Merge pull request #154 from HotCakeX/Harden-Windows-Security-Module-…

…v.0.2.5 Harden windows security module v.0.2.5
HotCakeX · Nov 18, 2023 · 28fe4d5 · 28fe4d5
2 parents def4403 + 6fa0809
commit 28fe4d5
Show file tree

Hide file tree

Showing 13 changed files with 2,188 additions and 970 deletions.
diff --git a/Harden-Windows-Security Module/Main files/Confirm-SystemCompliance.psm1 b/Harden-Windows-Security Module/Main files/Confirm-SystemCompliance.psm1
diff --git a/Harden-Windows-Security Module/Main files/Functions.ps1 b/Harden-Windows-Security Module/Main files/Functions.ps1
@@ -3,45 +3,18 @@ $global:ErrorActionPreference = 'Stop'
 
 # Function to test if current session has administrator privileges
 Function Test-IsAdmin {
-    $identity = [Security.Principal.WindowsIdentity]::GetCurrent()
-    $principal = New-Object Security.Principal.WindowsPrincipal $identity
-    $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
+    $Identity = [Security.Principal.WindowsIdentity]::GetCurrent()
+    $Principal = New-Object Security.Principal.WindowsPrincipal $Identity
+    $Principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
 }
 
-# Hiding Invoke-WebRequest progress because it creates lingering visual effect on PowerShell console for some reason
-# https://github.com/PowerShell/PowerShell/issues/14348
-
-# https://stackoverflow.com/questions/18770723/hide-progress-of-Invoke-WebRequest
-# Create an in-memory module so $ScriptBlock doesn't run in new scope
-$null = New-Module {
-    function Invoke-WithoutProgress {
-        [CmdletBinding()]
-        param (
-            [Parameter(Mandatory)][scriptblock]$ScriptBlock
-        )
-        # