Security Posture

I’ve updated my Powershell-script for detecting the status of different security related device features and settings related to Windows 10. The basic idea of this script is to quickly get an overview of the overall security posture of a Windows 10 device, at the device level.

Currently the script detects the status of:

  • Operating System
  • TPM
  • Bitlocker
  • UEFI
  • SecureBoot
  • Defender
  • CloudProtectionService (MAPS for Defender)
  • Defender for Endpoint
  • ApplicationGuard
  • Windows Sandbox
  • Credential Guard
  • Device Guard
  • Attack Surface Reduction
  • Controlled Folder Access

The script will write entries to a log file residing at the client (C:\Windows\Temp\Client-SecurityPosture.log)
which preferably is read using CMTrace or OneTrace.

Install the Script

Install-Script -Name SecurityPosture -force

Or you can download it manually from my Github.

Running the Script
Executing the script with the switch -Help (SecurityPosture -Help)
will display a brief description and all the current available options:

Next thing to try is running the script querying every function in it.
The status of more functions and features will be displayed:

Security Posture has support for running each individual check as a separate switch as well.
Here I query Operating System and Defender as an example:

Logging
As I stated in the beginning of this post. the script will write entries to a log file residing at the client at C:\Windows\Temp\Client-SecurityPosture.log which preferably is read using CMTrace or OneTrace.

Example:

Suggestions and ideas regarding improvement are always welcome.

SecurityPosture at Github & PowerShell Gallery

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: