OpenSec Atlas

windows_hardening: An Open Source Script for Endpoint Security | OpenSec Atlas

Endpoint Security

Script

windows_hardening

HardeningKitty is a PowerShell script that audits and applies Windows hardening settings based on multiple security benchmarks to enhance endpoint security.

View on GitHub

About This Tool

HardeningKitty and Windows Hardening Settings

Primary Use Case

This tool is used by system administrators and security professionals to assess and enforce compliance with Windows security baselines such as Microsoft, CIS Benchmarks, and DoD STIG. It automates the auditing and hardening of Windows configurations to reduce security risks and improve privacy in both private and business environments.

Key Features

Supports multiple security frameworks including Microsoft, CIS Benchmarks, DoD STIG, and BSI SiSyPHuS Win10
Performs compliance auditing by assessing Windows system settings against predefined security baselines
Automates hardening by applying recommended security configurations to the Windows registry and other system settings
Includes a 'HailMary' mode to apply any hardening checklist directly, useful for Windows 10 Home without Group Policy Editor
Reads and evaluates system configurations from the registry and other modules
Provides detailed output with severity levels for each check
Supports both machine-level (admin) and user-level execution contexts
Signed stable version available for environments requiring signed scripts

Insights & Recommendations

Run the script with administrative privileges to fully access machine settings; user settings should be run with a normal user account. The script was developed for English Windows systems and may produce incorrect results on systems with other languages. Use caution when applying hardening settings as they may affect system usability or infrastructure operations. For environments that require signed scripts, use the stable signed version available from the scip AG repository.

Installation

Download HardeningKitty script and accompanying lists from the repository
Copy the script and lists to the target Windows system
Run PowerShell with administrative privileges to access machine settings
Import the HardeningKitty module using Import-Module .\HardeningKitty.psm1
Execute the script with Invoke-HardeningKitty command

Usage

Import-Module .\HardeningKitty.psm1

Imports the HardeningKitty PowerShell module into the current session

Invoke-HardeningKitty -EmojiSupport

Runs the HardeningKitty audit and hardening process with emoji support for easier result interpretation

Smart Usage Notes

Integrate HardeningKitty into automated patch management and endpoint configuration pipelines for continuous compliance.Use the 'HailMary' mode to enforce hardening on Windows 10 Home editions lacking Group Policy Editor, expanding coverage.Leverage detailed severity outputs to prioritize remediation efforts and tailor hardening to operational needs.Combine with endpoint detection and response (EDR) tools to correlate hardening status with detected threats for enhanced situational awareness.Deploy in purple team exercises to validate the effectiveness of hardening controls against simulated adversary tactics.