ZCSPM offers PowerShell scripts for hardening the Windows Server 2012 R2 OS on your Microsoft Azure Virtual Machine. Make sure you test the scripts on a testing environment before running them on a production environment.

Hardening Script for CIS Compliance

CIS_Benchmark_WindowsServer2012_R2_v1_0_0.ps1: ZCSPM can remediate about 152 security policies to harden Windows Server 2012 R2 on an Azure virtual machine for CIS Windows Server 2012 R2 Benchmark.

• See the 152 security policies remediated
  Policy Title 1

  Audit Policy: Account Logon: Credential Validation

  Audit Policy: Account Management: Other Account Management Events

  Audit Policy: Account Management: Security Group Management

  Audit Policy: Account Management: User Account Management

  Audit Policy: Detailed Tracking: Process Creation

  Audit Policy: Logon-Logoff: Account Lockout

  Audit Policy: Logon-Logoff: Logoff

  Audit Policy: Logon-Logoff: Logon

  Audit Policy: Logon-Logoff: Special Logon

  Audit Policy: Policy Change: Audit Policy Change'

  1 to 10 of 152

  Page 1 of 16

  Close

To harden the Windows Server 2012 R2 OS baseline configuration running on a virtual machine (VM):

1. Ensure you have PowerShell version v5 or higher. Verify your PowerShell version using the following command:

PSVersionTable.PSVersion

2. Ensure there are no restrictions on PowerShell to run the script. Remove restrictions on PowerShell using the following command:

Set-ExecutionPolicy `
-Scope Process `
-ExecutionPolicy Bypass

3. Install the following DSC modules to run PowerShell commands while running a Quick Wins script:
   • AuditPolicyDsc
   • SecurityPolicyDsc
   • NetworkingDsc
   • PSDesiredStateConfiguration
   To verify if a module is already installed, run the following command:

Get-InstalledModule -Name <module-name>

Install a required module by running the following command:

Install-Module -Name <module-name>

4. Download the script from GitHub using the following command:

wget https://raw.githubusercontent.com/Cloudneeti/os-harderning-scripts/master/WindowsServer2012R2/CIS_Benchmark_WindowsServer2012_R2_v1_0_0.ps1 -O CIS_Benchmark_WindowsServer2012_R2_v1_0_0.ps1

5. Run the PowerShell script to compile the DSC modules using the following command:

.\CIS_Benchmark_WindowsServer2012_R2_v1_0_0.ps1

6. Apply the baseline configuration to your VM using the following command:

Start-DscConfiguration -Path .\CIS_Benchmark_WindowsServer2012_R2_v1_0_0  -Force -Verbose -Wait