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
 59 | and Related Rights and associated claims and causes of action, whether now
 60 | known or unknown (including existing as well as future claims and causes of
 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum
 62 | duration provided by applicable law or treaty (including future time
 63 | extensions), (iii) in any current or future medium and for any number of
 64 | copies, and (iv) for any purpose whatsoever, including without limitation
 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
 66 | the Waiver for the benefit of each member of the public at large and to the
 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver
 68 | shall not be subject to revocation, rescission, cancellation, termination, or
 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work
 70 | by the public as contemplated by Affirmer's express Statement of Purpose.
 71 | 
 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be
 73 | judged legally invalid or ineffective under applicable law, then the Waiver
 74 | shall be preserved to the maximum extent permitted taking into account
 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
 76 | is so judged Affirmer hereby grants to each affected person a royalty-free,
 77 | non transferable, non sublicensable, non exclusive, irrevocable and
 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in
 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration
 80 | provided by applicable law or treaty (including future time extensions), (iii)
 81 | in any current or future medium and for any number of copies, and (iv) for any
 82 | purpose whatsoever, including without limitation commercial, advertising or
 83 | promotional purposes (the "License"). The License shall be deemed effective as
 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the
 85 | License for any reason be judged legally invalid or ineffective under
 86 | applicable law, such partial invalidity or ineffectiveness shall not
 87 | invalidate the remainder of the License, and in such case Affirmer hereby
 88 | affirms that he or she will not (i) exercise any of his or her remaining
 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims
 90 | and causes of action with respect to the Work, in either case contrary to
 91 | Affirmer's express Statement of Purpose.
 92 | 
 93 | 4. Limitations and Disclaimers.
 94 | 
 95 |   a. No trademark or patent rights held by Affirmer are waived, abandoned,
 96 |   surrendered, licensed or otherwise affected by this document.
 97 | 
 98 |   b. Affirmer offers the Work as-is and makes no representations or warranties
 99 |   of any kind concerning the Work, express, implied, statutory or otherwise,
100 |   including without limitation warranties of title, merchantability, fitness
101 |   for a particular purpose, non infringement, or the absence of latent or
102 |   other defects, accuracy, or the present or absence of errors, whether or not
103 |   discoverable, all to the greatest extent permissible under applicable law.
104 | 
105 |   c. Affirmer disclaims responsibility for clearing rights of other persons
106 |   that may apply to the Work or any use thereof, including without limitation
107 |   any person's Copyright and Related Rights in the Work. Further, Affirmer
108 |   disclaims responsibility for obtaining any necessary consents, permissions
109 |   or other rights required for any use of the Work.
110 | 
111 |   d. Affirmer understands and acknowledges that Creative Commons is not a
112 |   party to this document and has no duty or obligation with respect to this
113 |   CC0 or use of the Work.
114 | 
115 | For more information, please see
116 | <http://creativecommons.org/publicdomain/zero/1.0/>
117 | 
118 | 


--------------------------------------------------------------------------------
/Compliance.ps1:
--------------------------------------------------------------------------------
   1 | ##This script backs up registry hives before any keys are added or updated and then sets the recommended values to meet HIPAA compliance##
   2 | mkdir C:\Backup-Script
   3 | 
   4 | #reg export HKLM\Software C:\Backup-Script\SystemBackup.reg
   5 | #Creates Green HIPAA Directory for Reg Backups
   6 | 
   7 | 
   8 | #Backs Up Registry before changes are made
   9 | 
  10 | function SetHipaaControl ()
  11 | {
  12 |     If(-not(Test-Path -Path $registrypath))
  13 |         {
  14 |             New-Item -Path $registrypath
  15 |             New-ItemProperty -Path $registrypath -Name $name -Value $value
  16 |         }
  17 | Else
  18 |         {
  19 |             Set-ItemProperty -Path $registrypath -Name $name -Value $value
  20 |         }
  21 | 
  22 | }
  23 | 
  24 | 
  25 | ## 1.21 1198  Audit: Audit the use of backup and restore privilege setting (Critical)
  26 | $registrypath = "HKLM:/SYSTEM/CurrentControlSet/Control/Lsa"
  27 | $name = "FullPrivilegeAuditing"
  28 | $value = "00"
  29 | Write-Host $registrypath
  30 | SetHipaaControl ($registrypath, $name, $value)
  31 | 
  32 | ## 1.24 1358 Retention Method for Application Log
  33 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Eventlog/Application"
  34 | $name = "DefaultInboundAction"
  35 | $value = 0
  36 | Write-Host $registrypath
  37 | SetHipaaControl ($registrypath, $name, $value)
  38 | 
  39 | ## 1.25 1391 Recover Console: Allow Automatic Administrative Logon
  40 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/Setup/RecoveryConsole"
  41 | $name = "SecurityLevel"
  42 | $value = 0
  43 | Write-Host $registrypath
  44 | SetHipaaControl ($registrypath, $name, $value)
  45 | 
  46 | ## (1.26) 1392 Recovery console: Allow floppy copy and access to all drives and all folders
  47 | 
  48 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/Setup/RecoveryConsole"
  49 | $name = "SetCommand"
  50 | $value = 0
  51 | Write-Host $registrypath
  52 | SetHipaaControl ($registrypath, $name, $value)
  53 | 
  54 | ## (1.35) 4050  'SQL Server VSS Writer' service
  55 | #Expected value is 4 (Disabled), Currently Set to Automatic (2)
  56 | $registrypath = "HKLM:/System/CurrentControlSet/Services/SqlWriter"
  57 | $name = "Start"
  58 | $value = 2
  59 | Write-Host $registrypath
  60 | SetHipaaControl ($registrypath, $name, $value)
  61 | 
  62 | ## (2.1) 1156  'Audit: Shut Down system immediately if unable to log security audits
  63 | #
  64 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa"
  65 | $name = "CrashOnAuditFail"
  66 | $value = 0
  67 | Write-Host $registrypath
  68 | SetHipaaControl ($registrypath, $name, $value)
  69 | 
  70 | ## (2.2) 1170 MSS: (AutoReboot) Allow Windows to automatically restart after a system crash
  71 | # 0 = Disabled, 1 = Enabled, Key not found are all acceptable
  72 | $registrypath = "HKLM:/System/CurrentControlSet/Control/CrashControl"
  73 | $name = "AutoReboot"
  74 | $value = 1
  75 | Write-Host $registrypath
  76 | SetHipaaControl ($registrypath, $name, $value)
  77 | 
  78 | ## (2.6) 3786  Microsoft 'Volume Shadow Copy Service Provider' service
  79 | # Automatic (2), Automatic Delayed Start (21), Manual (3), Disabled (4) - All are acceptable
  80 | $registrypath = "HKLM:System/CurrentControlSet/Services/swprv"
  81 | $name = "Start"
  82 | $value = 3
  83 | Write-Host $registrypath
  84 | SetHipaaControl ($registrypath, $name, $value)
  85 | 
  86 | ## (2.9) 8441  'Hyper-V Volume Shadow Copy Requestor' Service
  87 | # Automatic (2), Automatic Delayed Start (21), Manual (3), Disabled (4), *Manual is expected
  88 | $registrypath = "HKLM:System/CurrentControlSet/Services/vmicvss"
  89 | $name = "Start"
  90 | $value = 3
  91 | Write-Host $registrypath
  92 | SetHipaaControl ($registrypath, $name, $value)
  93 | 
  94 | ## (2.10) 8457  Microsoft File Server Shadow Copy Agent
  95 | # Automatic (2), Automatic Delayed Start (21), Manual (3), Disabled (4) - All are acceptable
  96 | $registrypath = "HKLM:/System/CurrentControlSet/Services/fssagent"
  97 | $name = "Start"
  98 | $value = 3
  99 | Write-Host $registrypath
 100 | SetHipaaControl ($registrypath, $name, $value)
 101 | 
 102 | ## (2.11) 8686  Data Duplication Volume Shadow Copy
 103 | # Automatic (2), Automatic Delayed Start (21), Manual (3), Disabled (4) - All are acceptable
 104 | $registrypath = "HKLM:/System/CurrentControlSet/Services/ddpvssvc"
 105 | $name = "Start"
 106 | $value = 4
 107 | Write-Host $registrypath
 108 | SetHipaaControl ($registrypath, $name, $value)
 109 | 
 110 | ## (4.4) 3724 Performance Logs and Alerts service
 111 | # (3) is expected
 112 | $registrypath = "HKLM:/System/CurrentControlSet/Services/pla"
 113 | $name = "Start"
 114 | $value = 3
 115 | Write-Host $registrypath
 116 | SetHipaaControl ($registrypath, $name, $value)
 117 | 
 118 | ## (4.73) 3731 'System Event Notification' service
 119 | # Expected Value is Automatic (2)
 120 | $registrypath = "HKLM:/System/CurrentControlSet/Services/SENS"
 121 | $name = "Start"
 122 | $value = 2
 123 | Write-Host $registrypath
 124 | SetHipaaControl ($registrypath, $name, $value)
 125 | 
 126 | ## (4.74) 3962 Windows Firewall: Display a notification (Domain)
 127 | #
 128 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/DomainProfile"
 129 | $name = "DisableNotifications"
 130 | $value = 0
 131 | Write-Host $registrypath
 132 | SetHipaaControl ($registrypath, $name, $value)
 133 | 
 134 | ## (4.75) 3964  'Windows Firewall: Display a notification (Private)' setting
 135 | #
 136 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile"
 137 | $name = "DisableNotifications"
 138 | $value = 0
 139 | Write-Host $registrypath
 140 | SetHipaaControl ($registrypath, $name, $value)
 141 | 
 142 | ## (4.76) 3965 Windows Firewall: Display a notification (Public)
 143 | #
 144 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PublicProfile"
 145 | $name = "DisableNotifications"
 146 | $value = 0
 147 | Write-Host $registrypath
 148 | SetHipaaControl ($registrypath, $name, $value)
 149 | 
 150 | ##(11.42) 3927 Install Updates and Shut Down' option within the 'Shut Down Windows Dialog Box Setting
 151 | 
 152 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/WindowsUpdate/AU"
 153 | $name = "NoAUShutdownOption"
 154 | $value = 0
 155 | Write-Host $registrypath
 156 | SetHipaaControl ($registrypath, $name, $value)
 157 | 
 158 | ##  (11.45) 7529 Windows 'Automatic Updates' (WSUS) setting
 159 | 
 160 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/WindowsUpdate/AU"
 161 | $name = "AUOptions"
 162 | $value = 3
 163 | Write-Host $registrypath
 164 | SetHipaaControl ($registrypath, $name, $value)
 165 | 
 166 | ##  (13.4) 3920 Turn off Internet download for Web publishing and online ordering wizards
 167 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer"
 168 | $name = "NoWebServices"
 169 | $value = 1
 170 | Write-Host $registrypath
 171 | SetHipaaControl ($registrypath, $name, $value)
 172 | 
 173 | ## ##  (13.4) 3920 Turn off Internet download for Web publishing and online ordering wizards
 174 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer"
 175 | $name = "NoWebServices"
 176 | $value = 1
 177 | Write-Host $registrypath
 178 | SetHipaaControl ($registrypath, $name, $value)
 179 | 
 180 | ## (13.5) 3922 Turn off downloading of print drivers over HTTP
 181 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/Printers"
 182 | $name = "DisableWebPnPDownload"
 183 | $value = 1
 184 | Write-Host $registrypath
 185 | SetHipaaControl ($registrypath, $name, $value)
 186 | 
 187 | ## (14.28) 4156  'Notify antivirus programs when opening attachments' Group Policy
 188 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/Attachments"
 189 | $name = "ScanWithAntiVirus"
 190 | $value = 3
 191 | Write-Host $registrypath
 192 | SetHipaaControl ($registrypath, $name, $value)
 193 | 
 194 | ## (14.50) 8188  'Boot-Start Driver Initialization Policy' setting
 195 | # Good, Unknown and bad but critical (3) is expected
 196 | $registrypath = "HKLM:/System/CurrentControlSet/Policies/EarlyLaunch"
 197 | $name = "DriverLoadPolicy"
 198 | $value = 3
 199 | Write-Host $registrypath
 200 | SetHipaaControl ($registrypath, $name, $value)
 201 | 
 202 | ## (14.52) 8273 Turn off Data Execution Prevention for Explorer
 203 | # Disabled (0), Enabled (1), Not configured. All are acceptable
 204 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/Explorer"
 205 | $name = "NoDataExecutionPrevention"
 206 | $value = 1
 207 | Write-Host $registrypath
 208 | SetHipaaControl ($registrypath, $name, $value)
 209 | 
 210 | ## (17.1) 1181  'Simple Network Management Protocol (SNMP)' service (Windows)
 211 | # Disabled (4) or not configured are the expected settings
 212 | $registrypath = "HKLM:/System/CurrentControlSet/Services/SNMP"
 213 | $name = "Start"
 214 | $value = 4
 215 | Write-Host $registrypath
 216 | SetHipaaControl ($registrypath, $name, $value)
 217 | 
 218 | ## (17.8) 8233 Network Security:Restrict NTLM: Audit Incoming NTLM Traffic
 219 | # Disabled (0), Enable Auditing for Domain Accounts (1), Enable Auditing for all accounts (2), Not configured...All are acceptable
 220 | $registrypath = "HKLM:/System/CurrentControlSet/Control/LSA/MSV1_0"
 221 | $name = "AutidReceivingNTLMTraffic"
 222 | $value = 2
 223 | Write-Host $registrypath
 224 | SetHipaaControl ($registrypath, $name, $value)
 225 | 
 226 | ## (17.9) 8234 Network Security:Restrict NTLM: Audit Incoming NTLM Authentication in this Domain
 227 | # Disable (0), Enable for Domain accounts to domain servers (1), Enable for Domain Accounts (3), Enable for Domain Servers (5), Enable All (7)..all acceptable
 228 | $registrypath = "HKLM:/System/CurrentControlSet/Services/NetLogon/Parameters"
 229 | $name = "AuditNTLMInDomain"
 230 | $value = 7
 231 | Write-Host $registrypath
 232 | SetHipaaControl ($registrypath, $name, $value)
 233 | 
 234 | ## (17.11) 8244 Configure 'Network Security:Restrict NTLM: NTLM authentication in this domain'
 235 | # Must be set. Disable (0), Deny for domain acct to domain servers (1), Deny for domain accts (3), Deny for Domain Servers (5), Deny all (7)
 236 | $registrypath = "HKLM:/System/CurrentControlSet/Services/NetLogon/Parameters"
 237 | $name = "RestrictNTLMInDomain"
 238 | $value = 0
 239 | Write-Host $registrypath
 240 | SetHipaaControl ($registrypath, $name, $value)
 241 | 
 242 | ## (18.1) 1463 MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning
 243 | # 
 244 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Eventlog/Security"
 245 | $name = "WarningLevel"
 246 | $value = 45
 247 | Write-Host $registrypath
 248 | SetHipaaControl ($registrypath, $name, $value)
 249 | 
 250 | ##  (20.2) 4741  'MSS: (DisableIPSourceRoutingIPv6) IP source routing protection level (protects against packet spoofing)'
 251 | # 
 252 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Tcpip6/Parameters"
 253 | $name = "DisableIPSourceRouting"
 254 | $value = 2
 255 | Write-Host $registrypath
 256 | SetHipaaControl ($registrypath, $name, $value)
 257 | 
 258 | ## (20.17) 1172 MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
 259 | # 
 260 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Tcpip/Parameters"
 261 | $name = "DisableIPSourceRouting"
 262 | $value = 2
 263 | Write-Host $registrypath
 264 | SetHipaaControl ($registrypath, $name, $value)
 265 | 
 266 | ## (20.18) 1193 MSS: Allow ICMP redirects to override OSPF generated routes (EnableICMPRedirect)
 267 | # 
 268 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Tcpip/Parameters"
 269 | $name = "EnableICMPRedirect"
 270 | $value = 0
 271 | Write-Host $registrypath
 272 | SetHipaaControl ($registrypath, $name, $value)
 273 | 
 274 | ## (20.27) 8243 Configure Network Security:Restrict NTLM: Outgoing NTLM traffic to remote servers
 275 | #  Allow All (0), Audit all (1), Deny All(2), Not configured, are all acceptable
 276 | 
 277 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa/MSV1_0"
 278 | $name = "RestrictSendingNTLMTraffic"
 279 | $value = 1
 280 | Write-Host $registrypath
 281 | SetHipaaControl ($registrypath, $name, $value)
 282 | 
 283 | ## (20.29) 1177 Enable IPSec to protect Kerberos RSVP Traffic (NoDefaultExempt)' registry
 284 | $registrypath = "HKLM:/System/CurrentControlSet/Services/IPSec"
 285 | $name = "NoDefaultExempt"
 286 | $value = 
 287 | #SetHipaaControl ($registrypath, $name, $value)
 288 | 
 289 | ## (20.30) 1184 MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway Access (Could lead to DoS)
 290 | # Disabled (0), Enabled (1), Enabled only if DHCP sends the Perform Router Discovery Option (2).. All are acceptable inc not configured
 291 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Tcpip/Parameters"
 292 | $name = "PerformRouterDiscovery"
 293 | $value = 1
 294 | Write-Host $registrypaths
 295 | SetHipaaControl ($registrypath, $name, $value)
 296 | 
 297 | ## (20.32) 1195 MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from the 'WINS servers
 298 | # 
 299 | $registrypath = "HKLM:/SYSTEM/CurrentControlSet/Services/Netbt/Parameters"
 300 | $name = "NoNameReleaseOnDemand"
 301 | $value = 1
 302 | Write-Host $registrypath
 303 | SetHipaaControl ($registrypath, $name, $value)
 304 | 
 305 | ## (20.38) 1462 MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (300,000 is recommended)
 306 | # 
 307 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Tcpip/Parameters"
 308 | $name = "KeepAliveTime"
 309 | $value = 300000
 310 | Write-Host $registrypath
 311 | SetHipaaControl ($registrypath, $name, $value)
 312 | 
 313 | ## (20.40) 4742 MSS: (TCPMaxDataRetransmissions) IPv6 How many times unacknowledged data is retransmitted
 314 | # Recommended setting is 1-3
 315 | $registrypath = "HKLM:/SYSTEM/CurrentControlSet/Services/Tcpip6/Parameters"
 316 | $name = "TCPMaxDataRetransmissions"
 317 | $value = 2
 318 | Write-Host $registrypath
 319 | SetHipaaControl ($registrypath, $name, $value)
 320 | 
 321 | ## (20.43) 1449  'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 = Rec, 5 = Default)
 322 | # 
 323 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Tcpip/Parameters"
 324 | $name = "TcpMaxDataRetransmissions"
 325 | $value = 2
 326 | Write-Host $registrypath
 327 | SetHipaaControl ($registrypath, $name, $value)
 328 |  
 329 | 
 330 | ## (21.7) 3963  'Windows Firewall: Apply local connection security rules (Private)'
 331 | # NIST, HIPAA. 'Key not found' or Yes are required to pass
 332 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile"
 333 | $name = "AllowLocalIPssecPolicyMerge"
 334 | $value = 
 335 | #SetHipaaControl ($registrypath, $name, $value)
 336 | 
 337 | ## (21.8) 3966  'Windows Firewall: Apply local connection security rules (Public)
 338 | # HIPAA, NIST
 339 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PublicProfile"
 340 | $name = "AllowLocalIpsecPolicyMerge"
 341 | $value = 1
 342 | Write-Host $registrypath
 343 | SetHipaaControl ($registrypath, $name, $value)
 344 | 
 345 | ## (21.15) 4058  'Windows Network List' service
 346 | # Expected Values to Pass (2-Automatic,21 - Automatic-Delayed, 3-Manual)
 347 | $registrypath = "HKLM:/SYSTEM/CurrentControlSet/Services/netprofm"
 348 | $name = "Start"
 349 | $value = 2
 350 | Write-Host $registrypath
 351 | SetHipaaControl ($registrypath, $name, $value)
 352 | 
 353 | ## (21.28) 3945 Windows Firewall: Apply local firewall rules (Domain)
 354 | # 
 355 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/DomainProfile"
 356 | $name = "AllowLocalPolicyMerge"
 357 | $value = 1
 358 | Write-Host $registrypath
 359 | SetHipaaControl ($registrypath, $name, $value)
 360 | 
 361 | ## (21.29) 3950 Windows Firewall: Firewall state (Public)' 
 362 | # 
 363 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PublicProfile"
 364 | $name = "EnableFirewall"
 365 | $value = 1
 366 | Write-Host $registrypath
 367 | SetHipaaControl ($registrypath, $name, $value)
 368 | 
 369 | ## (21.30) 3951 Windows Firewall: Firewall state (Private)
 370 | # 
 371 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile"
 372 | $name = "EnableFirewall"
 373 | $value = 1
 374 | Write-Host $registrypath
 375 | SetHipaaControl ($registrypath, $name, $value)
 376 | 
 377 | ## (21.31) 3952 Windows Firewall: Firewall state (Domain)
 378 | # 
 379 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/DomainProfile"
 380 | $name = "EnableFirewall"
 381 | $value = 1
 382 | Write-Host $registrypath
 383 | SetHipaaControl ($registrypath, $name, $value)
 384 | 
 385 | ## (21.32) 3959  'Windows Firewall: Apply local firewall rules (Private)' setting
 386 | # 
 387 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile"
 388 | $name = "AllowLocalPolicyMerge"
 389 | $value = 1
 390 | Write-Host $registrypath
 391 | SetHipaaControl ($registrypath, $name, $value)
 392 | 
 393 | ## (21.33) 3960 Windows Firewall: Apply local firewall rules (Public)
 394 | # Block (1), Allow (0) 
 395 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PublicProfile"
 396 | $name = "DefaultInboundAction"
 397 | $value = 1
 398 | SetHipaaControl ($registrypath, $name, $value)
 399 | 
 400 | ## (21.37) 3948 Windows Firewall: Inbound connections (Private)
 401 | # 
 402 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile"
 403 | $name = "DefaultInboundAction"
 404 | $value = 1
 405 | Write-Host $registrypath
 406 | SetHipaaControl ($registrypath, $name, $value)
 407 | 
 408 | ## (21.38) 3949  'Windows Firewall: Inbound connections (Domain)' setting
 409 | # 
 410 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/DomainProfile"
 411 | $name = "DefaultInboundAction"
 412 | $value = 1
 413 | Write-Host $registrypath
 414 | SetHipaaControl ($registrypath, $name, $value)
 415 | 
 416 | ## (21.39) 5261 Windows Firewall: Allow unicast response (Private)
 417 | # 
 418 | $registrypath = "HKLM:/SOFTWARE/Policies/Microsoft/WindowsFirewall/PrivateProfile"
 419 | $name = "DisableUnicastResponsesToMulticastBroadcast"
 420 | $value = 1
 421 | Write-Host $registrypath
 422 | SetHipaaControl ($registrypath, $name, $value)
 423 | 
 424 | ## (21.40) 5262 Windows Firewall: Allow unicast response (Public)
 425 | # 
 426 | $registrypath = "HKLM:/SOFTWARE/Policies/Microsoft/WindowsFirewall/PublicProfile"
 427 | $name = "DisableUnicastResponsesToMulticastBroadcast"
 428 | $value = 1
 429 | Write-Host $registrypath
 430 | SetHipaaControl ($registrypath, $name, $value)
 431 | 
 432 | 
 433 | ## (21.49) 8157 Windows Firewall: Allow unicast response (Domain)
 434 | # 
 435 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile"
 436 | $name = "DefaultOutboundAction"
 437 | $value = 0
 438 | Write-Host $registrypath
 439 | SetHipaaControl ($registrypath, $name, $value)
 440 | 
 441 | ## (21.52) 8164 Windows Firewall: Outbound connections (Public)
 442 | # 
 443 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PublicProfile"
 444 | $name = "DefaultOutboundAction"
 445 | $value = 0
 446 | Write-Host $registrypath
 447 | SetHipaaControl ($registrypath, $name, $value)
 448 | 
 449 | ## (21.57) 8160 Windows Firewall: Log File Size (Private)
 450 | # 
 451 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile/Logging"
 452 | $name = "LogFileSize"
 453 | $value = 8160
 454 | Write-Host $registrypath
 455 | SetHipaaControl ($registrypath, $name, $value)
 456 | 
 457 | ## (21.58) 8161  Windows Firewall: Log file path and name (Private)
 458 | # 
 459 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile/Logging"
 460 | $name = "LogFilePath"
 461 | $value = "%systemroot%/system32/logfiles/firewall/Privatefw.log"
 462 | Write-Host $registrypath
 463 | SetHipaaControl ($registrypath, $name, $value)
 464 | 
 465 | ## (21.59) 8162 Windows Firewall: Log Successful Connections (Private)
 466 | # 
 467 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile/Logging"
 468 | $name = "LogSuccessfulConnections"
 469 | $value = 1
 470 | Write-Host $registrypath
 471 | SetHipaaControl ($registrypath, $name, $value)
 472 | 
 473 | 
 474 | ## (21.60) 8163 Windows Firewall: Log dropped packets (Private)
 475 | # 
 476 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PrivateProfile/Logging"
 477 | $name = "LogDroppedpackets"
 478 | $value = 1
 479 | Write-Host $registrypath
 480 | SetHipaaControl ($registrypath, $name, $value)
 481 | 
 482 | 
 483 | ## (21.61) 8165  'Windows Firewall: Log dropped packets (Public)' setting
 484 | # 
 485 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PublicProfile/Logging"
 486 | $name = "LogDroppedPackets"
 487 | $value = 1
 488 | Write-Host $registrypath
 489 | SetHipaaControl ($registrypath, $name, $value)
 490 | 
 491 | ## (21.62) 8166 Windows Firewall: Log file path and name (Public)
 492 | # 
 493 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PublicProfile/Logging"
 494 | $name = "LogFilePath"
 495 | $value = "%systemroot%/system32/logfiles/firewall/Publicfw.log"
 496 | Write-Host $registrypath
 497 | SetHipaaControl ($registrypath, $name, $value)
 498 | 
 499 | ## (21.63) 8167  'Windows Firewall: Log Successful Connections (Public)' setting
 500 | # 
 501 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PublicProfile/Logging"
 502 | $name = "LogSuccessfulConnections"
 503 | $value = 1
 504 | Write-Host $registrypath
 505 | SetHipaaControl ($registrypath, $name, $value)
 506 | 
 507 | ## (21.64) 8168 Windows Firewall: Log File Size (Public)
 508 | # 
 509 | $registrypath = "HKLM:/Software/Policies/Microsoft/WindowsFirewall/PublicProfile/Logging"
 510 | $name = "LogFileSize"
 511 | $value = 16384
 512 | Write-Host $registrypath
 513 | SetHipaaControl ($registrypath, $name, $value)
 514 | 
 515 | ## (21.65) 8384 Windows Firewall Service
 516 | # 
 517 | $registrypath = "HKLM:/System/CurrentControlSet/Services/MpsSvc"
 518 | $name = "Start"
 519 | $value = 2
 520 | #SetHipaaControl ($registrypath, $name, $value)
 521 | 
 522 | ## (21.69) 5352 WLAN AutoConfig
 523 | # 
 524 | $registrypath = "HKLM:/System/CurrentControlSet/Services/WLANSVC"
 525 | $name = "Start"
 526 | $value = 2
 527 | #SetHipaaControl ($registrypath, $name, $value)
 528 | 
 529 | ## (21.75) 1153  Network Access: Do not allow Anonymous Enumeration of SAM Accounts & Shares
 530 | # 
 531 | $registrypath = "HKLM:/System/CurrentControlSet/Control/LSA"
 532 | $name = "RestrictAnonymous"
 533 | $value = 1
 534 | Write-Host $registrypath
 535 | SetHipaaControl ($registrypath, $name, $value)
 536 | 
 537 | ## (21.76) 1169 MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)
 538 | # 
 539 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/Winlogon"
 540 | $name = "AutoAdminLogon"
 541 | $value = 0
 542 | Write-Host $registrypath
 543 | SetHipaaControl ($registrypath, $name, $value)
 544 | 
 545 | ## (21.77) 1196 MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires
 546 | # 
 547 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/WinLogon"
 548 | $name = "ScreenSaverGracePeriod"
 549 | $value = 0
 550 | #SetHipaaControl ($registrypath, $name, $value)
 551 | 
 552 | ## (21.78) 1197  'Network access: Do not allow anonymous enumeration of SAM accounts'
 553 | # 
 554 | $registrypath = "HKLM:/System/CurrentControlSet/Control/LSA"
 555 | $name = "RestrictAnonymousSAM"
 556 | $value = 1
 557 | Write-Host $registrypath
 558 | SetHipaaControl ($registrypath, $name, $value)
 559 | 
 560 | ## (21.79) 1377 Interactive Logon: Require Domain Controller authentication to unlock
 561 | # 
 562 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/WinLogon"
 563 | $name = "ForceUnlockLogon"
 564 | $value = 1
 565 | #SetHipaaControl ($registrypath, $name, $value)
 566 | 
 567 | ## (21.80) 1378 Interactive Logon: Smart Card Removal Behavior
 568 | # 
 569 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/WinLogon"
 570 | $name = "ScRemoveOption"
 571 | $value = 1
 572 | #SetHipaaControl ($registrypath, $name, $value)
 573 | 
 574 | ## (21.81) 1383 Network Access: Let Everyone permissions apply to anonymous users
 575 | # 
 576 | $registrypath = "HKLM:/System/CurrentControlSet/Control/LSA"
 577 | $name = "EveroneIncludesAnonymous"
 578 | $value = 0
 579 | Write-Host $registrypath
 580 | SetHipaaControl ($registrypath, $name, $value)
 581 | 
 582 | 
 583 | ## (21.82) 1386 Network Access: Sharing and security model for local accounts
 584 | # 
 585 | $registrypath = "HKLM:/System/CurrentControlSet/Control/LSA"
 586 | $name = "ForceGuest"
 587 | $value = 0
 588 | Write-Host $registrypath
 589 | SetHipaaControl ($registrypath, $name, $value)
 590 | 
 591 | ## (21.83) 1387 Network Security: LAN Manager Authentication Level
 592 | # 
 593 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa"
 594 | $name = "LmCompatibilityLevel"
 595 | $value = 5
 596 | SetHipaaControl ($registrypath, $name, $value)
 597 | 
 598 | ## (21.84) 1514 Restrictions for Unauthenticated RPC clients
 599 | # 
 600 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/RPC"
 601 | $name = "RestrictRemoteClients"
 602 | $value = 1
 603 | Write-Host $registrypath
 604 | SetHipaaControl ($registrypath, $name, $value)
 605 | 
 606 | ## (21.85) 2605 User Account Control: Behavior of the elevation prompt for standard users
 607 | # 
 608 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
 609 | $name = "ConsentPromptBehaviorUser"
 610 | $value = 1
 611 | Write-Host $registrypath
 612 | SetHipaaControl ($registrypath, $name, $value)
 613 | 
 614 | ##  (21.88) 3891 Always prompt for password upon connection' setting (Terminal Services)
 615 | # 
 616 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/Terminal Services"
 617 | $name = "fPromptForPassword"
 618 | $value = 1
 619 | Write-Host $registrypath
 620 | SetHipaaControl ($registrypath, $name, $value)
 621 | 
 622 | ##  (21.89) 5265 Network security: Allow LocalSystem NULL session fallback
 623 | # 
 624 | $registrypath = "HKLM:/System/CurrentControlSet/Control/LSA/MSV1_0"
 625 | $name = "allownullsessionfallback"
 626 | $value = 0
 627 | Write-Host $registrypath
 628 | SetHipaaControl ($registrypath, $name, $value)
 629 | 
 630 | ## (21.90) 5266 Network security: Allow Local System to use computer identity for NTLM
 631 | # 
 632 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa"
 633 | $name = "UseMachineID"
 634 | $value = 1
 635 | Write-Host $registrypath
 636 | SetHipaaControl ($registrypath, $name, $value)
 637 | 
 638 | ## (21.92) 2606 User Account Control: Switch to the secure desktop when prompted for elevation
 639 | # 
 640 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
 641 | $name = "PromptOnSecureDesktop"
 642 | $value = 1
 643 | Write-Host $registrypath
 644 | SetHipaaControl ($registrypath, $name, $value)
 645 | 
 646 | ## (21.127) Simple Network Management Protocol (SNMP) trap
 647 | # Default Value is 3 (Manual), Any start value passes NIST inc. Not set
 648 | $registrypath = "HKLM:/System/CurrentControlSet/Services/SNMPTRAP"
 649 | $name = "Start"
 650 | $value = 3
 651 | Write-Host $registrypath
 652 | SetHipaaControl ($registrypath, $name, $value)
 653 | 
 654 | ## (22.12) 8435  'Printer Extensions and Notifications'
 655 | # Disabled (4) or not found pass
 656 | $registrypath = "HKLM:/System/CurrentControlSet/Services/PrintNotify"
 657 | $name = "Start"
 658 | $value = 4
 659 | Write-Host $registrypath
 660 | SetHipaaControl ($registrypath, $name, $value)
 661 | 
 662 | ## (22.13) 8436 Hyper-V Time Synchronization
 663 | # Any set value passes. Default = Manual (3)
 664 | $registrypath = "HKLM:/System/CurrentControlSet/Services/vmictimesync"
 665 | $name = "Start"
 666 | $value = 3
 667 | SetHipaaControl ($registrypath, $name, $value)
 668 | 
 669 | ## (22.14) 8442 Network Connectivity Assistant
 670 | # Set value was Manual, Disabled (4) is expected. 
 671 | $registrypath = "HKLM:/System/CurrentControlSet/Services/NcaSvc"
 672 | $name = "Start"
 673 | $value = 4
 674 | Write-Host $registrypath
 675 | SetHipaaControl ($registrypath, $name, $value)
 676 | 
 677 | ## (22.15) 8444 Credential Manager
 678 | # Set value was Manual (3)
 679 | $registrypath = "HKLM:/System/CurrentControlSet/Services/VaultSvc"
 680 | $name = "Start"
 681 | $value = 4
 682 | SetHipaaControl ($registrypath, $name, $value)
 683 | 
 684 | ## (22.16) 8450 Hyper-V Heartbeat
 685 | # Any value passes, Set value was Manual (3)
 686 | $registrypath = "HKLM:/System/CurrentControlSet/Services/vmicheartbeat"
 687 | $name = "Start"
 688 | $value = 3
 689 | Write-Host $registrypath
 690 | SetHipaaControl ($registrypath, $name, $value)
 691 | 
 692 | ## (22.17) 8451 Active Directory Web
 693 | # Disabled or Not found are acceptable values
 694 | $registrypath = "HKLM:/System/CurrentControlSet/Services/ADWS"
 695 | $name = "Start"
 696 | $value = 4
 697 | Write-Host $registrypath
 698 | SetHipaaControl ($registrypath, $name, $value)
 699 | 
 700 | ## (22.18) 8452 Hyper-V Data Exchange
 701 | # Disabled or not set are acceptable
 702 | $registrypath = "HKLM:/System/CurrentControlSet/Services/vmickvpexchange"
 703 | $name = "Start"
 704 | $value = 4
 705 | Write-Host $registrypath
 706 | SetHipaaControl ($registrypath, $name, $value)
 707 | 
 708 | ## (22.19) 8453 Device Install' Service
 709 | # 
 710 | $registrypath = "HKLM:/System/CurrentControlSet/Services/DeviceInstall"
 711 | $name = "Start"
 712 | $value = 4
 713 | Write-Host $registrypath
 714 | SetHipaaControl ($registrypath, $name, $value)
 715 | 
 716 | ## (22.20) 8454 Hyper-V Remote Desktop Virtualization
 717 | # Any set value passes
 718 | $registrypath = "HKLM:/System/CurrentControlSet/Services/vmicrdv"
 719 | $name = "Start"
 720 | $value = 3
 721 | Write-Host $registrypath
 722 | SetHipaaControl ($registrypath, $name, $value)
 723 | 
 724 | ## (22.21) 8455 Hyper-V Guest Shutdown
 725 | # Set value was manual (3)
 726 | $registrypath = "HKLM:/System/CurrentControlSet/Services/vmicshutdown"
 727 | $name = "Start"
 728 | $value = 4
 729 | Write-Host $registrypath
 730 | SetHipaaControl ($registrypath, $name, $value)
 731 | 
 732 | ## (22.22) 8456 DS Role Server
 733 | # 
 734 | $registrypath = "HKLM:/System/CurrentControlSet/Services/DsRoleSvc"
 735 | $name = "Start"
 736 | $value = 4
 737 | #SetHipaaControl ($registrypath, $name, $value)
 738 | 
 739 | ## (22.23) 8458  'Windows Store' Service (WSService)
 740 | # Set value was manual
 741 | $registrypath = "HKLM:/System/CurrentControlSet/Services/WSService"
