{"id":19020623,"url":"https://github.com/simeononsecurity/stig-compliant-domain-prep","last_synced_at":"2025-04-23T05:59:13.927Z","repository":{"id":43520800,"uuid":"293885962","full_name":"simeononsecurity/STIG-Compliant-Domain-Prep","owner":"simeononsecurity","description":"Import all the GPOs provided by SimeonOnSecurity to assist in making your domain compliant with all applicable STIGs and SRGs.","archived":false,"fork":false,"pushed_at":"2024-10-18T16:30:55.000Z","size":41251,"stargazers_count":29,"open_issues_count":2,"forks_count":7,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-23T05:58:53.489Z","etag":null,"topics":["activedirectory","adobe-reader","applicable-stigs","automation","compliance","gpo","gpo-template","gpos","grouppolicy","microsoft","powershell","srgs","stig","stigs","windows","windows10","windowsdomain"],"latest_commit_sha":null,"homepage":"https://simeononsecurity.com/github/stig-compliant-domain-prep/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simeononsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["simeononsecurity"],"custom":["https://simeononsecurity.com","https://simeononsecurity.com/recommendhome","https://simeononsecurity.com/affiliate","https://twitter.com/simeonsecurity","https://discord.io/cybersentinels"]}},"created_at":"2020-09-08T17:50:35.000Z","updated_at":"2025-01-01T07:17:28.000Z","dependencies_parsed_at":"2025-04-17T09:06:12.597Z","dependency_job_id":null,"html_url":"https://github.com/simeononsecurity/STIG-Compliant-Domain-Prep","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simeononsecurity%2FSTIG-Compliant-Domain-Prep","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simeononsecurity%2FSTIG-Compliant-Domain-Prep/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simeononsecurity%2FSTIG-Compliant-Domain-Prep/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simeononsecurity%2FSTIG-Compliant-Domain-Prep/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simeononsecurity","download_url":"https://codeload.github.com/simeononsecurity/STIG-Compliant-Domain-Prep/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250379787,"owners_count":21420841,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["activedirectory","adobe-reader","applicable-stigs","automation","compliance","gpo","gpo-template","gpos","grouppolicy","microsoft","powershell","srgs","stig","stigs","windows","windows10","windowsdomain"],"created_at":"2024-11-08T20:17:48.878Z","updated_at":"2025-04-23T05:59:13.884Z","avatar_url":"https://github.com/simeononsecurity.png","language":"HTML","funding_links":["https://github.com/sponsors/simeononsecurity","https://simeononsecurity.com","https://simeononsecurity.com/recommendhome","https://simeononsecurity.com/affiliate","https://twitter.com/simeonsecurity","https://discord.io/cybersentinels"],"categories":[],"sub_categories":[],"readme":"\n# STIG Compliant Domain Prep\n*Import all the GPOs provided by SimeonOnSecurity to assist in making your domain compliant with all applicable STIGs and SRGs.*\n\n [![Sponsor](https://img.shields.io/badge/Sponsor-Click%20Here-ff69b4)](https://github.com/sponsors/simeononsecurity) [![VirusTotal Scan](https://github.com/simeononsecurity/STIG-Compliant-Domain-Prep/actions/workflows/virustotal.yml/badge.svg)](https://github.com/simeononsecurity/STIG-Compliant-Domain-Prep/actions/workflows/virustotal.yml)\n\n**Note:** This script should work for most, if not all, systems without issue. While [@SimeonOnSecurity](https://github.com/simeononsecurity) creates, reviews, and tests each repo intensivly, we can not test every possible configuration nor does [@SimeonOnSecurity](https://github.com/simeononsecurity) take any responsibility for breaking your system. If something goes wrong, be prepared to submit an [issue](../../issues). Do not run this script if you don't understand what it does.\n\n## Notes:\n\n**This script is designed for use in Enterprise environments**\n\n## Ansible:\nWe now offer a playbook collection for this script. Please see the following:\n- [Github Repo](https://github.com/simeononsecurity/Windows_STIG_Ansible)\n- [Ansible Galaxy](https://galaxy.ansible.com/simeononsecurity/windows_stigs)\n\n## Additional configurations were considered from:\n- [CERT - IE Scripting Engine Memory Corruption](https://kb.cert.org/vuls/id/573168/)\n- [Dirteam - SSL Hardening](https://dirteam.com/sander/2019/07/30/howto-disable-weak-protocols-cipher-suites-and-hashing-algorithms-on-web-application-proxies-ad-fs-servers-and-windows-servers-running-azure-ad-connect/)\n- [Microsoft - Managing Windows 10 Telemetry and Callbacks](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)\n- [Microsoft - Specture and Meltdown Mitigations](https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities)\n- [Microsoft - Windows 10 Privacy](https://docs.microsoft.com/en-us/windows/privacy/)\n- [Microsoft - Windows 10 VDI Recomendations](https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds_vdi-recommendations-1909)\n- [Microsoft - Windows Defender Application Control](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide)\n- [NSACyber - Application Whitelisting Using Microsoft AppLocker](https://apps.nsa.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm)\n- [NSACyber - Hardware-and-Firmware-Security-Guidance](https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance)\n- [Whonix - Disable TCP Timestamps](https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamps)\n\n## STIGS/SRGs Applied:\n- [Adobe Acrobat Pro DC Continuous V2R1](https://public.cyber.mil/stigs/downloads/)\n- [Adobe Acrobat Reader DC Continuous V2R1](https://public.cyber.mil/stigs/downloads/)\n- [Firefox V5R2](https://public.cyber.mil/stigs/downloads/) - **[Requires Separate Script](https://github.com/simeononsecurity/FireFox-STIG-Script)**\n- [Google Chrome V2R4](https://public.cyber.mil/stigs/downloads/)\n- [Internet Explorer 11 V1R19](https://public.cyber.mil/stigs/downloads/)\n- [Microsoft Edge V1R2](https://public.cyber.mil/stigs/downloads/)\n- [Microsoft .Net Framework 4 V1R9](https://public.cyber.mil/stigs/downloads/) - **[Requires Separate Script](https://github.com/simeononsecurity/.NET-STIG-Script)**\n- [Microsoft Office 2013 V2R1](https://public.cyber.mil/stigs/downloads/)\n- [Microsoft Office 2016 V2R1](https://public.cyber.mil/stigs/downloads/)\n- [Microsoft Office 2019/Office 365 Pro Plus V2R3](https://public.cyber.mil/stigs/downloads/)\n- [Microsoft OneDrive STIG V2R1](https://public.cyber.mil/stigs/downloads/)\n- [Oracle JRE 8 V1R5](https://public.cyber.mil/stigs/downloads/) - **[Requires Separate Script](https://github.com/simeononsecurity/Oracle-JRE-8-STIG-Script)**\n- [Windows 10 V2R2](https://public.cyber.mil/stigs/downloads/)\n- [Windows Defender Antivirus V2R2](https://public.cyber.mil/stigs/downloads/) - **[Requires Separate Script](https://github.com/simeononsecurity/Windows-Defender-STIG-Script)**\n- [Windows Firewall V1R7](https://public.cyber.mil/stigs/downloads/)\n- [Windows Server 2012(R2) V3R2](https://public.cyber.mil/stigs/downloads/)\n- [Windows Server 2016 V2R2](https://public.cyber.mil/stigs/downloads/)\n- [Windows Server 2019 V2R2](https://public.cyber.mil/stigs/downloads/)\n- [VMWare Horizon Agent V1R1](https://public.cyber.mil/stigs/downloads/)\n- [VMWare Horizon Client V1R1](https://public.cyber.mil/stigs/downloads/)\n\n## How to run the script:\n\n**The script may be launched from the extracted GitHub download like this:**\n```\n.\\sos-stig-compliant-domain-prep.ps1\n```\nThe script we will be using must be launched from the directory containing all the other files from the [GitHub Repository](https://github.com/simeononsecurity/STIG-Compliant-Domain-Prep)\n\n## Learn more about [Automating Windows Domain STIG Compliance](https://simeononsecurity.ch/github/stig-compliant-domain-prep/)\n\n\u003ca href=\"https://simeononsecurity.com\" target=\"_blank\" rel=\"noopener noreferrer\"\u003e\n  \u003ch2\u003eExplore the World of Cybersecurity\u003c/h2\u003e\n\u003c/a\u003e\n\u003ca href=\"https://simeononsecurity.com\" target=\"_blank\" rel=\"noopener noreferrer\"\u003e\n  \u003cimg src=\"https://simeononsecurity.ch/img/banner.png\" alt=\"SimeonOnSecurity Logo\" width=\"300\" height=\"300\"\u003e\n\u003c/a\u003e\n\n### Links:\n- #### [github.com/simeononsecurity](https://github.com/simeononsecurity)\n- #### [simeononsecurity.com](https://simeononsecurity.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimeononsecurity%2Fstig-compliant-domain-prep","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimeononsecurity%2Fstig-compliant-domain-prep","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimeononsecurity%2Fstig-compliant-domain-prep/lists"}