This repository contains PowerShell scripts designed to help implement and remediate specific Security Technical Implementation Guides (STIGs) for Windows 10 environments. These scripts automate the enforcement of various security controls, improving system hardening and reducing vulnerabilities.
Each STIG ID corresponds to a specific security setting or configuration requirement designed to enhance system security and compliance. The table below provides an overview of the STIGs addressed by this repository.
| STIG ID | Description | Language | Link |
|---|---|---|---|
| WN10-00-000150 | Enables Structured Exception Handling Overwrite Protection | PowerShell | View Remediation |
| WN10-AU-000505 | Security event log size increased to 1024000 KB | PowerShell | View Remediation |
| WN10-AU-000510 | System event log size increased to 32768 KB | PowerShell | View Remediation |
| WN10-CC-000005 | Requires login to use the camera | PowerShell | View Remediation |
| WN10-CC-000010 | Disables slideshow feature when screen is locked | PowerShell | View Remediation |
| WN10-CC-000020 | Ensures that IPv6 source routing is configured to highest protection | PowerShell | View Remediation |
| WN10-CC-000025 | Hardens TCPIP to protect against spoofing | PowerShell | View Remediation |
| WN10-CC-000030 | Ignores name release requests except when initiated from WINS server | PowerShell | View Remediation |
| WN10-CC-000035 | Disables ICMP redirects | PowerShell | View Remediation |
| WN10-CC-000037 | Enables User Account Control | PowerShell | View Remediation |
| WN10-CC-000038 | Enforces WDigest Authentication protocol | PowerShell | View Remediation |
| WN10-CC-000040 | Disables insecure guest logons to prevent unauthenticated access to shared folders. | PowerShell | View Remediation |
| WN10-CC-000044 | Disables internet connection sharing | PowerShell | View Remediation |
| WN10-CC-000060 | Blocks connections to non-domain networks while connected to a domain-authenticated network | PowerShell | View Remediation |
| WN10-CC-000065 | Disables Wi-Fi Sense | PowerShell | View Remediation |
| WN10-CC-000066 | Enables command line data for process creation events | PowerShell | View Remediation |
| WN10-CC-000068 | Configures the remote host to allow non-exportable credentials | PowerShell | View Remediation |
| WN10-CC-000085 | Configures Early Launch Antimalware to prevent boot drivers | PowerShell | View Remediation |
| WN10-CC-000100 | Prevents the downloading of print driver packages over HTTP | PowerShell | View Remediation |
| WN10-CC-000105 | Prevents web publishing and online ordering wizards from downloading a list of providers | PowerShell | View Remediation |
| WN10-CC-000110 | Disables printing over HTTP | PowerShell | View Remediation |
| WN10-CC-000115 | Configures the system to attempt device authentication using certificates | PowerShell | View Remediation |
| WN10-CC-000260 | Configures Windows 10 to require a minimum pin length of six characters or greater | PowerShell | View Remediation |