/Harden-Windows-Security

Harden Windows 11 safely, securely and without breaking anything. Always up-to-date and works with latest build of Windows. Above each command there are comments that explain what it does.

Primary LanguagePowerShell


Avatar

Harden Windows Security

Harden Windows 11 safely, securely and without breaking anything

PowerShell Gallery PowerShell Gallery Downloads count

Hardening CategoriesHow To UseFeaturesRelatedSupportSecurity ReccomendationsResourcesLicense

Hardening Categories

From Top to bottom in order:

  • Commands that require Administrator Privileges
    • Windows Security aka Defender
    • Attack surface reduction rules
    • Bitlocker Settings
    • TLS Security
    • Lock Screen
    • UAC (User Account Control)
    • Device Guard
    • Windows Firewall
    • Optional Windows Features
    • Windows Networking
    • Miscellaneous Configurations
  • Commands that don't require Administrator Privileges
    • Non-Admin Commands that only affect the current user and do not make machine-wide changes.

How To Use

To run the script:

# Download the latest version of the script to the current user folder
iwr -Uri "https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/Harden-Windows-Security.ps1" -OutFile "Harden-Windows-Security.ps1"

# set execution policy temporarily to bypass for the current PowerShell session only
Set-ExecutionPolicy Bypass -Scope Process

# run the script
.\Harden-Windows-Security.ps1

Note if there are multiple Windows user accounts in your computer, it's recommended to run this script in each of them, without administrator privileges, because Non-admin commands only apply to the current user and are not machine wide.

Note When the script is running for the first time, please keep an eye on the PowerShell console because you might need to provide input for Bitlocker activation.

Note Things with #TopSecurity tag can break functionalities or cause difficulties so this script does NOT enable them by default. press Control + F and search for #TopSecurity in the script to find those commands and how to enable them if you want.

Features:

  • Always up-to-date and works with latest build of Windows (Currently Windows 11 - compatible and fully tested a Lot on stable and Insider Dev builds)
  • Doesn't break anything
  • Doesn't remove or disable Windows functionlities against Microsoft's recommendation
  • Above each command there are comments that explain what it does, why it's there, provide extra important information about it and links to additional resources for better understanding
  • When a hardening command is no longer necessary because it's applied by default by Microsoft on new builds of Windows, it will also be removed from this script in order to prevent any problems and because it won't be necessary anymore.
  • The script can be run infinite number of times, it's made in a way that it won't make any duplicate changes at all.

Related

PowerShell Gallery - Also available in PowerShell Gallery

Support

🎯 if you have any questions, requests, suggestions etc. about this script, please open a new discussion on Github

Security Reccomendations

Resources

License

MIT License


Microsoft Tech Community Profile  ·  GitHub @HotCakeX  ·  Steam @HotCakeX  ·  Xbox: @HottCakeX  ·  Reddit