https://wiki.24pin.tech/api.php?action=feedcontributions&feedformat=atom&user=AOwen24PinTech Wiki - User contributions [en]2026-05-08T14:09:15ZUser contributionsMediaWiki 1.37.1https://wiki.24pin.tech/index.php?title=User:AOwen&diff=1997User:AOwen2022-09-20T18:07:12Z<p>AOwen: Made up to date & deleted my discord, don't go into revision history and try and contact me that way.</p>
<hr />
<div><br />
==Introduction==<br />
Hello and welcome to my page, my name is Ashton Owen and I'm part of the 2022 graduating class. I joined 24pinTech my sophomore year as a technician with only the little knowledge I had learned in the 20+1 program in middle school. I had always been passionate about computers but this class jumpstarted what would soon become my future career. Covid-19 soon befell the world and I was confined to my home, it was during this pandemonium that I found my role in the Cybersecurity field. I originally worked on the SIEM project that we have now, though I was quickly moved off of that and found myself researching how to secure our domain controllers. I soon found myself researching server hardening scripts, and through some trial and error I had successfully implemented the server hardening scripts.<br />
<br />
==Certifications==<br />
<br />
* Testout PC Pro<br />
* Testout Networking Pro<br />
* Testout Security Pro<br />
* Testout CyberDefence Pro<br />
* CompTIA Security+<br />
<br />
==Projects==<br />
<br />
=== Server Hardening - Done! ===<br />
My first real project in this class! Information and instructions for this project can be found [[Server Hardening|here]].<br />
<br />
=== Host Hardening - Scrapped. ===<br />
The next logical step for what project I should do next. The script that I used for this project ended up causing too much friction with normal class operations, most notably the disabling of UAC (User Access Control) prompts. A valiant effort to secure our labs, though it just didn't turn out as I'd hoped.<br />
<br />
=== Server Migration - Done! ===<br />
I ended up being a helping hand migrating the servers to a new rack over Christmas break in 2021. I helped plan where the servers would go in the rack and physically moved the servers out of the old rack and into the new one. I may not maintain the servers in there, but it's one of my favorite experiences of being in 24pinTech.<br />
<br />
=== Cyber Range Infrastructure - Shelved. ===<br />
<br />
=== Creating a CTF - Shelved. ===<br />
<br />
==What am I doing now?==<br />
Right now I'm studying Computer Science with a focus in Cybersecurity at ASU's Tempe campus. I'm actively looking for an Internship at some of the major players in the industry to try and build my repertoire of skills.<br />
<br />
== Contact Info ==<br />
<br />
* Email - aowen1089@gmail.com<br />
* Phone - 480-825-5877</div>AOwenhttps://wiki.24pin.tech/index.php?title=Alumni&diff=1793Alumni2022-05-06T20:35:42Z<p>AOwen: Added my name.</p>
<hr />
<div>This is a list of notable alumni of the 24pintech program, if you would like to join the list after graduation please speak with Chamberlain.<br />
<br />
*[[User:AOwen|Ashton Owen]]<br />
*[[User:LChristopherson|Luke Christopherson]]<br />
*[[User:NShearer|Nathan Shearer]]<br />
*[[User talk:Nick Perez|Nick Perez]]<br />
*Omar Perez (W.I.P)</div>AOwenhttps://wiki.24pin.tech/index.php?title=User:AOwen&diff=1791User:AOwen2022-05-06T20:34:22Z<p>AOwen: Created page, started working on my Alumni page.</p>
<hr />
<div><br />
==Introduction==<br />
Hello and welcome to my page, my name is Ashton Owen and I'm part of the 2022 graduating class. I joined 24pinTech my sophomore year as a technician with only the little knowledge I had learned in the 20+1 program in middle school. I had always been passionate about computers but this class jumpstarted what would soon become my future career. Covid-19 soon befell the world and I was confined to my home, it was during this pandemonium that I found my role in the Cybersecurity field. I originally worked on the SIEM project that we have now, though I was quickly moved off of that and found myself researching how to secure our domain controllers. I soon found myself researching server hardening scripts, and through some trial and error I had successfully implemented the server hardening scripts.<br />
<br />
==Certifications==<br />
<br />
* Testout PC Pro<br />
* Testout Networking Pro<br />
* Testout Security Pro<br />
* Testout CyberDefence Pro<br />
* CompTIA Security+<br />
<br />
==Projects==<br />
<br />
=== Server Hardening - Done! ===<br />
