Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-21 07:58:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111

organize files into platform, function folders. Standardize filenames… (#34659)

Browse source 
… for easier readibility. Standardize on 2-space indentation.
This commit is contained in:
Jake Stenger 2025-10-22 14:07:33 -07:00 committed by GitHub
parent 045d79ea67
commit 81faf4e9cb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
28 changed files with 191 additions and 181 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/solutions/configuration-profiles/BlockMDMUnenrollment.xml → docs/solutions/Windows/configuration-profiles/Disallow manual MDM unenrollment - [AllowManualMDMUnenrollment].xml
View file

@ -10,4 +10,4 @@
</Meta>
<Data>0</Data>
</Item>
</Replace>
</Replace>

11
docs/solutions/Windows/configuration-profiles/account lock out - [AccountLockoutPolicy].xml Normal file
View file

@ -0,0 +1,11 @@
<Add>
<Item>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/DeviceLock/AccountLockoutPolicy</LocURI>
</Target>
<Data>AccountLockoutDuration:30, AccountLockoutThreshold:10, ResetAccountLockoutCounterAfter:3</Data>
</Item>
</Add>

0
docs/solutions/windows/configuration-profiles/allow-spotlight-collections.xml → docs/solutions/Windows/configuration-profiles/allow Windows Spotlight collections - [AllowSpotlightCollection].xml
View file

12
docs/solutions/Windows/configuration-profiles/disable built-in Administrator account – [Accounts_EnableAdministratorAccountStatus].xml Normal file
View file

@ -0,0 +1,12 @@
<Replace>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>0</Data>
</Item>
</Replace>

1
docs/solutions/windows/configuration-profiles/windows-device-privacy-speechrecognition-disabled.xml → docs/solutions/Windows/configuration-profiles/disable online speech recognition and personalization - [AllowInputPersonalization].xml
View file

@ -9,4 +9,3 @@
<Data>0</Data>
</Item>
</Replace>

0
docs/solutions/windows/configuration-profiles/windows-device-remoteassistance-disabled.xml → docs/solutions/Windows/configuration-profiles/disable remote assistance - [AllowRemoteAssistance].xml
View file

0
docs/solutions/windows/configuration-profiles/windows-device-systemservices-simptcp-disabled.xml → docs/solutions/Windows/configuration-profiles/disable simple TCPIP services – [SimpleTcp].xml
View file

12
docs/solutions/Windows/configuration-profiles/enable Microsoft Defender SmartScreen - [EnableSmartScreen].xml Normal file
View file

@ -0,0 +1,12 @@
<Replace>
<!-- Service Enabled key, 1 = enabled -->
<Item>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled</LocURI>
</Target>
<Data>1</Data>
</Item>
</Replace>

2
docs/solutions/windows/configuration-profiles/block-user-from-showing-account-details-on-sign-in.xml → docs/solutions/Windows/configuration-profiles/hide account details on sign in - [BlockUserFromShowingAccountDetailsOnSignin].xml
View file

@ -9,7 +9,7 @@
<LocURI>./Device/Vendor/MSFT/Policy/Config/ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin</LocURI>
</Target>
<Data>
<![CDATA[<enabled/>]]>
<![CDATA[<enabled/>]]>
</Data>
</Item>
</Replace>

103
docs/solutions/Windows/configuration-profiles/install Okta attestation certificate - [Bundle].xml Normal file
View file

@ -0,0 +1,103 @@
<Replace>
<!-- Set Node here -->
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">node</Format>
</Meta>
</Item>
</Replace>
<Add>
<!-- SCEP URL -->
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/ServerURL</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>yourUrlHere</Data>
</Item>
</Add>
<!-- SCEP Challenge -->
<Add>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/Challenge</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>yourChallengeHere</Data>
</Item>
</Add>
<!-- CN - check Okta doc for required values (https://help.okta.com/oie/en-us/content/topics/identity-engine/devices/devices-client-certificates-faqs.htm) -->
<Add>
<CmdID>4</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/SubjectName</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>$FLEET_VAR_HOST_UUID </Data>
</Item>
</Add>
<!-- Key Length -->
<Add>
<CmdID>5</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/KeyLength</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>2048</Data>
</Item>
</Add>
<!-- Hash Algorithm -->
<Add>
<CmdID>6</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/HashAlgorithm</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>SHA256</Data>
</Item>
</Add>
<!-- Key Usage -->
<Add>
<CmdID>7</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/KeyUsage</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>160</Data>
</Item>
</Add>
<!-- Extended Key Usage -->
<Add>
<CmdID>8</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/EKUMapping</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>1.3.6.1.5.5.7.3.2</Data>
</Item>
</Add>

