emily/atap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
atap/ATAPAuditor/Reports/Microsoft Windows 10 BSI.ps1
T
emily 404ee3fec4 a
2026-05-11 09:15:08 +02:00

115 lines
4.1 KiB
PowerShell
Raw Permalink Blame History

[Report] @{
Title = "Windows 10 BSI Report"
ModuleName = "ATAPAuditor"
BasedOn = @(
"BSI Configuration Recommendations for Hardening of Windows 10 Using Built-in Functionalities: Version 1.3, Date: 2021-05-03"
"BSI SiSyPHuS Recommendations for Telemetry Components: Version 1.2, Date: 2020-04-27"
"FB Pro recommendations 'Ciphers Protocols and Hashes Benchmark', Version 1.2.1, Date: 2023-11-03"
"FB Pro recommendations 'Enhanced settings', Version 1.2.1, Date: 2023-11-03"
)
Sections = @(
[ReportSection] @{
Title = 'BSI Benchmarks SiSyPHuS Logging'
Description = "This section contains all BSI logging recommendations"
SubSections = @(
[ReportSection] @{
Title = 'Registry Settings/Group Policies'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS Logging-BSI-1.3#RegistrySettings"
}
[ReportSection] @{
Title = 'Advanced Audit Policy Configuration'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS Logging-BSI-1.3#AuditPolicies"
}
)
}
try {
# Get domain role
# 0 {"Standalone Workstation"}
# 1 {"Member Workstation"}
# 2 {"Standalone Server"}
# 3 {"Member Server"}
# 4 {"Backup Domain Controller"}
# 5 {"Primary Domain Controller"}
$domainRole = (Get-CimInstance -Class Win32_ComputerSystem).DomainRole
} catch {
$domainRole = 99
}
# if system is Member Workstation
if ($domainRole -eq 1) {
[ReportSection] @{
Title = 'BSI Benchmarks SiSyPHuS HD'
Description = "This section contains all BSI HD recommendations"
SubSections = @(
[ReportSection] @{
Title = 'Registry Settings/Group Policies'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#RegistrySettings"
}
[ReportSection] @{
Title = 'User Rights Assignment'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#UserRights"
}
[ReportSection] @{
Title = 'Account Policies'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#AccountPolicies"
}
[ReportSection] @{
Title = 'Security Options'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#SecurityOptions"
}
)
}
} else {
[ReportSection] @{
Title = 'BSI Benchmarks SiSyPHuS NE'
Description = "This section contains all BSI NE recommendations"
SubSections = @(
[ReportSection] @{
Title = 'Registry Settings/Group Policies'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS NE-BSI-1.3#RegistrySettings"
}
[ReportSection] @{
Title = 'User Rights Assignment'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS NE-BSI-1.3#UserRights"
}
[ReportSection] @{
Title = 'Account Policies'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS NE-BSI-1.3#AccountPolicies"
}
[ReportSection] @{
Title = 'Security Options'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHuS NE-BSI-1.3#SecurityOptions"
}
)
}
}
[ReportSection] @{
Title = 'BSI Benchmarks SiSyPHus-BSI Telemetrie'
Description = "This section contains all BSI telemetry recommendations"
SubSections = @(
[ReportSection] @{
Title = 'Registry Settings/Group Policies'
AuditInfos = Test-AuditGroup "Microsoft Windows 10 SiSyPHus-Telemetrie-BSI-V1.2#RegistrySettings"
}
)
}
[ReportSection] @{
Title = 'FB Pro recommendations'
Description = "This section contains all FB Pro recommendations"
SubSections = @(
[ReportSection] @{
Title = 'Ciphers Suites and Hashes'
AuditInfos = Test-AuditGroup "CiphersProtocolsHashesBenchmark-FBPro-1.2.1#RegistrySettings"
}
[ReportSection] @{
Title = 'Enhanced security settings - Registry Settings'
AuditInfos = Test-AuditGroup "Microsoft Windows Enhanced Security Settings-FB Pro GmbH-1.2.1#RegistrySettings"
}
[ReportSection] @{
Title = 'Enhanced security settings - User Rights'
AuditInfos = Test-AuditGroup "Microsoft Windows Enhanced Security Settings-FB Pro GmbH-1.2.1#UserRights"
}
)
}
)
}
Reference in New Issue View Git Blame Copy Permalink