My first real project in this class! Information and instructions for this project can be found [[Server Hardening|here]].<br />
<br />
=== Host Hardening - Scrapped. ===<br />
The next logical step for what project I should do next. The script that I used for this project ended up causing too much friction with normal class operations, most notably the disabling of UAC (User Access Control) prompts. A valiant effort to secure our labs, though it just didn't turn out as I'd hoped.<br />
<br />
=== Server Migration - Done! ===<br />
I ended up being a helping hand migrating the servers to a new rack over Christmas break in 2021. I helped plan where the servers would go in the rack and physically moved the servers out of the old rack and into the new one. I may not maintain the servers in there, but it's one of my favorite experiences of being in 24pinTech.<br />
<br />
=== Cyber Range Infrastructure - Shelved. ===<br />
<br />
=== Creating a CTF - Shelved. ===<br />
<br />
==Plans==<br />
<br />
== Contact Info ==<br />
<br />
* Email - aowen1089@gmail.com<br />
* Phone - 480-825-5877<br />
* Discord - BlitzBlaze#2422</div>AOwenhttps://wiki.24pin.tech/index.php?title=User:AOwen&diff=1790User:AOwen2022-05-06T20:00:57Z<p>AOwen: Created blank page</p>
<hr />
<div></div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1358Server Hardening2021-05-21T01:17:32Z<p>AOwen: </p>
<hr />
<div><br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pasted into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path C:\Windows\system32\CIS_WindowsServer2019_v110 -Force -Wait -Verbose</code><br />
<br />
[[File:Script Running.png|thumb|429x429px|An Image of what everything should look like if you've ran the script correctly]]<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output. <br />
<br />
Now you should see all this mishmash of words coming at you, don't worry this is the script doing its job. They aren't warnings or failures, this is what <code>-Verbose</code> does. Otherwise just let it do its thing, the flashing timer at the top should tell you when its approximately going to be done. After that the script is all done and ran, feel free to close PowerShell. Just make sure to double check local and group policy to make sure that the script is in fact functional. Once you've doublechecked, you're all done, just repeat these steps if you're looking to run this script on more machines. <br />
<br />
====Step-by-Step Scripted Server Hardening====<br />
<br />
#Open an Elevated PowerShell instance.<br />
#If this is a first time instillation, use the following commands to install vital modules<br />
##<code>install-module AuditPolicyDSC</code><br />
##<code>install-module ComputerManagementDsc</code><br />
##<code>install-module SecurityPolicyDsc</code><br />
###If unable to install required modules, use the command: <code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
#Copy and Paste the script into the Elevated PowerShell instance and press enter, after a brief delay, you should see the path that the .MOF was saved to.<br />
#Use the command <code>Start-DscConfiguration -Path C:\Windows\system32\CIS_WindowsServer2019_v110 -Force -Wait -Verbose</code> and use the path that was given to you in place of the path used in the example, and press enter.<br />
#The .MOF should now be running, wait for the timer to finish, and it should be opperational.<br />
<br />
==Linux==<br />
Hasn't been publicly documented due to security concerns.<br />
<br />
==References==<br />
Our Modified Windows script for Windows Server 2019[https://docs.google.com/document/d/1GyCaeNv9F3taE8jpmVNqJ8JlcXy79q_S8GATVvzKFUE/edit?usp=sharing <nowiki>[1]</nowiki>]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1357Server Hardening2021-05-20T20:03:21Z<p>AOwen: </p>
<hr />
<div><br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pasted into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path C:\Windows\system32\CIS_WindowsServer2019_v110 -Force -Wait -Verbose</code><br />
<br />
[[File:Script Running.png|thumb|429x429px|An Image of what everything should look like if you've ran the script correctly]]<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output. <br />
<br />
Now you should see all this mishmash of words coming at you, don't worry this is the script doing its job. They aren't warnings or failures, this is what <code>-Verbose</code> does. Otherwise just let it do its thing, the flashing timer at the top should tell you when its approximately going to be done. After that the script is all done and ran, feel free to close PowerShell. Just make sure to double check local and group policy to make sure that the script is in fact functional. Once you've doublechecked, you're all done, just repeat these steps if you're looking to run this script on more machines. <br />
<br />
====Step-by-Step Scripted Server Hardening====<br />
<br />
#Open an Elevated PowerShell instance.<br />
#If this is a first time instillation, use the following commands to install vital modules<br />
##<code>install-module AuditPolicyDSC</code><br />
##<code>install-module ComputerManagementDsc</code><br />
##<code>install-module SecurityPolicyDsc</code><br />
###If unable to install required modules, use the command: <code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
#Copy and Paste the script into the Elevated PowerShell instance and press enter, after a brief delay, you should see the path that the .MOF was saved to.<br />
#Use the command <code>Start-DscConfiguration -Path C:\Windows\system32\CIS_WindowsServer2019_v110 -Force -Wait -Verbose</code> and use the path that was given to you in place of the path used in the example, and press enter.<br />
#The .MOF should now be running, wait for the timer to finish, and it should be opperational.<br />
<br />
==Linux==<br />
It's linked somewhere else on the wiki, I'm asking where Deegan put it.<br />
<br />
==References==<br />
Our Modified Windows script for Windows Server 2019[https://docs.google.com/document/d/1GyCaeNv9F3taE8jpmVNqJ8JlcXy79q_S8GATVvzKFUE/edit?usp=sharing <nowiki>[1]</nowiki>]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1356Server Hardening2021-05-20T19:58:30Z<p>AOwen: </p>
<hr />
<div><br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pasted into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path C:\Windows\system32\CIS_WindowsServer2019_v110 -Force -Wait -Verbose</code><br />
<br />
[[File:Script Running.png|thumb|429x429px|An Image of what everything should look like if you've ran the script correctly]]<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output. <br />
<br />
Now you should see all this mishmash of words coming at you, don't worry this is the script doing its job. They aren't warnings or failures, this is what <code>-Verbose</code> does. Otherwise just let it do its thing, the flashing timer at the top should tell you when its approximately going to be done. After that the script is all done and ran, feel free to close PowerShell. Just make sure to double check local and group policy to make sure that the script is in fact functional. Once you've doublechecked, you're all done, just repeat these steps if you're looking to run this script on more machines. <br />
<br />
====Step-by-Step Scripted Server Hardening====<br />
<br />
#Open an Elevated PowerShell instance.<br />
#If this is a first time instillation, use the following commands to install vital modules<br />
##<code>install-module AuditPolicyDSC</code><br />
##<code>install-module ComputerManagementDsc</code><br />
##<code>install-module SecurityPolicyDsc</code><br />
###If unable to install required modules, use the [Net.ServicePointManager] command listed above.<br />
#Copy and Paste the script into the Elevated PowerShell instance and press enter, after a brief delay, you should see the path that the .MOF was saved to.<br />
#Use the command <code>Start-DscConfiguration -Path C:\Windows\system32\CIS_WindowsServer2019_v110 -Force -Wait -Verbose</code> and use the path that was given to you in place of the path used in the example, and press enter.<br />
#The .MOF should now be running, wait for the timer to finish, and it should be opperational.<br />
<br />
==Linux==<br />
It's linked somewhere else on the wiki, I'm asking where Deegan put it.<br />
<br />
==References==<br />
Our Modified Windows script for Windows Server 2019[https://docs.google.com/document/d/1GyCaeNv9F3taE8jpmVNqJ8JlcXy79q_S8GATVvzKFUE/edit?usp=sharing <nowiki>[1]</nowiki>]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1352Server Hardening2021-05-20T19:30:26Z<p>AOwen: </p>
<hr />
<div><br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pasted into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</code><br />
<br />
[[File:Script Running.png|thumb|429x429px|An Image of what everything should look like if you've ran the script correctly]]<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output. <br />
<br />
