Security Posture

Validate status of Windows 10 security settings

I’ve created a Powershell-script for detecting status of different security related device features and settings related to Windows 10. The ambition with this script is to be able to check the current setting of different features in a quick way without utilizing any portals. Currently the script detects the status of:

  • Operating System (Edition, Architecture, Version, and Buildnumber)
  • TPM
  • Bitlocker
  • UEFI
  • SecureBoot
  • Defender (Antivirus, Antispyware, Realtime Protection, Tamper Protection, IOAV Protection, Network Protection, PUAProtection)
  • CloudProtectionService (MAPS for Defender)
  • DefenderATP
  • ApplicationGuard
  • Windows Sandbox
  • Credential Guard
  • Device Guard
  • Attack Surface Reduction
  • Controlled Folder Access

The script will write entries to a log file residing at the client (C:\Windows\Temp\Client-SecurityPosture.log) which preferably is read using CMTrace or OneTrace.

Install the Script
The script itself can be found at Powershell Gallery and installed using:
Install-Script -Name SecurityPosture -force  

Or you can download it manually from my Github.

Running the Script
Security Posture has support for running individual functions (switches), let’s try and check the Operating System and the status of UEFI and Secure Boot as an example:

Next thing to try is running the script querying every function in it:

The status of more functions and features will be displayed:

Logging
As I stated in the beginning of this post. the script will write entries to a log file residing at the client at C:\Windows\Temp\Client-SecurityPosture.log which preferably is read using CMTrace or OneTrace.

Example:

More detailed information can be found in the description of the script. I’m planning on upgrading it to a module in the future with more visible help related to each function. I have a project for the script listed on my Github. Feel free to comment or DM me suggestions/ideas or errors you may encounter.

Guide: Advanced Installer

Packaging of a basic MSI-installer using Advanced Installer (Free Edition)
Recently I’ve been using Advanced Installer (Free edition) for basic packaging of different application installers. I work mainly with Microsoft Intune when it comes to application deployment so in between the newly released Win32-App-Packaging-Tool I’ve found a spot for preparation and packaging of install-files using Advanced Installer. Following below is a easy to follow guide for how you utilize the software and re-package your first MSI-installer.

The version of Advanced Installer I’m currently using is version 1.6.5, the Free Edition which can be downloaded here. Download and install it, start the application and then create a New Project. Be sure to change the project to “Simple” since that’s the version we are going to use here.

When the Project is provisioned, be sure to navigate to Resources and then Files and Folders. When this is done, drag your MSI-file from any location to the “Application Folder”. As you can see on the screenshot above the source-location of this file also get’s listed.

Next step is to customize the name, version and publisher of your package. Press Product Details under Product Information. To the right on “Version” of the product, press and then select your newly imported MSI-installer. This will automatically provision the version of the application to your package.

I have then chosen to call the application Edge Beta and Publisher will be my made up company “Virtual Company”.

After pressing OK, at this point press “Keep existing” since we don’t need to generate a new Product Code at this time.

After this is done, press Build to save your project and generate the newly configured installer. I’ll save mine locally to C:\Temp\Edge.

Wait until the build finishes and then press OK. As you see in the screenshot above, you’ll see where the newly generated package resides (C:\Temp\Edge\Edge Beta-SetupFiles\Edge Beta.msi).

Viewing the MSI-Installer show all the properties we just configured. Well done.

Advanced Installer also comes with a enterprise-looking template for the installation of packaged installers, see below for my screenshots from the user experience regarding manual installation of the application.

User experience using the installer