Skip to content

Releases: devnomadic/ACSC-WindowsHardening

Release list

Release 1.0.0.0

Choose a tag to compare

@github-actions github-actions released this 05 Dec 01:27

ACSC Windows Hardening v1.0.0.0

📦 Packages

ACSCHighPriorityHardening

  • File: ACSCHighPriorityHardening-v1.0.0.0.zip
  • Size: 496.98 KB
  • SHA256: 0D82E6A5A7DD0E062DDF32134F02FB6F7EB333BB60A5CFF2EC0EAA500FDB2CDA

ACSCMediumPriorityHardening

  • File: ACSCMediumPriorityHardening-v1.0.0.0.zip
  • Size: 495.99 KB
  • SHA256: 1A1C9E301C6494FCCC1FB6887D9B9F1ED7F3B694367D267A21B75457AB99D57C

📋 Policy Definitions

This release includes the following Azure Policy definitions:

  • acsc-high-priority-policy.json - High Priority hardening controls
  • acsc-medium-priority-policy.json - Medium Priority hardening controls

🚀 Deployment

Quick Start

  1. Download the packages and policy files
  2. Upload packages to Azure Storage
  3. Deploy policies using Azure Portal or CLI

Azure CLI Deployment

# Set variables
$subscriptionId = "your-subscription-id"
$resourceGroup = "your-resource-group"
$storageAccount = "your-storage-account"

# Deploy using the provided script
./scripts/Deploy-ACSCToAzure.ps1 \`
    -SubscriptionId $subscriptionId \`
    -ResourceGroupName $resourceGroup \`
    -StorageAccountName $storageAccount

📚 Documentation

✅ What's Included

High Priority Controls

  • Password policies (14 character minimum)
  • Account lockout policies
  • Audit policies
  • User rights assignments
  • UAC settings
  • Attack Surface Reduction (ASR) rules
  • Credential protection
  • BitLocker configuration
  • Windows Defender settings
  • PowerShell security logging

Medium Priority Controls

  • Extended password policies
  • Screen saver/session locking
  • RDP security hardening
  • Network security settings
  • Removable storage controls
  • Firewall configuration
  • Service hardening

🔧 Configuration Mode

Both configurations support ApplyAndAutoCorrect mode for automatic drift remediation:

  • Checks compliance every 15 minutes
  • Automatically corrects non-compliant settings
  • Maintains security posture continuously

📝 Notes

  • All Registry resources include Force = $true to handle existing values
  • Compatible with Windows Server 2016, 2019, 2022
  • Requires Azure Machine Configuration extension
  • Uses DirectResourceEngine for enhanced reliability

🐛 Known Issues

None reported for this release.

🤝 Contributing

See CONTRIBUTING.md for contribution guidelines.


Generated: 2025-12-13 15:47:47 UTC
Build: GitHub Actions