Security (Windows)

Automation Manager System Automated Tasks (AM)

Automated Tasks designated as AM are created using the Automation Manager.

Bittorrent Detection and Mitigation (AM)

This Automation Policy is made to detect if any of the most common Bittorrent software are running and if desired stop the processes.

It is meant to be used as a script check in RMM and will return a failed state if any process is found.

The script will output a list of any torrent sofware found or will return "No Torrent Found".

Disable Firewall (AM)

Script Type: PowerShell

Disables the built-in Windows firewall

Does not require any Parameters.

Enable Bitlocker (AM)

This script will turn on bitlocker as TPM, then will add the recovery password (auto-generated) and output it.

To use this, run it on a computer with Bitlocker not enabled.

The script will output the Bitlocker key.

Enable Firewall (AM)

Script Type: PowerShell

Enables the built-in Windows firewall

Does not require any Parameters.

Enable TLS 1.2 (AM)

This Automation Manager Policy will create the registry keys needed to enable TLS 1.2 on a Windows Server or Workstation and apply modifications to the cipher list and order. It is recommended you review the order cipher order located at: SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002.

As TLS settings can affect network functionality be prepared for the possibility of network interruptions that may require manual remediation.

As with all modifications to registry settings it is a good idea to create a backup of the registry first. This AMP will create a backup.reg file as its first step. Subsequent runs of the AMP will overwrite the backup.reg file unless you specify a different file name and location in the input for each subsequent run.

While this may be used on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 it may cause issues with communications to Windows Update servers with error 0x80072EFE. If this occurs you should restore the backup.reg file created by the AMP and pursue other methods of enabling TLS 1.2 on the device.

Read more about TLS here.

Lock Workstation (AM)

Script Type: PowerShell

Activates the security lock on a workstation.

Does not require any Parameters.

This Automated Task is not compatible with Windows 7.

Lockdown Machine (AM)

Script Type: PowerShell

Locks down basic Windows Features on the target computer.

Does not require any Parameters.

The Lockdown Machine script deletes any mapped drives, clears Remote Desktop Client history, deletes temporary files, disables USB devices, disables wireless, disables CD-ROM, and removes all local profiles. If the machine only has local profiles and no Active Directory users, then it may require a reboot with the install media to repair Windows and restore the local user(s).

 

Reset Firewall Settings (AM)

Script Type: PowerShell

Resets Windows Firewall settings to default

Does not require any Parameters.

Run Windows Defender Full Scan (AM)

Script Type: PowerShell

Runs a Windows Defender Full Scan.

Does not require any Parameters.

Run Windows Defender Quick Scan (AM)

Script Type: PowerShell

Runs a Windows Defender Quick Scan.

Does not require any Parameters.

Workstation Secure Settings Maintenance (AM)

This policy is designed to run periodically (daily is recommended) to ensure that workstations are up to their basic secure configuration.

The policy performs the following actions:

  • Enables UAC
  • Flushes DNS
  • Sets PowerShell to remotesigned
  • Disables RDP
  • Disables Drive Autorun (USB/CD)
  • Disable sleeping and hibernation while computer is plugged in (facilitates updates)
  • Restart Windows Update Service if it is stopped
  • Enable Windows SmartScreen
  • Disables Fast Start (QuickBoot)
  • Deletes temporary files
  • Sync time to the proper time server

Note that the policy can be easily opened in Automation Manager and modified to your needs.