 742 | $name = "Start"
 743 | $value = 4
 744 | #SetHipaaControl ($registrypath, $name, $value)
 745 | 
 746 | ## (22.24) 8463 KDC Proxy Server
 747 | # Set value was manual (3)
 748 | $registrypath = "HKLM:/System/CurrentControlSet/Services/KPSSVC"
 749 | $name = "Start"
 750 | $value = 4
 751 | #SetHipaaControl ($registrypath, $name, $value)
 752 | 
 753 | ## (22.25) 8470 Microsoft iSCSI Software Target
 754 | # 
 755 | $registrypath = "HKLM:/System/CurrentControlSet/Services/WinTarget"
 756 | $name = "Start"
 757 | $value = 4
 758 | #SetHipaaControl ($registrypath, $name, $value)
 759 | 
 760 | ## (22.28) 1191 Remote Registry
 761 | # Set value was automatic (2)
 762 | $registrypath = "HKLM:/System/CurrentControlSet/Services/RemoteRegistry"
 763 | $name = "Start"
 764 | $value = 4
 765 | Write-Host $registrypath
 766 | SetHipaaControl ($registrypath, $name, $value)
 767 | 
 768 | ## (22.43) 1472  Network Connections
 769 | # 
 770 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Netman"
 771 | $name = "Start"
 772 | $value = 4
 773 | Write-Host $registrypath
 774 | SetHipaaControl ($registrypath, $name, $value)
 775 | 
 776 | ## (22.44) 1475 Remote Access Auto Connection Manager
 777 | # set value was manual
 778 | $registrypath = "HKLM:/System/CurrentControlSet/Services/RasAuto"
 779 | $name = "Start"
 780 | $value = 4
 781 | #SetHipaaControl ($registrypath, $name, $value)
 782 | 
 783 | ## (22.45) 1476 Remote Access Connection Manager (RasMan)
 784 | # Set value was manual
 785 | $registrypath = "HKLM:/System/CurrentControlSet/Services/RasMan"
 786 | $name = "Start"
 787 | $value = 4
 788 | #SetHipaaControl ($registrypath, $name, $value)
 789 | 
 790 | ## (22.46) 1479 Remote Procedure Call (RPC) Locater' service
 791 | # set value was manual
 792 | $registrypath = "HKLM:/System/CurrentControlSet/Services/RpcLocator"
 793 | $name = "Start"
 794 | $value = 4
 795 | #SetHipaaControl ($registrypath, $name, $value)
 796 | 
 797 | ## (22.50) 3720 IPSEC Services' service
 798 | # 
 799 | $registrypath = "HKLM:/System/CurrentControlSet/Services/PolicyAgent"
 800 | $name = "Start"
 801 | $value = 4
 802 | Write-Host $registrypath
 803 | SetHipaaControl ($registrypath, $name, $value)
 804 | 
 805 | ## (22.52) 2042MSS: (AutoShareServer) Lanman 'Default administrative shares
 806 | # Any value passes Compliance
 807 | $registrypath = "HKLM:/System/CurrentControlSet/Services/LanManServer/Parameters"
 808 | $name = "AutoShareServer"
 809 | $value = 0
 810 | Write-Host $registrypath
 811 | SetHipaaControl ($registrypath, $name, $value)
 812 | 
 813 | ## (22.130) 2603 'User Account Control: Only elevate executables that are signed and validated'
 814 | # 
 815 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
 816 | $name = "ValidateAdmin"
 817 | $value = 1
 818 | Write-Host $registrypath
 819 | SetHipaaControl ($registrypath, $name, $value)
 820 | 
 821 | ## (23.1) 1052 'Devices: Allowed to format and eject removable media' setting (NTFS formatted devices)
 822 | # 
 823 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/WinLogon"
 824 | $name = "AllocateDASD"
 825 | $value = 
 826 | #SetHipaaControl ($registrypath, $name, $value)
 827 | 
 828 | ## (23.3) 1183  'Disable Autorun for all drives' setting for the HKLM key
 829 | # 
 830 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/explorer"
 831 | $name = "NoDriveTypeAutorun"
 832 | $value = 255
 833 | #SetHipaaControl ($registrypath, $name, $value)
 834 | 
 835 | ## (23.4) 4067 'Portable Device Enumerator' service Failed
 836 | # 
 837 | $registrypath = "HKLM:/System/CurrentControlSet/Services/WPDBusEnum"
 838 | $name = "Start"
 839 | $value = 3
 840 | #SetHipaaControl ($registrypath, $name, $value)
 841 | 
 842 | ## (24.38) 7502  [GPO-based] 'Application: Maximum log size' setting (in KB)
 843 | # Greater than or equal to 32768
 844 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/EventLog/Application"
 845 | $name = "MaxSize"
 846 | $value = 32768
 847 | #SetHipaaControl ($registrypath, $name, $value)
 848 | 
 849 | ## (24.39) 7503 [GPO-based] 'Security: Maximum log size' (in KB)
 850 | # 
 851 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/EventLog/Security"
 852 | $name = "MaxSize"
 853 | $value = 196608
 854 | Write-Host $registrypath
 855 | SetHipaaControl ($registrypath, $name, $value)
 856 | 
 857 | ## (24.40) 7504 [GPO-based] 'System: Maximum log size' setting (in KB)
 858 | # 
 859 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/EventLog/System"
 860 | $name = "MaxSize"
 861 | $value = 32768
 862 | Write-Host $registrypath
 863 | SetHipaaControl ($registrypath, $name, $value)
 864 | 
 865 | ## (24.41) 9014  'Setup: Maximum Log Size (KB)' setting
 866 | # 
 867 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/EventLog/Setup"
 868 | $name = "MaxSize"
 869 | $value = 32768
 870 | Write-Host $registrypath
 871 | SetHipaaControl ($registrypath, $name, $value)
 872 | 
 873 | ## (24.77) 1367 'Audit: Audit the access of global system objects' setting
 874 | # 
 875 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa"
 876 | $name = "AuditBaseObjects"
 877 | $value = 0
 878 | Write-Host $registrypath
 879 | SetHipaaControl ($registrypath, $name, $value)
 880 | 
 881 | ## (24.152) 1964  'Event Log' service
 882 | # 
 883 | $registrypath = "HKLM:/System/CurrentControlSet/Services/EventLog"
 884 | $name = "Start"
 885 | $value = 2
 886 | Write-Host $registrypath
 887 | SetHipaaControl ($registrypath, $name, $value)
 888 | 
 889 | ## (24.153) 3784  'Windows Error Reporting' service
 890 | # 
 891 | $registrypath = "HKLM:/System/CurrentControlSet/Services/WerSvc"
 892 | $name = "Start"
 893 | $value = 2
 894 | Write-Host $registrypath
 895 | SetHipaaControl ($registrypath, $name, $value)
 896 | 
 897 | ## (25.1) 3899 'Solicited Remote Assistance' policy setting (Terminal Services)
 898 | # 
 899 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/Terminal Services"
 900 | $name = "fAllowToGetHelp"
 901 | $value = 0
 902 | Write-Host $registrypath
 903 | SetHipaaControl ($registrypath, $name, $value)
 904 | 
 905 | ## (25.2) 3900 Offer Remote Assistance' setting (Terminal Services)
 906 | # 
 907 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/Terminal Services"
 908 | $name = "fAllowUnsolicited"
 909 | $value = 0
 910 | Write-Host $registrypath
 911 | SetHipaaControl ($registrypath, $name, $value)
 912 | 
 913 | ## (27.1) 1431 'Domain controller: Allow server operators to schedule tasks' setting
 914 | # 
 915 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa"
 916 | $name = "SubmitControl"
 917 | $value = 0
 918 | #SetHipaaControl ($registrypath, $name, $value)
 919 | 
 920 | ## (27.7) 8443  'Power' Service
 921 | # 
 922 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Power"
 923 | $name = "Start"
 924 | $value = 2
 925 | Write-Host $registrypath
 926 | SetHipaaControl ($registrypath, $name, $value)
 927 | 
 928 | ##(28.1) 3944 Application: Control Event Log behavior when the log file reaches its Max Size
 929 | # 
 930 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/EventLog/Application"
 931 | $name = "Retention"
 932 | $value = 0
 933 | Write-Host $registrypath
 934 | SetHipaaControl ($registrypath, $name, $value)
 935 | 
 936 | ##(28.6) 9013 Setup: Control Event Log behavior when the log file reaches its max Size
 937 | # 
 938 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/EventLog/Setup"
 939 | $name = "Retention"
 940 | $value = 0
 941 | Write-Host $registrypath
 942 | SetHipaaControl ($registrypath, $name, $value)
 943 | 
 944 | ##(28.7) 1048 Shutdown: Clear virtual memory pagefile
 945 | # 
 946 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Session Manager/Memory Management"
 947 | $name = "ClearPageFileAtShutdown"
 948 | $value = 1
 949 | Write-Host $registrypath
 950 | SetHipaaControl ($registrypath, $name, $value)
 951 | 
 952 | ##(28.8) 1362 Retention Method for Security Log' setting
 953 | # 
 954 | $registrypath = "HKLM:/System/CurrentControlSet/Services/EventLog/Security"
 955 | $name = "Retention"
 956 | $value = 0
 957 | Write-Host $registrypath
 958 | SetHipaaControl ($registrypath, $name, $value)
 959 | 
 960 | ## (28.9) 1365 Retention Method for System Log
 961 | # 
 962 | $registrypath = "HKLM:/System/CurrentControlSet/Services/EventLog/System"
 963 | $name = "Retention"
 964 | $value = 0
 965 | Write-Host $registrypath
 966 | SetHipaaControl ($registrypath, $name, $value)
 967 | 
 968 | ## (28.11) 3942 System: Control Event Log behavior when the log file reaches its maximum size' Group Policy setting