12
docs/solutions/Windows/configuration-profiles/require admin consent before UAC elevation - [ConsentPromptBehaviorAdmin].xml Normal file
View file

@ -0,0 +1,12 @@
<Replace>
<!-- User Account Control key, 1 = enabled -->
<Item>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</LocURI>
</Target>
<Data>1</Data>
</Item>
</Replace>

1
docs/solutions/windows/configuration-profiles/windows-device-networkaccess-everyonepermissions.xml → docs/solutions/Windows/configuration-profiles/restrict Everyone permissions in network access - [NetworkAccess_RestrictAnonymousAccess].xml
View file

@ -10,4 +10,3 @@
<Data>0</Data>
</Item>
</Replace>

11
docs/solutions/Windows/configuration-profiles/set maximum device lock timeout (10 min max) - [MaxInactivityTimeDeviceLock].xml Normal file
View file

@ -0,0 +1,11 @@
<Replace>
<Item>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/DeviceLock/MaxInactivityTimeDeviceLock</LocURI>
</Target>
<Data>10</Data>
</Item>
</Replace>

0
docs/solutions/policies/windows-fleet-hardening.policies.yml → docs/solutions/Windows/policies/windows-fleet-hardening.policies.yml
View file

0
docs/solutions/windows/scripts/disable-insider-ui-page.ps1 → docs/solutions/Windows/scripts/disable-insider-ui-page.ps1
View file

28
docs/solutions/Windows/scripts/disallow local Fleet osquery modification.ps1 Normal file
View file

@ -0,0 +1,28 @@
# Prevents uninstall/change of Fleet osquery via Windows UI.
# Sets NoRemove and NoModify = 1 under Fleet osquery uninstall entry.
# Hides uninstall/change options across Control Panel and Settings > Apps.
# Works on all Windows editions.
$UninstallPaths = @(
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*",
"HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*"
)
$FleetEntry = Get-ItemProperty -Path $UninstallPaths -ErrorAction SilentlyContinue |
Where-Object { $_.DisplayName -like "Fleet osquery*" }
if ($FleetEntry) {
Write-Output "[INFO] Fleet osquery found: $($FleetEntry.DisplayName)"
$RegKeyPath = $FleetEntry.PSPath
New-ItemProperty -Path $RegKeyPath -Name "NoRemove" -Value 1 -PropertyType DWord -Force | Out-Null
Write-Output "[SET] NoRemove = 1"
New-ItemProperty -Path $RegKeyPath -Name "NoModify" -Value 1 -PropertyType DWord -Force | Out-Null
Write-Output "[SET] NoModify = 1"
Write-Output "[DONE] Fleet osquery uninstall options hardened."
}
else {
Write-Output "[WARN] Fleet osquery not found. Nothing changed."
}

0
docs/solutions/windows/scripts/Set_ScreenSaverGracePeriod.ps1 → docs/solutions/Windows/scripts/set screen saver grace period – [ScreenSaverGracePeriod].ps1
View file

11
docs/solutions/account-lock-out.xml
View file

@ -1,11 +0,0 @@
<Add>
<Item>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/DeviceLock/AccountLockoutPolicy</LocURI>
</Target>
<Data>AccountLockoutDuration:30, AccountLockoutThreshold:10, ResetAccountLockoutCounterAfter:3</Data>
</Item>
</Add>

0
docs/solutions/configuration-profiles/crowdstrike-full-disk-access.mobileconfig → docs/solutions/macOS/configuration-profiles/crowdstrike-full-disk-access.mobileconfig
View file

0
docs/solutions/configuration-profiles/crowdstrike-notification.mobileconfig → docs/solutions/macOS/configuration-profiles/crowdstrike-notification.mobileconfig
View file

0
docs/solutions/configuration-profiles/crowdstrike-service-management.mobileconfig → docs/solutions/macOS/configuration-profiles/crowdstrike-service-management.mobileconfig
View file

0
docs/solutions/configuration-profiles/crowdstrike-system-extension.mobileconfig → docs/solutions/macOS/configuration-profiles/crowdstrike-system-extension.mobileconfig
View file

0
docs/solutions/configuration-profiles/crowdstrike-web-filter.mobileconfig → docs/solutions/macOS/configuration-profiles/crowdstrike-web-filter.mobileconfig
View file

27
docs/solutions/scripts/windows-fleet-hardening.ps1
View file

@ -1,27 +0,0 @@
# Prevents uninstall/change of Fleet osquery via Windows UI.
# Sets NoRemove and NoModify = 1 under Fleet osquery uninstall entry.
# Hides uninstall/change options across Control Panel and Settings > Apps.
# Works on all Windows editions.
$UninstallPaths = @(
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*",
"HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*"
)
$FleetEntry = Get-ItemProperty -Path $UninstallPaths -ErrorAction SilentlyContinue |
Where-Object { $_.DisplayName -like "Fleet osquery*" }
if ($FleetEntry) {
Write-Output "[INFO] Fleet osquery found: $($FleetEntry.DisplayName)"
$RegKeyPath = $FleetEntry.PSPath
New-ItemProperty -Path $RegKeyPath -Name "NoRemove" -Value 1 -PropertyType DWord -Force | Out-Null
Write-Output "[SET] NoRemove = 1"
New-ItemProperty -Path $RegKeyPath -Name "NoModify" -Value 1 -PropertyType DWord -Force | Out-Null
Write-Output "[SET] NoModify = 1"
Write-Output "[DONE] Fleet osquery uninstall options hardened."
} else {
Write-Output "[WARN] Fleet osquery not found. Nothing changed."
}

12
docs/solutions/windows/configuration-profiles/defender-smartscreen-service-enabled.xml
View file

@ -1,12 +0,0 @@
<Replace>
<!-- Service Enabled key, 1 = enabled -->
<Item>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled</LocURI>
</Target>
<Data>1</Data>
</Item>
</Replace>

103
docs/solutions/windows/configuration-profiles/okta-attestation-cert.xml
View file

@ -1,103 +0,0 @@
<Replace>
<!-- Set Node here -->
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">node</Format>
</Meta>
</Item>
</Replace>
<Add>
<!-- SCEP URL -->
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/ServerURL</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>yourUrlHere</Data>
</Item>
</Add>
<!-- SCEP Challenge -->
<Add>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/Challenge</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>yourChallengeHere</Data>
</Item>
</Add>
<!-- CN - check Okta doc for required values (https://help.okta.com/oie/en-us/content/topics/identity-engine/devices/devices-client-certificates-faqs.htm) -->
<Add>
<CmdID>4</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/SubjectName</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>$FLEET_VAR_HOST_UUID </Data>
</Item>
</Add>
<!-- Key Length -->
<Add>
<CmdID>5</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/KeyLength</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>2048</Data>
</Item>
</Add>
<!-- Hash Algorithm -->
<Add>
<CmdID>6</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/HashAlgorithm</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>SHA256</Data>
</Item>
</Add>
<!-- Key Usage -->
<Add>
<CmdID>7</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/KeyUsage</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>160</Data>
</Item>
</Add>
<!-- Extended Key Usage -->
<Add>
<CmdID>8</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/EKUMapping</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>1.3.6.1.5.5.7.3.2</Data>
</Item>
</Add>

12
docs/solutions/windows/configuration-profiles/uac-prompt-for-elevation.xml
View file

@ -1,12 +0,0 @@
<Replace>
<!-- User Account Control key, 1 = enabled -->
<Item>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</LocURI>
</Target>
<Data>1</Data>
</Item>
</Replace>

12
docs/solutions/windows/configuration-profiles/windows-localpoliciessecurityoptions-disable-adminaccountstatus.xml
View file

@ -1,12 +0,0 @@
<Replace>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>0</Data>
</Item>
</Replace>