forked from HotCakeX/Harden-Windows-Security
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Harden-Windows-Security.ps1
153 lines (142 loc) · 8.14 KB
/
Harden-Windows-Security.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Function P {
[CmdletBinding()]
param([switch]$G)
begin {
$ErrorActionPreference = 'Stop'
Set-ExecutionPolicy -ExecutionPolicy 'Unrestricted' -Scope 'Process' -Force
[System.Boolean]$WingetSourceUpdated = $false
[System.Boolean]$PSInstalled = $false
[System.Version]$RequiredPSVer = '7.4.2.0'
[System.String]$PSDownloadURLMSIX = 'https://github.com/PowerShell/PowerShell/releases/download/v7.4.5/PowerShell-7.4.5-win.msixbundle'
[System.String]$MicrosoftUIXamlDownloadedFileName = 'Microsoft.UI.Xaml.2.8.appx'
if ($Env:PROCESSOR_ARCHITECTURE -eq 'ARM64') {
Write-Verbose -Message 'ARM64 architecture detected, using ARM64 version of Microsoft.UI.Xaml.2.8.appx'
[System.String]$MicrosoftUIXamlDownloadLink = 'https://github.com/microsoft/microsoft-ui-xaml/releases/download/v2.8.6/Microsoft.UI.Xaml.2.8.arm64.appx'
}
else {
Write-Verbose -Message 'x64 architecture detected, using x64 version of Microsoft.UI.Xaml.2.8.appx'
[System.String]$MicrosoftUIXamlDownloadLink = 'https://github.com/microsoft/microsoft-ui-xaml/releases/download/v2.8.6/Microsoft.UI.Xaml.2.8.x64.appx'
}
$UserSID = [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value
$User = Get-LocalUser | Where-Object -FilterScript { $_.SID -eq $UserSID }
Function Install-StoreSource {
# https://apps.microsoft.com/detail/9mz1snwt0n5d
Write-Verbose -Message 'Microsoft account detected, using Microsoft Store source for PowerShell installation through Winget'
$null = Winget install --id 9MZ1SNWT0N5D --accept-package-agreements --accept-source-agreements --source msstore
}
}
process {
if ($PSVersionTable.PSEdition -eq 'Desktop') {
if (!(Get-Command -Name 'pwsh.exe' -ErrorAction Ignore)) {
try {
Write-Verbose -Message 'Trying to Install PowerShell Core using Winget because it could not be found on the system' -Verbose
Write-Verbose -Message 'Updating Winget source...'
$null = winget source update
$WingetSourceUpdated = $true
if ($User.PrincipalSource -eq 'MicrosoftAccount') {
Install-StoreSource
}
else {
Write-Verbose -Message 'Local account detected, cannot install PowerShell Core from Microsoft Store using Winget and msstore as the source'
Throw
}
if ($LASTEXITCODE -ne 0) {
Write-Verbose -Message "Failed to Install PowerShell Core using Winget: $LASTEXITCODE"
throw
}
$PSInstalled = $true
}
catch {
try {
try {
# Change location to temp because Windows PowerShell's default dir is System32 and if running as non-admin cannot be used for download location
Push-Location -Path ([System.IO.Path]::GetTempPath())
Write-Verbose -Message 'Failed to Install PowerShell Core using Winget' -Verbose
$ProgressPreference = 'silentlyContinue'
Write-Verbose -Message 'Downloading WinGet and its dependencies...'
# https://learn.microsoft.com/en-us/windows/package-manager/winget/#install-winget-on-windows-sandbox
Invoke-WebRequest -Uri 'https://aka.ms/getwinget' -OutFile 'Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle'
Invoke-WebRequest -Uri 'https://aka.ms/Microsoft.VCLibs.x64.14.00.Desktop.appx' -OutFile 'Microsoft.VCLibs.x64.14.00.Desktop.appx'
Invoke-WebRequest -Uri $MicrosoftUIXamlDownloadLink -OutFile $MicrosoftUIXamlDownloadedFileName
Add-AppxPackage -Path 'Microsoft.VCLibs.x64.14.00.Desktop.appx'
Add-AppxPackage -Path $MicrosoftUIXamlDownloadedFileName
Add-AppxPackage -Path 'Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle'
}
finally {
try {
Pop-Location
Remove-Item -Path 'Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle' -Force
Remove-Item -Path 'Microsoft.VCLibs.x64.14.00.Desktop.appx' -Force
Remove-Item -Path $MicrosoftUIXamlDownloadedFileName -Force
}
catch {}
}
Write-Verbose -Message 'Trying to Install PowerShell Core using Winget again after installing Winget' -Verbose
if (!$WingetSourceUpdated) {
Write-Verbose -Message 'Updating Winget source...'
$null = winget source update
}
if ($User.PrincipalSource -eq 'MicrosoftAccount') {
Install-StoreSource
}
else {
Write-Verbose -Message 'Local account detected, cannot install PowerShell Core from Microsoft Store using Winget and msstore as the source'
Throw
}
if ($LASTEXITCODE -ne 0) {
Write-Verbose -Message "Failed to Install PowerShell Core using Winget: $LASTEXITCODE"
throw
}
$PSInstalled = $true
}
catch {
try {
Push-Location -Path ([System.IO.Path]::GetTempPath())
Write-Verbose -Message 'Downloading and Installing PowerShell directly from GitHub using MSIX file'
Invoke-WebRequest -Uri $PSDownloadURLMSIX -OutFile 'PowerShell.msixbundle'
Add-AppxPackage -Path 'PowerShell.msixbundle'
$PSInstalled = $true
}
catch {
throw 'Failed to automatically Install PowerShell Core after exhausting all options'
}
finally {
try {
Remove-Item -Path 'PowerShell.msixbundle' -Force
}
catch {}
Pop-Location
}
}
}
}
else {
$PSInstalled = $true
}
}
else {
if (($PSVersionTable.PSVersion) -lt $RequiredPSVer) {
Throw "Current PowerShell version is $($PSVersionTable.PSVersion), which is less than $RequiredPSVer. Please update it and try again."
}
else {
$PSInstalled = $true
}
}
}
end {
if ($PSInstalled) {
Write-Verbose -Message 'Trying to run the command in PowerShell Core'
pwsh.exe -NoLogo -NoExit -Command {
Set-ExecutionPolicy -ExecutionPolicy 'Unrestricted' -Scope 'Process' -Force
if (!(Get-Module -ListAvailable -Name 'Harden-Windows-Security-Module' -ErrorAction Ignore)) {
Write-Verbose -Message 'Installing the Harden Windows Security Module because it could not be found' -Verbose
Install-Module -Name 'Harden-Windows-Security-Module' -Force
}
Protect-WindowsSecurity -GUI
}
}
else {
throw 'Failed to automatically Install PowerShell Core after exhausting all options'
}
}
}