 969 | # 
 970 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/EventLog/System"
 971 | $name = "Retention"
 972 | $value = 0
 973 | Write-Host $registrypath
 974 | SetHipaaControl ($registrypath, $name, $value)
 975 | 
 976 | ## (28.12) 3943 Security: Control Event Log behavior when the log file reaches its maximum size
 977 | # 
 978 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/EventLog/Security"
 979 | $name = "Retention"
 980 | $value = 0
 981 | Write-Host $registrypath
 982 | SetHipaaControl ($registrypath, $name, $value)
 983 | 
 984 | ## (28.16) 3797 Volume Shadow Copy Service (VSS)'
 985 | # 
 986 | $registrypath = "HKLM:/System/CurrentControlSet/Services/VSS"
 987 | $name = "Start"
 988 | $value = 3
 989 | Write-Host $registrypath
 990 | SetHipaaControl ($registrypath, $name, $value)
 991 | 
 992 | ##(29.1) 1152 Allow undock without having to logon
 993 | # 
 994 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
 995 | $name = "UndockWithoutLogon"
 996 | $value = 2
 997 | #SetHipaaControl ($registrypath, $name, $value)
 998 | 
 999 | ## (29.2) 1369 Shutdown: Allow system to be shut down without having to log on
1000 | # 
1001 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1002 | $name = "ShutdownwithoutLogon"
1003 | $value = 0 
1004 | #SetHipaaControl ($registrypath, $name, $value)
1005 | 
1006 | ##(29.3) 1433 Status of the 'Interactive logon: Require smart card' setting
1007 | # 
1008 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1009 | $name = "ScForceOption"
1010 | $value = 0
1011 | #SetHipaaControl ($registrypath, $name, $value)
1012 | 
1013 | ##  (29.7) 8381 Smart card removal policy
1014 | # 
1015 | $registrypath = "HKLM:/System/CurrentControlSet/Services/SCPolicySvc"
1016 | $name = "Start"
1017 | $value = 3
1018 | #SetHipaaControl ($registrypath, $name, $value)
1019 | 
1020 | ## (34.1) 9043 Default Protections for Internet Explorer
1021 | # 
1022 | $registrypath = "HKLM:/Software/Policies/Microsoft/EMET/Defaults"
1023 | $name = "ie"
1024 | $value = "iexplore.exe"
1025 | #SetHipaaControl ($registrypath, $name, $value)
1026 | 
1027 | ## (34.2) 9057 Status of the 'System ASLR' setting
1028 | # 
1029 | $registrypath = "HKLM:/Software/Policies/Microsoft/EMET/SysSettings"
1030 | $name = "ASLR"
1031 | $value = 3
1032 | Write-Host $registrypath
1033 | SetHipaaControl ($registrypath, $name, $value)
1034 | 
1035 | ## (34.3) 9058 System DEP' setting for 'Application Opt-Out'
1036 | # 
1037 | $registrypath = "HKLM:/Software/Policies/Microsoft/EMET/SysSettings"
1038 | $name = "DEP"
1039 | $value = 2
1040 | Write-Host $registrypath
1041 | SetHipaaControl ($registrypath, $name, $value)
1042 | 
1043 | ## (34.4) 9059 System SEHOP setting for Application Opt-Out
1044 | # 
1045 | $registrypath = "HKLM:/Software/Policies/Microsoft/EMET/SysSettings"
1046 | $name = "SEHOP"
1047 | $value = 2
1048 | Write-Host $registrypath
1049 | SetHipaaControl ($registrypath, $name, $value)
1050 | 
1051 | ##(34.9) 1458 MSS: (SafeDLLSearchMode) Enable Safe DLL search mode (recommended)
1052 | # 
1053 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Session Manager"
1054 | $name = "SafeDllSearchMode"
1055 | $value = 1
1056 | Write-Host $registrypath
1057 | SetHipaaControl ($registrypath, $name, $value)
1058 | 
1059 | ## (35.2) 1154 Network access: Do not allow storage of credentials or .NET passports for network authentication
1060 | # 
1061 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa"
1062 | $name = "DisableDomainCreds"
1063 | $value = 0
1064 | Write-Host $registrypath
1065 | SetHipaaControl ($registrypath, $name, $value)
1066 | 
1067 | ##(35.3) 1155  Interactive Logon: Number of Previous Logons to Cache (in case domain controller is not available)
1068 | # 
1069 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/WinLogon"
1070 | $name = "CachedLogonCount"
1071 | $value = 3
1072 | Write-Host $registrypath
1073 | SetHipaaControl ($registrypath, $name, $value)
1074 | 
1075 | ## (35.4) 2585 Status of the 'Network access: Do not allow storage of passwords and credentials for
1076 | # 
1077 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa"
1078 | $name = "DisableDomainCreds"
1079 | $value = 0
1080 | Write-Host $registrypath
1081 | SetHipaaControl ($registrypath, $name, $value)
1082 | 
1083 | ## (35.5) 4119 Status of the 'Allow indexing of encrypted files' Group Policy setting
1084 | # 
1085 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/Windows Search"
1086 | $name = "AllowIndexingEncryptedStoresOrItems"
1087 | $value = 0
1088 | Write-Host $registrypath
1089 | SetHipaaControl ($registrypath, $name, $value)
1090 | 
1091 | ## (35.8) 8462 Encrypted File System Service
1092 | # 
1093 | $registrypath = "HKLM:/System/CurrentControlSet/Services/EFS"
1094 | $name = "Start"
1095 | $value = 3
1096 | #SetHipaaControl ($registrypath, $name, $value)
1097 | 
1098 | ## (35.10) 3875 Do not allow drive redirection' setting (Terminal Services)
1099 | # 
1100 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/Terminal Services"
1101 | $name = "fDisableCdm"
1102 | $value = 0
1103 | Write-Host $registrypath
1104 | SetHipaaControl ($registrypath, $name, $value)
1105 | 
1106 | ## (35.11) 3921 Turn off the 'Publish to Web' task for files and folders' group policy
1107 | # 
1108 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer"
1109 | $name = "NOPublishingWizard"
1110 | $value = 1
1111 | Write-Host $registrypath
1112 | SetHipaaControl ($registrypath, $name, $value)
1113 | 
1114 | ## (35.26) 3907 Status of the 'Windows Messenger Customer Experience Improvement Program' policy
1115 | # 1 = Disabled, 2 = Enabled (2 expected)
1116 | $registrypath = "HKLM:/Software/Policies/Microsoft/Messenger/Client"
1117 | $name = "CEIP"
1118 | $value = 2
1119 | #SetHipaaControl ($registrypath, $name, $value)
1120 | 
1121 | ## (35.27) 3908 Status of the 'Turn off Search Companion content file updates' service
1122 | # 
1123 | $registrypath = "HKLM:/Software/Policies/Microsoft/SearchCompanion"
1124 | $name = "DisableContentFileUpdates"
1125 | $value = 1
1126 | #SetHipaaControl ($registrypath, $name, $value)
1127 | 
1128 | ## (37.6) 3919 Turn off printing over HTTP
1129 | # 
1130 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/Printers"
1131 | $name = "DisableHTTPPrinting"
1132 | $value = 1
1133 | Write-Host $registrypath
1134 | SetHipaaControl ($registrypath, $name, $value)
1135 | 
1136 | ## (37.7) 4007 Windows Extensible Authentication Protocol' (EAP) service
1137 | # 
1138 | $registrypath = "HKLM:/System/CurrentControlSet/Services/EapHost"
1139 | $name = "Start"
1140 | $value = 3
1141 | Write-Host $registrypath
1142 | SetHipaaControl ($registrypath, $name, $value)
1143 | 
1144 | ## (37.8) 9008 Status of the 'Do not display network selection UI' setting
1145 | # 
1146 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/System"
1147 | $name = "DontDisplayNetworkSelectionUI"
1148 | $value = 1
1149 | #SetHipaaControl ($registrypath, $name, $value)
1150 | 
1151 | ## (37.13) 1185 System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
1152 | # 
1153 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy"
1154 | $name = "Enabled"
1155 | $value = 1
1156 | #SetHipaaControl ($registrypath, $name, $value)
1157 | 
1158 | ## (37.14) 1388 Status of the 'Network Security: LDAP client signing requirements' setting
1159 | # 
1160 | $registrypath = "HKLM:/System/CurrentControlSet/Services/LDAP"
1161 | $name = "LDAPClientIntegrity"
1162 | $value = 1
1163 | Write-Host $registrypath
1164 | SetHipaaControl ($registrypath, $name, $value)
1165 | 
1166 | 
1167 | ##(37.21) 1370 Domain member: Digitally encrypt or sign secure channel data (always)'
1168 | # 
1169 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Netlogon/Parameters"
1170 | $name = "RequireSignOrSeal"
1171 | $value = 1
1172 | #SetHipaaControl ($registrypath, $name, $value)
1173 | 
1174 | ## (37.22) 1371 Domain member: Digitally encrypt secure channel data (when possible)
1175 | # 
1176 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Netlogon/Parameters"
1177 | $name = "SealSecureChannel"
1178 | $value = 1
1179 | #SetHipaaControl ($registrypath, $name, $value)
1180 | 
1181 | ## (37.23) 1372 Domain member: Digitally sign secure channel data (when possible)' setting
1182 | # 
1183 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Netlogon/Parameters"
1184 | $name = "SignSecureChannel"
1185 | $value = 1
1186 | #SetHipaaControl ($registrypath, $name, $value)
1187 | 
1188 | ## (37.24) 1375 Domain member: Require strong (Windows 2000 or later) session key
1189 | # 
1190 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Netlogon/Parameters"
1191 | $name = "RequireStrongKey"
1192 | $value = 1
1193 | #SetHipaaControl ($registrypath, $name, $value)
1194 | 
1195 | ## (37.25) 1379 Microsoft network client: Digitally Sign Communications (if server agrees)'
1196 | # 
1197 | $registrypath = "HKLM:/System/CurrentControlSet/Services/LanmanWorkstation/Parameters"
1198 | $name = "EnableSecuritySignature"
1199 | $value = 1
1200 | Write-Host $registrypath
1201 | SetHipaaControl ($registrypath, $name, $value)
1202 | 
1203 | ## (37.26) 1381 Microsoft network server: Digitally Sign Communications (if Client agrees)
1204 | # 
1205 | $registrypath = "HKLM:/System/CurrentControlSet/Services/LanmanServer/Parameters"
1206 | $name = "EnableSecuritySignature"
1207 | $value = 1
1208 | Write-Host $registrypath
1209 | SetHipaaControl ($registrypath, $name, $value)
1210 | 
1211 | ## (37.27) 1389 'Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients
1212 | # 
1213 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa/MSV1_0"
1214 | $name = "ntlmminclientsec"
1215 | $value = 536870912
1216 | Write-Host $registrypath
1217 | SetHipaaControl ($registrypath, $name, $value)
1218 | 
1219 | ## (37.28) 1390 Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers
1220 | # 
1221 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa/MSV1_0"
1222 | $name = "ntlmminserversec"
1223 | $value = 536870912
1224 | Write-Host $registrypath
1225 | SetHipaaControl ($registrypath, $name, $value)
1226 | 
1227 | ## (37.29) 1959 'Cryptographic Services' service
1228 | # 
1229 | $registrypath = "HKLM:/System/CurrentControlSet/Services/CryptSvc"
1230 | $name = "Start"
1231 | $value = 2
1232 | Write-Host $registrypath
1233 | SetHipaaControl ($registrypath, $name, $value)
1234 | 
1235 | ## (37.30) 2635 Set Client Connection Encryption Level' setting (Terminal Services)
1236 | # 
1237 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/Terminal Services"
1238 | $name = "MinEncryptionLevel"
1239 | $value = 3
1240 | Write-Host $registrypath
1241 | SetHipaaControl ($registrypath, $name, $value)
1242 | 
1243 | ## (37.31) 8231 Configure 'Network Security:Configure encryption types allowed for Kerberos'
1244 | # 16 = AES_256_HMAC_SHA1, 8 = AES_128_HMAC_SHA1, Future Encryption Types = 2147483616, 24 = AES_128_HMAC_SHA1 and AES_256_HMAC_SHA1, 
1245 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System/Kerberos"
1246 | $name = "SupportedEncryptionTypes"
1247 | $value = 2147483640
1248 | #SetHipaaControl ($registrypath, $name, $value)
1249 | 
1250 | ## (37.32) 8252 Allow unencrypted traffic' setting (WinRM service)
1251 | # 
1252 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/WinRM/Service"
1253 | $name = "AllowUnencryptedTraffic"
1254 | $value = 0
1255 | Write-Host $registrypath
1256 | SetHipaaControl ($registrypath, $name, $value)
1257 | 
1258 | ##(37.33) 8253 Allow unencrypted traffic' setting (WinRM client)
1259 | # 
1260 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/WinRM/Client"
1261 | $name = "AllowUnencryptedTraffic"
1262 | $value = 0
1263 | Write-Host $registrypath
1264 | SetHipaaControl ($registrypath, $name, $value)
1265 | 
1266 | ## (37.34) 1149 Microsoft network client: Digitally sign communications (always)
1267 | # 
1268 | $registrypath = "HKLM:/System/CurrentControlSet/Services/LanmanWorkstation/Parameters"
1269 | $name = "RequireSecuritySignature"
1270 | $value = 1
1271 | Write-Host $registrypath
1272 | SetHipaaControl ($registrypath, $name, $value)
1273 | 
1274 | ## (37.35) 1189 Status of the 'Microsoft network server: Digitally sign communication (always)'
1275 | # 
1276 | $registrypath = "HKLM:/System/CurrentControlSet/Services/lanmanserver/Parameters"
1277 | $name = "requiresecuritysignature"
1278 | $value = 1
1279 | Write-Host $registrypath
1280 | SetHipaaControl ($registrypath, $name, $value)
1281 | 
1282 | ##  (38.24) 1436 System cryptography: Force strong key protection for user keys stored on the computer
1283 | # 0 = User input is not required when new keys are stored and used
1284 | # 1 = User input is prompted when the first key is first used
1285 | # 2 = User must enter a password each time they use a key
1286 | # key not found
1287 | # all options will pass NIST
1288 | $registrypath = "HKLM:/Software/Policies/Microsoft/Cryptography"
1289 | $name = "ForceKeyProtection"
1290 | $value = 1
1291 | Write-Host $registrypath
1292 | SetHipaaControl ($registrypath, $name, $value)
1293 | 
1294 | ## (40.2) 3737 Status of the 'Windows Time' service
1295 | # Should be set to Automatic
1296 | $registrypath = "HKLM:/System/CurrentControlSet/Services/W32Time"
1297 | $name = "Start"
1298 | $value = 2
1299 | Write-Host $registrypath
1300 | SetHipaaControl ($registrypath, $name, $value)
1301 | 
1302 | ## (40.4) 5264 Microsoft network server: Server SPN target name validation level
1303 | # 
1304 | $registrypath = "HKLM:/System/CurrentControlSet/Services/LanManServer/Parameters"
1305 | $name = "SMBServerNameHardeningLevel"
1306 | $value = 1
1307 | SetHipaaControl ($registrypath, $name, $value)
1308 | 
1309 | ## (40.5) 4056 Windows Net.Tcp Port Sharing' service
1310 | # All Start Values pass NIST
1311 | $registrypath = "HKLM:/System/CurrentControlSet/Services/NetTcpPortSharing"
1312 | $name = "Start"
1313 | $value = 2
1314 | Write-Host $registrypath
1315 | SetHipaaControl ($registrypath, $name, $value)
1316 | 
1317 | ## (41.16) 1597 DCOM: Machine Access Restrictions in Security Descriptor Definition
1318 | # 
1319 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/DCOM"
1320 | $name = "MachineAccessRestriction"
1321 | $value = 
1322 | #SetHipaaControl ($registrypath, $name, $value)
1323 | 
1324 | ## (41.17) 1598 DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
1325 | # Blank or key not found are acceptable
1326 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/DCOM"
1327 | $name = "MachineLaunchRestriction"
1328 | $value = 
1329 | #SetHipaaControl ($registrypath, $name, $value)
1330 | 
1331 | ## (41.31) 2582 User Account Control: Detect application installations and prompt for elevation
1332 | # all options will pass. Disabled/Enabled/Notset/not found
1333 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1334 | $name = "EnableInstallerDetection"
1335 | $value = 1
1336 | SetHipaaControl ($registrypath, $name, $value)
1337 | 
1338 | ##(41.32) 2583 User Account Control: Run all administrators in Admin Approval Mode' 
1339 | # All values pass (Enabled or Disabled)
1340 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1341 | $name = "EnableLUA"
1342 | $value = 1
1343 | SetHipaaControl ($registrypath, $name, $value)
1344 | 
1345 | ## (41.33) 2584 User Account Control: Only elevate UIAccess applications that are installed in secure locations
1346 | # All values pass
1347 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1348 | $name = "EnableSecureUIAPaths"
1349 | $value = 1
1350 | #SetHipaaControl ($registrypath, $name, $value)
1351 | 
1352 | ## (41.34) 2587 User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
1353 | # 
1354 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1355 | $name = "ConsentPromptBehaviorAdmin"
1356 | $value = 5
1357 | #SetHipaaControl ($registrypath, $name, $value)
1358 | 
1359 | ## (41.37) 3940 User Account Control: Virtualize file and registry write failures to per-user
1360 | # Enabled or Disabled Passes
1361 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1362 | $name = "EnableVirtualization"
1363 | $value = 1
1364 | Write-Host $registrypath
1365 | SetHipaaControl ($registrypath, $name, $value)
1366 | 
1367 | ##(41.39) 1361 Prevent local guests group from accessing security log'
1368 | # 
1369 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Eventlog/Security"
1370 | $name = "RestrictGuestAccess"
1371 | $value = 1
1372 | Write-Host $registrypath
1373 | SetHipaaControl ($registrypath, $name, $value)
1374 | 
1375 | ## (41.75) 1162 Devices: Restrict floppy access to locally logged-on user only'
1376 | # Doesnt need to be set (1/2/not set or found)
1377 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/WinLogon"
1378 | $name = "Allocatefloppies"
1379 | $value = 1
1380 | Write-Host $registrypath
1381 | SetHipaaControl ($registrypath, $name, $value)
1382 | 
1383 | ## (41.76) 1163 Prevent users from installing printer drivers
1384 | # 
1385 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers"
1386 | $name = "addprinterdrivers"
1387 | $value = 1
1388 | #SetHipaaControl ($registrypath, $name, $value)
1389 | 
1390 | ## (41.77) 1176 Devices: Restrict CD-ROM Access to Locally Logged-On User Only'
1391 | # 
1392 | $registrypath = "HKLM:/Software/Microsoft/Windows NT/CurrentVersion/WinLogon"
1393 | $name = "AllocateCDRoms"
1394 | $value = 0
1395 | Write-Host $registrypath
1396 | SetHipaaControl ($registrypath, $name, $value)
1397 | 
1398 | ## (41.81) 5267 Network security: Allow PKU2U authentication requests to this computer to use online ID's
1399 | # 
1400 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa/pku2u"
1401 | $name = "AllowOnlineID"
1402 | $value = 1
1403 | #SetHipaaControl ($registrypath, $name, $value)
1404 | 
1405 | ## (41.251) 3993 Smartcard Certificate Propagation
1406 | # All values are acceptable
1407 | $registrypath = "HKLM:/System/CurrentControlSet/Services/CertPropSvc"
1408 | $name = "Start"
1409 | $value = 3
1410 | #SetHipaaControl ($registrypath, $name, $value)
1411 | 
1412 | 
1413 | ## (41.255) 8198 Windows Installer: Set Always install with elevated privileges
1414 | # 
1415 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/Installer"
1416 | $name = "AlwaysInstallElevated"
1417 | $value = 1
1418 | Write-Host $registrypath
1419 | SetHipaaControl ($registrypath, $name, $value)
1420 | 
1421 | ## (42.1) 3876  Do not allow passwords to be saved' policy setting (Terminal Services)
1422 | # 
1423 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows NT/Terminal Services"
1424 | $name = "DisablePasswordSaving"
1425 | $value = 1
1426 | Write-Host $registrypath
1427 | SetHipaaControl ($registrypath, $name, $value)
1428 | 
1429 | ## (42.9) 1430 Status of the 'Terminal Services' service
1430 | # 
1431 | $registrypath = "HKLM:/System/CurrentControlSet/Services/TermService"
1432 | $name = "Start"
1433 | $value = 4
1434 | Write-Host $registrypath
1435 | SetHipaaControl ($registrypath, $name, $value)
1436 | 
1437 | ## (42.11) 3892 [Netmeeting] 'Disable Remote Desktop Sharing'
1438 | # Enabled or Disabled
1439 | $registrypath = "HKLM:/Software/Policies/Microsoft/Conferencing"
1440 | $name = "NoRDS"
1441 | $value = 0
1442 | Write-Host $registrypath
1443 | SetHipaaControl ($registrypath, $name, $value)
1444 | 
1445 | ## (42.12) 4085 Terminal Services Gateway Service
1446 | # All Value are acceptable
1447 | $registrypath = "HKLM:/System/CurrentControlSet/Services/TSGateway"
1448 | $name = "Start"
1449 | $value = 2
1450 | #SetHipaaControl ($registrypath, $name, $value)
1451 | 
1452 | ## (42.14) 9024 Apply UAC restrictions to local accounts on network logons'
1453 | # 
1454 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1455 | $name = "LocalAccountTokenFilterPolicy"
1456 | $value = 0
1457 | Write-Host $registrypath
1458 | SetHipaaControl ($registrypath, $name, $value)
1459 | 
1460 | ## (42.26) 3793 Special Administration Console Helper
1461 | # 
1462 | $registrypath = "HKLM:/System/CurrentControlSet/Services/sacsvr"
1463 | $name = "Start"
1464 | $value = 3
1465 | Write-Host $registrypath
1466 | SetHipaaControl ($registrypath, $name, $value)
1467 | 
1468 | ## (42.27) 3988 Windows Remote Management Service
1469 | # 
1470 | $registrypath = "HKLM:/System/CurrentControlSet/Services/WinRM"
1471 | $name = "Start"
1472 | $value = 2
1473 | Write-Host $registrypath
1474 | SetHipaaControl ($registrypath, $name, $value)
1475 | 
1476 | ## (42.28) 4035 Remote Desktop Services UserMode Port Redirector
1477 | # 
1478 | $registrypath = "HKLM:/System/CurrentControlSet/Services/UmRdpService"
1479 | $name = "Start"
1480 | $value = 2
1481 | Write-Host $registrypath
1482 | SetHipaaControl ($registrypath, $name, $value)
1483 | 
1484 | ## (42.31) 1510 Routing and Remote Access
1485 | # 
1486 | $registrypath = "HKLM:/System/CurrentControlSet/Services/RemoteAccess"
1487 | $name = "Start"
1488 | $value = 2
1489 | Write-Host $registrypath
1490 | SetHipaaControl ($registrypath, $name, $value)
1491 | 
1492 | ## (43.16) 1484 Telephony' service
1493 | # all values are acceptable
1494 | $registrypath = "HKLM:/System/CurrentControlSet/Services/TapiSrv"
1495 | $name = "3"
1496 | $value = 
1497 | #SetHipaaControl ($registrypath, $name, $value)
1498 | 
1499 | ## (43.17) 1965 Human Interface Device Access
1500 | # 
1501 | $registrypath = "HKLM:/System/CurrentControlSet/Services/HidServ"
1502 | $name = "Start"
1503 | $value = 3
1504 | #SetHipaaControl ($registrypath, $name, $value)
1505 | 
1506 | ## (44.17) 8143 Security Options 'Interactive logon: Machine account lockout threshold
1507 | # Greater than or equal to 0
1508 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1509 | $name = "MaxDevicePasswordFailedAttempts"
1510 | $value = 3
1511 | Write-Host $registrypath
1512 | SetHipaaControl ($registrypath, $name, $value)
1513 | 
1514 | ## (44.18) 8145 Security Options 'Interactive logon: Machine inactivity limit'(Seconds)
1515 | # Greater than or equal to 0
1516 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1517 | $name = "InactivityTimeoutSecs"
1518 | $value = 30
1519 | Write-Host $registrypath
1520 | SetHipaaControl ($registrypath, $name, $value)
1521 | 
1522 | ## (44.28) 9025 'WDigest Authentication'
1523 | # 
1524 | $registrypath = "HKLM:/System/CurrentControlSet/Control/SecurityProviders/WDigest"
1525 | $name = "UseLogonCredential"
1526 | $value = 0
1527 | Write-Host $registrypath
1528 | SetHipaaControl ($registrypath, $name, $value)
1529 | 
1530 | ## (44.40) 8248 Disallow Digest authentication' setting (WinRM client)
1531 | # Enabled or Disabled (Enabled is more secure)
1532 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/WinRM/Client"
1533 | $name = "AllowDigest"
1534 | $value = 1
1535 | Write-Host $registrypath
1536 | SetHipaaControl ($registrypath, $name, $value)
1537 | 
1538 | ## (44.41) 8249 Allow Basic authentication' setting (WinRM client)
1539 | # Enabled or Disabled Pass
1540 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/WinRM/Client"
1541 | $name = "AllowBasic"
1542 | $value = 0
1543 | Write-Host $registrypath
1544 | SetHipaaControl ($registrypath, $name, $value)
1545 | 
1546 | ## (44.42) 8250 Status of the 'Allow Basic authentication' setting (WinRM service)
1547 | # 
1548 | $registrypath = "HKLM:/Software/Policies/Microsoft/Windows/WinRM/Service"
1549 | $name = "AllowBasic"
1550 | $value = 0
1551 | SetHipaaControl ($registrypath, $name, $value)
1552 | 
1553 | ## (44.47) 1376 Interactive Logon: Do not require CTRL+ALT+DEL
1554 | # 
1555 | $registrypath = "HKLM:/Software/Microsoft/Windows/CurrentVersion/Policies/System"
1556 | $name = "DisableCAD"
1557 | $value = 0
1558 | Write-Host $registrypath
1559 | SetHipaaControl ($registrypath, $name, $value)
1560 | 
1561 | ## (44.56) 1164 Network Security: Do not store LAN Manager password hash value on next password change
1562 | # 
1563 | $registrypath = "HKLM:/System/CurrentControlSet/Control/Lsa"
1564 | $name = "NoLMHash"
1565 | $value = 1
1566 | Write-Host $registrypath
1567 | SetHipaaControl ($registrypath, $name, $value)
1568 | 
1569 | ## (44.57) 1380 Microsoft network client: Send Unencrypted Password to Connect to Third-Party SMB Server
1570 | # 
1571 | $registrypath = "HKLM:/System/CurrentControlSet/Services/LanmanWorkstation/Parameters"
1572 | $name = "EnablePlainTextPassword"
1573 | $value = 0
1574 | Write-Host $registrypath
1575 | SetHipaaControl ($registrypath, $name, $value)
1576 | 
1577 | ## (44.80) 1374 Domain member: Maximum machine account password age'
1578 | # Greater than or equal to 0
1579 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Netlogon/Parameters"
1580 | $name = "MaximumPasswordAge"
1581 | $value = 90
1582 | #SetHipaaControl ($registrypath, $name, $value)
1583 | 
1584 | ## (44.87) 1200 Status of the 'Domain Controller: Refuse machine account password changes'
1585 | # 
1586 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Netlogon/Parameters"
1587 | $name = "RefusePasswordChange"
1588 | $value = 1
1589 | #SetHipaaControl ($registrypath, $name, $value)
1590 | 
1591 | ## (44.89) 1373 Status of the 'Domain member: Disable machine account password changes'
1592 | # Enabled or Disabled are acceptable
1593 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Netlogon/Parameters"
1594 | $name = "DisablePasswordChange"
1595 | $value = 0
1596 | #SetHipaaControl ($registrypath, $name, $value)
1597 | 
1598 | ##### Additional Changes #####
1599 | 
1600 | ## 
1601 | # 
1602 | $registrypath = "HKLM:/System/CurrentControlSet/Services/Lanmanserver/Parameters"
1603 | $name = "AutoShareWKS"
1604 | $value = 0
1605 | Write-Host $registrypath
1606 | SetHipaaControl ($registrypath, $name, $value)
1607 | 


--------------------------------------------------------------------------------