Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 08:28:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 107
19122 commits 3328 branches 575 tags 2.3 GiB
Commit graph

28 commits

Author SHA1 Message Date
Graham Williams
19f3cdb168
Create windows-device-wirelessdisplay-requirepin.xml (#34507) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created **Device** profile to enable the setting as required based on
[Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-wirelessdisplay#requirepinforpairing)
- Profiles return as **Verified** in FleetUI
- Event Viewer shows no errors
- Registry confirms PIN requirement

<img width="1468" height="296" alt="image"
src="https://github.com/user-attachments/assets/5da9d4d2-a74b-4f0b-a2ec-12008b911766"
/>

---------

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-27 08:51:12 +00:00
Graham Williams
60f7bf0711
Create windows-device-power-standbynetwork.xml (#34506) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created **Device** profile to disable the setting as required based on
[Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#bootstartdriverinitialization)
- Profiles return as **Verified** in FleetUI (Requires device restart)
- Event Viewer shows expected merge

<img width="1302" height="296" alt="image"
src="https://github.com/user-attachments/assets/892eb6c5-3bcf-4902-901d-f0b2700d23c4"
/>

---------

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-25 19:02:21 -04:00
Mason Buettner
74f26d9ff0
Add disable-toast-notifications-from-lock.xml (#34497) 
This profile disables toast notifications from the lock screen.


# Checklist for submitter

If some of the following don't apply, delete the relevant line.


## Testing


- [x] QA'd all new/changed functionality manually
 2025-10-25 19:01:39 -04:00
Graham Williams
680b36c802
Windows Configuration Profiles - Disabling System Services (#34446) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created **Device** profile to disable the services as required based
on [Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-systemservices)
- Profiles return as **Verified** in FleetUI
- Event Viewer shows no errors
- Services listed as disabled

Adds configuration profiles for disabling the following services on
startup

Windows Mobile Hotspot Service (icssvc) -
0199f25b-795f-7dee-92cc-0a69d91d6c8a
Internet Connection Sharing (ICS) (SharedAccess) -
0199f25b-795f-76d9-99cb-d122e5b6e6f1
Routing and Remote Access (RemoteAccess) -
0199f25b-795f-7699-8735-e316ffc0564e
Remote Procedure Call (RPC) Locator (RpcLocator) -
0199f25b-795f-7882-9309-44b8f0633b01
SSDP Discovery (SSDPSRV) - 0199f25b-795f-703f-99a1-abecba6b71f8
UPnP Device Host (upnphost) - 0199f25b-795f-7802-9b16-efae4418f444
Windows Media Player Network Sharing Service (WMPNetworkSvc) -
0199f25b-795f-7af7-99ba-2f418f05e77b
World Wide Web Publishing Service (W3SVC) -
0199f25b-795f-7966-a812-4b1d5c5c54cb (Non-standard Service)
Microsoft FTP Service (FTPSVC) - 0199f25b-795f-7d7c-b6ca-597d08a1839d
(Non-standard Service)

---------

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-25 19:01:03 -04:00
Graham Williams
966373876e
Create windows-device-systemservices-xbox-disabled.xml (#34432) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created **Device** profile to disable the services as required based
on [Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-systemservices#configurexboxaccessorymanagementservicestartupmode)
- Profiles return as **Verified** in FleetUI
- Event Viewer shows no errors
- Services listed as disabled

<img width="653" height="375" alt="image"
src="https://github.com/user-attachments/assets/d059751a-e853-4bd1-ab36-1ee5d5dc9566"
/>

<img width="1654" height="1113" alt="image"
src="https://github.com/user-attachments/assets/a47ec8fd-c889-472f-802c-89787eb42fbe"
/>

---------

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-25 18:58:15 -04:00
Magnus Jensen
8f1bccb5fb
add defender smartscreen windows CSP policies (#34428) 
Adds 4 defender smartscreen policies, to enable notifying and one for
disabling automatic data collection.
 2025-10-25 18:57:22 -04:00
Steven Palmesano
3a1b4b6880
Add CSP to disable Game DVR (#34427) 
Verified working with Windows 11 Pro.

