Wynis

Just a powershell scripts for auditing security with BEST Practices Windows env You just need to run the script, it will create a directory named : AUDIT_CONF_%MACHINENAME_%DATE%

Actualy, the script are :

-WynisWIN2016DC-CISv1.0 : Auditing DC 2016 with CIS

-Wynis-AD-STIG : Auditing Domain Security with STIG and other security Best Practice (Work In Progress)

-WynisO365-CIS : Auditing O365 with CIS Best Practice (Work in Progress)

-WynisWIN10-CIS : Auditing Win 10 with CIS Best Practice

-WynisWIN2016-CIS : Auditing Win 2016 with CIS Best Practice

Prerequisites

Before running the script either you :

-'Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser' before running the script in your powerhell console

- Sign Wynis with your PKi https://devblogs.microsoft.com/scripting/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2/

Informations

The directory output will contain the files belows:

-Antivirus-%COMPUTERNAME% : List installed Antivirus software

-APPDATA%COMPUTERNAME% : List all executable file in APPDATA directory

-Audit%DATE%: list the result of all CIS tests

-auditpolicy-%COMPUTERNAME% : audit policy configured

-firewall-rules-%COMPUTERNAME% : List all local windows firewall rules

-gpo-%COMPUTERNAME% : Gpresult for applied GPO

-Installed-Software-%COMPUTERNAME% : List installed software

-Listen-port-%COMPUTERNAME% : netstat with associate executable -localuser-%COMPUTERNAME% : list all local users

-OptionnalFeature-%COMPUTERNAME% :List all enabled optional feature

-Scheduled-task-%COMPUTERNAME% : list all scheduled task

-Service-%COMPUTERNAME% : list all service

-Share-%COMPUTERNAME% : list all share

-StartUp-%COMPUTERNAME% : check registry to identify start-up executable

-System-%COMPUTERNAME% : systeminfo

-SystemUpdate : Check Wmi Quickfix to identify installed update