Now you should see all this mishmash of words coming at you, don't worry this is the script doing its job. They aren't warnings or failures, this is what <code>-Verbose</code> does. Otherwise just let it do its thing, the flashing timer at the top should tell you when its approximately going to be done. After that the script is all done and ran, feel free to close PowerShell. Just make sure to double check local and group policy to make sure that the script is in fact functional. Once you've doublechecked, you're all done, just repeat these steps if you're looking to run this script on more machines. <br />
<br />
====Step-by-Step Scripted Server Hardening====<br />
<br />
#Open an Elevated PowerShell instance.<br />
#Install required modules using the three commands above. (If already installed before, skip this step)<br />
##If unable to install required modules, use the [Net.ServicePointManager] command listed above.<br />
#Copy and Paste script into PowerShell to create a .MOF.<br />
#Run the .MOF file using the Start-DscConfiguration command listed above using the path to the .MOF that the previous command specified.<br />
#Wait for the .MOF to run, and you're done.<br />
<br />
==Linux==<br />
It's linked somewhere else on the wiki, I'm asking where Deegan put it.<br />
<br />
==References==<br />
Our Modified Windows script for Windows Server 2019[https://docs.google.com/document/d/1GyCaeNv9F3taE8jpmVNqJ8JlcXy79q_S8GATVvzKFUE/edit?usp=sharing <nowiki>[1]</nowiki>]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1348Server Hardening2021-05-20T19:19:45Z<p>AOwen: Changed script reference & added step by step.</p>
<hr />
<div><br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pasted into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</code><br />
<br />
[[File:Script Running.png|thumb|429x429px|An Image of what everything should look like if you've ran the script correctly]]<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output. <br />
<br />
Now you should see all this mishmash of words coming at you, don't worry this is the script doing its job. They aren't warnings or failures, this is what <code>-Verbose</code> does. Otherwise just let it do its thing, the flashing timer at the top should tell you when its approximately going to be done. After that the script is all done and ran, feel free to close PowerShell. Just make sure to double check local and group policy to make sure that the script is in fact functional. Once you've doublechecked, you're all done, just repeat these steps if you're looking to run this script on more machines. <br />
<br />
==== Step-by-Step Scripted Server Hardening ====<br />
<br />
# Open an Elevated PowerShell instance.<br />
# Install required modules using the three commands above. (If already installed before, skip this step)<br />
## If unable to install required modules, use the [Net.ServicePointManager] command.<br />
# Copy and Paste script into PowerShell to create .MOF.<br />
# Run the .MOF file using the Start-DscConfiguration command.<br />
# Wait for the .MOF to run, and you're done.<br />
<br />
==Linux==<br />
It's linked somewhere else on the wiki, I'm asking where Deegan put it.<br />
<br />
==References==<br />
Our Modified Windows script for Windows Server 2019[https://docs.google.com/document/d/1GyCaeNv9F3taE8jpmVNqJ8JlcXy79q_S8GATVvzKFUE/edit?usp=sharing <nowiki>[1]</nowiki>]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1239Server Hardening2021-04-16T19:24:46Z<p>AOwen: Windows is now fully finished, waiting to document the Lemp stack.</p>
<hr />
<div><br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pased into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</code><br />
<br />
[[File:Script Running.png|thumb|429x429px|An Image of what everything should look like if you've ran the script correctly]]<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output. <br />
<br />
Now you should see all this mishmash of words coming at you, don't worry this is the script doing its job. They aren't warnings or failures, this is what <code>-Verbose</code> does. Otherwise just let it do its thing, the flashing timer at the top should tell you when its approximately going to be done. After that the script is all done and ran, feel free to close PowerShell. Just make sure to double check local and group policy to make sure that the script is in fact functional. Once you've doublechecked, you're all done, just repeat these steps if you're looking to run this script on more machines. <br />
<br />
== Linux ==<br />
Workin' on it<br />
<br />
==References==<br />
Our Modified Windows script for Windows Server 2019[https://www.dropbox.com/s/eoc3f6vpupvhe6c/Windows%20Hardening%20Script.txt?dl=0]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1219Server Hardening2021-04-16T18:40:50Z<p>AOwen: </p>