---------

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-25 18:56:48 -04:00
Graham Williams
07fce813d4
Create windows-device-system-bootstartdriver-disabled.xml (#34424) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created **Device** profile to disable the setting as required based on
[Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#bootstartdriverinitialization)
- Profiles return as **Verified** in FleetUI
- Event Viewer shows no errors
- Registry shows EarlyLaunch entry with expected defaults

<img width="546" height="375" alt="image"
src="https://github.com/user-attachments/assets/058d4283-6ea4-4900-abaf-6e9de1f1b1b3"
/>

<img width="1654" height="1113" alt="image"
src="https://github.com/user-attachments/assets/9e5cb2ff-578b-4fe6-9dfb-50d2c6d910ee"
/>
 2025-10-25 18:55:55 -04:00
Graham Williams
40fde14407
Adds msialwaysinstall profiles (#34423) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created both **User** and **Device** profiles as required based on
[Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#msialwaysinstallwithelevatedprivileges)
- Profiles return as **Verified** in FleetUI
- Event Viewer shows no errors
- Registry shows provider set for both **Device** and **User** scopes

<img width="1009" height="464" alt="image"
src="https://github.com/user-attachments/assets/90df1b0c-651f-4bfb-bf19-ceb30e34be8e"
/>

<img width="1654" height="1113" alt="image"
src="https://github.com/user-attachments/assets/ed325e97-6d3a-4c53-b700-75f38490cc6d"
/>
 2025-10-25 18:54:21 -04:00
Steven Palmesano
e15d4afcb6
Add CSP to disable lock screen slide show (#34551) 
Using a workaround described
[here](https://github.com/fleetdm/fleet/issues/33731#issuecomment-3423354681)
to get the verification to succeed.

---------

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-23 16:15:57 -04:00
Jake Stenger
c9e589f142
two more (#34678) 2025-10-23 15:47:22 -04:00
Graham Williams
92bf89f235
Create enable built-in Admin Approval Mode - [UseAdminApprovalMode].xml (#34680) 
- Enables the
[UserAccountControl_UseAdminApprovalMode](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#useraccountcontrol_useadminapprovalmode)
setting
- MDMPolicyManager Merge successful
- Policy verifies in FleetUI

<img width="1143" height="377" alt="image"
src="https://github.com/user-attachments/assets/53bb96ab-b657-463b-ab89-0c3f2bc8584d"
/>
 2025-10-23 13:49:03 +01:00
Graham Williams
c78a047dff
Create disable diagnostic data - [CommercialId].xml (#34679) 
- Disables the
[CommercialId](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-datacollection#commercialidpolicy)
setting
- MDMPolicyManager Merge successful
- Policy verifies in FleetUI

<img width="1112" height="362" alt="image"
src="https://github.com/user-attachments/assets/e31a9e0c-89f7-4f0b-84e4-fa35e6e19bea"
/>
 2025-10-23 13:48:51 +01:00
Jake Stenger
d8865f369a
Doc/solutions/windows cleanup (#34676) 
Consolidates all the CSPs from the spreadsheet into one location.
Removes CmdID keys from all CSPs.
 2025-10-22 19:59:12 -07:00
Harrison Ravazzolo
346da470b8
Refactor SCEP configuration for Okta certificate (#34674) 
Updated SCEP configuration for Okta attestation certificate
installation, including placeholders for various parameters.
 2025-10-22 18:30:54 -07:00
Jake Stenger
81faf4e9cb
organize files into platform, function folders. Standardize filenames… (#34659) 
… for easier readibility. Standardize on 2-space indentation.
 2025-10-22 17:07:33 -04:00
Mason Buettner
b3fa01a144
Add disable-insider-ui-page.ps1 (#34499) 
This script disables the UI page where users can opt into the Windows
insider program.


# Checklist for submitter

If some of the following don't apply, delete the relevant line.

