Validate status of Windows 10 security settings
I’ve created a Powershell-script for detecting status of different security related device features and settings related to Windows 10. The ambition with this script is to be able to check the current setting of different features in a quick way without utilizing any portals. Currently the script detects the status of:
- Operating System (Edition, Architecture, Version, and Buildnumber)
- Defender (Antivirus, Antispyware, Realtime Protection, Tamper Protection, IOAV Protection, Network Protection, PUAProtection)
- CloudProtectionService (MAPS for Defender)
- Windows Sandbox
- Credential Guard
- Device Guard
- Attack Surface Reduction
- Controlled Folder Access
Install the Script
The script itself can be found at Powershell Gallery and installed using:
Install-Script -Name SecurityPosture -force
Or you can download it manually from my Github.
Running the Script
Security Posture has support for running individual functions (switches), let’s try and check the Operating System and the status of UEFI and Secure Boot as an example:
Next thing to try is running the script querying every function in it:
The status of more functions and features will be displayed:
As I stated in the beginning of this post. the script will write entries to a log file residing at the client at C:\Windows\Temp\Client-SecurityPosture.log which preferably is read using CMTrace or OneTrace.
More detailed information can be found in the description of the script. I’m planning on upgrading it to a module in the future with more visible help related to each function. I have a project for the script listed on my Github. Feel free to comment or DM me suggestions/ideas or errors you may encounter.