Audit Windows Security with best Practice
Just a powershell scripts for auditing security with BEST Practices Windows env
You just need to run the script, it will create a directory named : AUDITCONF%MACHINENAME_%DATE%
Actualy, the script are :
-WynisWIN2016DC-CISv1.0 : Auditing DC 2016 with CIS
-Wynis-AD : Auditing Domain Security with STIG and other security Best Practice (Work In Progress)
-WynisO365-CIS : Auditing O365 with CIS Best Practice (Work in Progress)
-WynisWIN10-CIS : Auditing Win 10 with CIS Best Practice
-WynisWIN11-CIS : Auditing Win 11 with CIS Best Practice
-WynisWIN2016-CIS : Auditing Win 2016 with CIS Best Practice
Before running the script either you :
-'Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser' before running the script in your powerhell console- Sign Wynis with your PKi https://devblogs.microsoft.com/scripting/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2/
The directory output will contain the files belows:
-Antivirus-%COMPUTERNAME% : List installed Antivirus software
-APPDATA%COMPUTERNAME% : List all executable file in APPDATA directory
-Audit%DATE%: list the result of all CIS tests
-auditpolicy-%COMPUTERNAME% : audit policy configured
-firewall-rules-%COMPUTERNAME% : List all local windows firewall rules
-gpo-%COMPUTERNAME% : Gpresult for applied GPO
-Installed-Software-%COMPUTERNAME% : List installed software
-Listen-port-%COMPUTERNAME% : netstat with associate executable
-localuser-%COMPUTERNAME% : list all local users
-OptionnalFeature-%COMPUTERNAME% :List all enabled optional feature
-Scheduled-task-%COMPUTERNAME% : list all scheduled task
-Service-%COMPUTERNAME% : list all service
-Share-%COMPUTERNAME% : list all share
-StartUp-%COMPUTERNAME% : check registry to identify start-up executable
-System-%COMPUTERNAME% : systeminfo
-SystemUpdate : Check Wmi Quickfix to identify installed update