goodwood/windows-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rm doublons

Browse Source
This commit is contained in:
goodwood 2025-05-08 21:53:09 +02:00
parent a62baa1dba
commit b4b8ebf6f2
1 changed files with 0 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
gpo-secu.ps1
View File

@ -1,43 +0,0 @@
Import-Module GroupPolicy
# Nom de la GPO
$gpoName = "Sécurité - Verrouillage postes"
$ouTarget = "OU=Postes,DC=tondomaine,DC=local" # <- À ADAPTER
# Créer la GPO
$gpo = New-GPO -Name $gpoName -Comment "Renforcement sécurité poste utilisateur"
# Lier à l'OU
New-GPLink -Name $gpo.DisplayName -Target $ouTarget
# ------------------------
# PARAMÈTRES GPO APPLIQUÉS
# ------------------------
# 1. Verrouillage du panneau de configuration
Set-GPRegistryValue -Name $gpoName -Key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -ValueName "NoControlPanel" -Type DWord -Value 1
# 2. Verrouillage CMD & PowerShell
Set-GPRegistryValue -Name $gpoName -Key "HKCU\Software\Policies\Microsoft\Windows\System" -ValueName "DisableCMD" -Type DWord -Value 1
Set-GPRegistryValue -Name $gpoName -Key "HKCU\Software\Policies\Microsoft\Windows\PowerShell" -ValueName "EnableScripts" -Type DWord -Value 0
# 3. Désactivation du hash LAN Manager
Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "NoLMHash" -Type DWord -Value 1
# 4. Désactiver installation sans mot de passe admin
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\Installer" -ValueName "DisableMSI" -Type DWord -Value 1
# 5. Désactivation du compte invité
Set-GPRegistryValue -Name $gpoName -Key "HKLM\SAM\SAM\Domains\Account\Users\Names\Guest" -ValueName "Enabled" -Type DWord -Value 0
# 6. Politique de mot de passe (complexité et longueur)
Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "PasswordComplexity" -Type DWord -Value 1
Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "MinimumPasswordLength" -Type DWord -Value 10
# 7. Expiration du mot de passe (90 jours)
Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -ValueName "MaximumPasswordAge" -Type DWord -Value 90
# 8. Blocage énumération SID anonymes
Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "RestrictAnonymousSAM" -Type DWord -Value 1
Write-Host "GPO '$gpoName' créée et liée à $ouTarget"