Powershell Security Hardening

The PowerShell Security Hardening skill automates the configuration of Windows systems to meet security best practices, specifically targeting Group Policy Objects (GPOs) and registry settings. It enables AI agents to enforce strict access controls, disable unnecessary services, and apply encryption standards across an organization's infrastructure.

When to use it

• Automating baseline hardening for new Windows servers before they join a production domain.
• Remediating security gaps identified during internal audits or compliance checks (e.g., CIS benchmarks).
• Enforcing password complexity policies and account lockout thresholds across multiple workstations.
• Disabling legacy protocols like SMBv1 to reduce the attack surface against ransomware.

Key capabilities

• Modifies Group Policy settings to restrict user privileges and enforce encryption.
• Updates Windows Registry keys to disable high-risk features and services.
• Applies security patches and updates related to system hardening configurations.
• Generates reports on current policy compliance versus desired security states.

Example prompts

• "Apply the Microsoft baseline security configuration to all servers in the 'Finance' organizational unit."
• "Disable SMBv1 and enforce TLS 1.2 for all network services on these Windows machines."
• "Update password policies to require 14 characters, include symbols, and lock accounts after five failed attempts."

Tips & gotchas

Ensure you have administrative rights and a full system backup before running hardening scripts, as registry changes can be irreversible without restoration. Always test configurations in a non-production environment first to avoid disrupting critical business operations.