New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CIS baseline in combination with Intune #47
Comments
Using -backup gives me about 280 entries with -NODATA when I compare against the CIS baseline. This is not workable. I think we have to modernize that also Intune managed devices can be checked. Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile |
I'm aware of the missing Intune checks, this is work in progress and any help is welcome, see in the dev repo: 0x6d69636b/windows_hardening#22 Unfortunately, neither CIS nor Microsoft publish the Intune registry path in their policies |
Our machines are deployed with Intune. Checking the baseline with hardeningkitty reports that the firewall is OFF.
This is done by checking the registry hive under ..\Policies.
But this is only set when its controlled by GPO. When done with Intune there is no ..\WindowsFirewall..
You can check it by NETSH or other functions.
But the first thing I would like to see is : When a registry key is not readable, don't assume its 0. Report it as not available.
10501,"Windows Firewall","EnableFirewall (Domain Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile,EnableFirewall,,,,0,1,=,Medium
Hope you are willing to help and improve.
Best regards,
Gert
The text was updated successfully, but these errors were encountered: