mirror of
https://github.com/fleetdm/fleet
synced 2026-05-13 20:18:58 +00:00
6d633427d8
Changelog ADD: ADD - 18.10.75.1 (L1) Ensure 'Automatic Data Collection' is set to 'Enabled' ADD - 18.10.92.2 (L1) Ensure 'Enable features introduced via servicing that are off by default' is set to 'Disabled' ADD - 18.10.92.4 (L1) Ensure 'Enable optional updates' is set to 'Disabled' ADD - 18.8 (L2) Ensure 'Remove Personalized Website Recommendations from the Recommended section in the Start Menu' is set to 'Enabled' ADD - 18.9.19 (L1) 'Configure security policy processing: Do not apply during periodic background processing' is set to 'False' ADD - 18.9.19 (L1) 'Configure security policy processing: Process even if the Group Policy objects have not changed' is set to 'True' ADD - 18.9.25 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory' ADD - 18.9.25 (L1) Ensure 'Enable password encryption' is set to 'Enabled' ADD - 18.9.25 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higher ADD - 18.9.25 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0' ADD - 19.7.38 (L1) Ensure 'Turn off Windows Copilot' is set to 'Enabled' ADD - 2.3.11 (L1) Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts' ADD - 2.3.11 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higher REMOVE: REMOVE - 18.10.76.3 (L1) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled' REMOVE - 5 (L1) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled' REMOVE - 9.1 (L1) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' REMOVE - 9.2 (L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' REMOVE - 9.3 (L1) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' UPDATE: UPDATE - 18.10.42.7 (L2 -> L1) Ensure 'Enable file hash computation feature' is set to 'Enabled' UPDATE - 18.10.86 (L1 -> L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' UPDATE - 18.10.86 (L1 -> L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled' UPDATE - 18.5 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' TO 'MSS: (AutoAdminLogon) Enable Automatic Logon' UPDATE - 18.5 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' TO 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' UPDATE - 18.5 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' TO 'MSS: (DisableIPSourceRouting) IP source routing protection level' UPDATE - 18.5 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' TO 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses' UPDATE - 18.5 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' TO 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode' UPDATE - 18.5 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' TO 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' UPDATE - 18.5 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' TO 'Enabled: 300,000 or 5 minutes' UPDATE - 18.9.50.1 (L2 -> L1) Ensure 'Enable Windows NTP Client' is set to 'Enabled' UPDATE - 18.9.50.1 (L2 -> L1) Ensure 'Enable Windows NTP Server' is set to 'Disabled' --------- Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com> Co-authored-by: Sharon Katz <sharon@fleetdm.com> |
||
|---|---|---|
| .. | ||
| .keep | ||
| 10383-mdm-saved-certs-ui | ||
| 11942-duplicated-software | ||
| 14722-activity-feed-webhooks | ||
| 16795-update-go | ||
| 17309-support-env-vars-profiles | ||
| 17513-bulk-host-opts-filters | ||
| 17587-software-self-service-ui | ||
| 17860-improve-license-expiration-banner | ||
| 18053-ubuntu-kernel-vuln-detection | ||
| 18119-iphone-ipad-support | ||
| 18447-firefox-esr | ||
| 18461-windows-lock | ||
| 18515-remove-host-ids-from-list-labels | ||
| 18732-switch-teams-reset-page | ||
| 18741-form-field-tooltip-positions | ||
| 18833-filter-software-by-self-service | ||
| 18834-add-self-service-install-endpoint | ||
| 18834-fleetctl-add-self-service-field | ||
| 18838-additional-db-optimizations | ||
| 18847-software-self-install-activities | ||
| 18862-upgradeCIS-win11 | ||
| 18881-queries-table-filter-bugs | ||
| 18912-controls-language-and-cta-button-fix | ||
| 19001-builtin-label-names-selecting-targets | ||
| 19014-certs-endpoints | ||
| 19052-activity-feed-webhooks | ||
| 19072-additional-stats | ||
| 19152-gitops-duplicate-enroll-secret | ||
| 19171-host-query-bug-fixes | ||
| 19179-bm | ||
| 19267-bugfix-ui-wipe-menu | ||
| 19272-live-query-lag | ||
| 19311-scep-renew | ||
| 19464-private-key-errors | ||
| add-tuxedo-os | ||
| issue-18847-add-ui-activities-for-self-service | ||
| jve-fix-lock-script-typo | ||
| jve-pk-docs | ||
| post-apns-cert | ||
| save-certs-encrypted | ||