## Testing

- [x] QA'd all new/changed functionality manually

---------

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-22 13:57:12 -04:00
Graham Williams
4dc76ec838
Create windows-device-privacy-speechrecognition-disabled.xml (#34505) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created **Device** profile to disable the setting as required based on
[Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#bootstartdriverinitialization)
- Profiles return as **Verified** in FleetUI
- Event Viewer shows no errors
- Ability to enable service disabled

<img width="1025" height="406" alt="image"
src="https://github.com/user-attachments/assets/13efdd05-7248-4dc5-b41f-0d550b3c3f0e"
/>

---------

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-22 13:02:55 -04:00
Brock Walters
d4dabf4783
Add configuration to block user account details on sign-in (#34622) 2025-10-22 12:59:12 -04:00
Harrison Ravazzolo
bb4717da1f
Enable SmartScreen, Prompt for user elevation CSP (#34445) 2025-10-22 12:51:25 -04:00
Graham Williams
27bbebc122
Create windows-device-systemservices-simptcp-disabled.xml (#34502) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created **Device** profile to disable the setting as required based on
[Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#bootstartdriverinitialization)
- Profiles return as **Verified** in FleetUI (Requires device restart)
- Event Viewer shows no errors
- Service shows as disabled
 2025-10-22 10:09:59 +01:00
Graham Williams
e08b34c8e2
Create windows-device-remoteassistance-disabled.xml (#34503) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created **Device** profile to disable the setting as required based on
[Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#bootstartdriverinitialization)
- Profiles return as **Verified** in FleetUI (Requires device restart)
- Event Viewer shows no errors
- Requesting Remote Assist fails

<img width="1461" height="1034" alt="image"
src="https://github.com/user-attachments/assets/3eb29616-0dbc-495a-bf35-51b60d49bd11"
/>

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-22 10:09:36 +01:00
Graham Williams
3144b1eacc
Create windows-device-networkaccess-everyonepermissions.xml (#34508) 
- Uses randomly generated UUID for the CmdID as required by [CmdID
Specs](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/d7321df8-ecb2-4c81-8a24-54630bc7456f)
- Created **Device** profile to disable the setting as required based on
[Microsoft
Docs](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#networkaccess_leteveryonepermissionsapplytoanonymoususers)
- Profiles return as **Verified** in FleetUI
- Event Viewer shows no errors

<img width="1468" height="296" alt="image"
src="https://github.com/user-attachments/assets/cfd23f13-c47a-4aa7-a7b3-604ec7421a15"
/>

Co-authored-by: Dale Ribeiro <dale@fleetdm.com>
 2025-10-22 10:09:21 +01:00
Dale Ribeiro
b0895b9e23
Added acccount-lock-out.xml (#34619) 2025-10-21 18:02:44 -04:00
Harrison Ravazzolo
fdc184fe58
Windows CSP - Spotlight config + Okta scep (#34589) 2025-10-21 08:47:50 -07:00
Brock Walters
92a58851fa
Added new Set_ScreenSaverGracePeriod.ps1 script (#34340) 
This script is part of the CSA project to create Windows controls for
customer-rembrandt.
 2025-10-16 11:08:36 -05:00
Graham Williams
2f6cacb09d
Create Profile: Disable Local Administrator (#34344) 
- Administrator account starts as enabled: True
- Profile verifies: True
- Administrator account disabled after apply: True

<img width="1654" height="1113" alt="image"
src="https://github.com/user-attachments/assets/9551d87a-341a-49e3-8d0b-15c86ea1b81c"
/>

<img width="2043" height="424" alt="image"
src="https://github.com/user-attachments/assets/acbfa66d-2684-43b8-a964-f7679fd861e8"
/>
 2025-10-16 11:08:04 -05:00
Harrison Ravazzolo
9e3cab666e
Update doc assets (#33740) 
After talking with eng team and @nonpunctual, the /assets folder is
reserved for things inside the fleet app, so creating a new folder in
`/docs/solutions`

@AdamBaali - I updated your article paths and moved the assets to the
new folder, do you mind taking a peek and making sure it looks good?

Note: brock, we should also update handbook for new ritual to add
articles with assets like this.

---------

Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
 2025-10-07 13:02:36 -06:00