I’ve updated my Powershell-script for detecting the status of different security related device features and settings related to Windows 10. The basic idea of this script is to quickly get an overview of the overall security posture of a Windows 10 device, at the device level.
Currently the script detects the status of:
- Operating System
- CloudProtectionService (MAPS for Defender)
- Defender for Endpoint
- Windows Sandbox
- Credential Guard
- Device Guard
- Attack Surface Reduction
- Controlled Folder Access
Install the Script
Or you can download it manually from my Github.
Running the Script
Executing the script with the switch -Help (SecurityPosture -Help)
will display a brief description and all the current available options:
Next thing to try is running the script querying every function in it.
The status of more functions and features will be displayed:
Security Posture has support for running each individual check as a separate switch as well.
Here I query Operating System and Defender as an example:
As I stated in the beginning of this post. the script will write entries to a log file residing at the client at C:\Windows\Temp\Client-SecurityPosture.log which preferably is read using CMTrace or OneTrace.