<hr />
<div>(Page WIP)<br />
<br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pased into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</code><br />
<br />
[[File:Script Running.png|thumb|429x429px|An Image of what everything should look like if you've ran the script correctly]]<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output. <br />
<br />
==References==<br />
Our Modified Windows script for Server 2019[https://www.dropbox.com/s/eoc3f6vpupvhe6c/Windows%20Hardening%20Script.txt?dl=0]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1218Server Hardening2021-04-16T18:37:27Z<p>AOwen: </p>
<hr />
<div>(Page WIP)<br />
<br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pased into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</code><br />
<br />
[[File:Script Running.png|thumb|429x429px|An Image of what everything should look like if you've ran the script correctly]]<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output. <br />
<br />
==References==<br />
Our Modified Windows script for Server 2019[https://www.dropbox.com/s/5ys8zsz07js5huc/Windows%20Hardening%20Script.txt?dl=0]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=File:Script_Running.png&diff=1217File:Script Running.png2021-04-16T18:36:33Z<p>AOwen: </p>
<hr />
<div>Self Explanitory</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1209Server Hardening2021-04-14T19:15:52Z<p>AOwen: </p>
<hr />
<div>(Page WIP)<br />
<br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pased into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</code><br />
<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output.<br />
<br />
==References==<br />
Our Modified Windows script for Server 2019[https://www.dropbox.com/s/5ys8zsz07js5huc/Windows%20Hardening%20Script.txt?dl=0]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1208Server Hardening2021-04-14T19:14:46Z<p>AOwen: </p>
<hr />
<div>(Page WIP)<br />
<br />
==Overview==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pased into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</code><br />
<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, <code>-path</code> will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. <code>-Force</code> will, well, force its way over any running commands. <code>-Wait</code> will wait for <code>-Force</code> to stop the running command before running the <code>DscConfiguration</code> command, and lastly <code>-Verbose</code> will generate a more detailed output.<br />
<br />
==References==<br />
Our Windows script for Server 2019[https://www.dropbox.com/s/5ys8zsz07js5huc/Windows%20Hardening%20Script.txt?dl=0]<br />
<br />
Original Script & Scripts for Server 2016[https://github.com/NVISOsecurity/posh-dsc-windows-hardening <nowiki>[2]</nowiki>]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1207Server Hardening2021-04-14T19:00:59Z<p>AOwen: </p>
<hr />
<div>(Page WIP)<br />
<br />
== Overview ==<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy.<br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pased into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</code><br />
<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, -path will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. -Force will<br />
<br />
==References==<br />
Link to our Windows script for Server 2019[https://www.dropbox.com/s/5ys8zsz07js5huc/Windows%20Hardening%20Script.txt?dl=0]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1206Server Hardening2021-04-14T18:56:33Z<p>AOwen: </p>
<hr />
<div>(Page WIP)<br />
<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy. <br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
===Manual Server Hardening===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
===Scripted Server Hardening=== <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. Ours can be copied and pased into PowerShell and it will create an .MOF.<sup>[1]</sup> It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
*<code>install-module AuditPolicyDSC</code><br />
*<code>install-module ComputerManagementDsc</code><br />
*<code>install-module SecurityPolicyDsc</code><br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
*<code>[Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12</code><br />
<br />
Now with that all out of the way, you should have just created a .MOF file, now this MOF file isn't the endpoint. What we just did was compress that whole block of text into something readable by Windows PowerShell, why couldn't we just do it from the.txt file? I don't know ,but this way works so we're rolling with it. Next step will be to run that .MOF file that was just created. <br />
<br />
*<code>Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</code><br />
<br />
DscConfiguration will read the script and configure the policy listed in the .MOF file, -path will allow you to put in the path to the MOF, when the MOF is done compiling it should give you the path so make sure to write that down or remember it good. -Force will<br />
<br />
== References ==<br />
Link to our Windows script for Server 2019[https://www.dropbox.com/s/5ys8zsz07js5huc/Windows%20Hardening%20Script.txt?dl=0]</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1194Server Hardening2021-04-13T20:04:20Z<p>AOwen: </p>
<hr />
<div>(Page WIP)<br />
<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy. <br />
<br />
==Windows==<br />
[[File:Path to Password Policy.png|thumb|687x687px|The Path to Password Policy in the GPO Editor]]<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Its relatively easy to understand what each policy does, its just that with the sheer quantity of policy, it can be somewhat difficult to understand what the whole does.<br />
<br />
=== Manual Server Hardening ===<br />
Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.<br />
<br />
=== Scripted Server Hardening === <br />
Scripts can be ran from an elevated PowerShell instance directly, or can be used to create an .MOF file. It may claim that you don't have the required PowerShell module, in that case it should give you the command to install it. If not the required commands are<br />
<br />
* install-module AuditPolicyDSC<br />
* install-module ComputerManagementDsc<br />
* install-module SecurityPolicyDsc<br />
<br />
If it still says that you're unable to install the modules, a workaround that I've found is to run the following command.<br />
<br />
* [Net.ServicePointManager]::Security Protocol = [Net.SecurityProtocolType]::Tls12<br />
<br />
Now with that all out of the way, you should have just created a .MOF file<br />
<br />
* Start-DscConfiguration -Path .\Name of MOF -Force -Wait -Verbose</div>AOwenhttps://wiki.24pin.tech/index.php?title=File:Path_to_Password_Policy.png&diff=1193File:Path to Password Policy.png2021-04-13T19:18:30Z<p>AOwen: </p>
<hr />
<div>Just used as a reference image in Server hardening</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1192Server Hardening2021-04-13T19:06:24Z<p>AOwen: </p>
<hr />
<div>(Page WIP)<br />
<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy. <br />
<br />
==Windows==<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it. Scripts can be ran from an elevated PowerShell instance</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1191Server Hardening2021-04-13T17:51:21Z<p>AOwen: /* Windows */</p>
<hr />
<div>(Page WIP)<br />
<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy. <br />
<br />
==Windows==<br />
Windows is one of the most common OSes out there, and is the one you'll most likely find running a server. Windows has plenty of menus to parse through, making manual adjustments much more of a chore than anything. To find the policy you need, it'll most likely be through Group Policy Management, from there you can edit the default domain policy, wherein everything would be applied to every computer. Though be warned, unless it's something simple like password policy, you won't find what you're looking for unless you know exactly where it is without spending the greater years of your life digging around for it.</div>AOwenhttps://wiki.24pin.tech/index.php?title=Server_Hardening&diff=1190Server Hardening2021-04-13T16:42:17Z<p>AOwen: Created page, also started to work on an overview and the process.</p>
<hr />
<div>(Page WIP)<br />
<br />
Server Hardening is the process of preemptively patching any security vulnerabilities that may arise. This is done by a multiplicity of policy adjustments either manually or run through a script. Scripts act as a blanket when it comes to changing policy, its great for changing lots of different areas on different devices quickly. On the other hand, manual server hardening can be tedious, but gives you the scalpel to change device specific policies that you may want to be enacted. Server Hardening itself is a broad category itself as well, ranging from password policy to remote connection policy, to firewall policy. There isn't any "one size fits all" solutions either, you will have to make some changes depending on the current 24pin policy. <br />
<br />
== Windows ==</div>AOwen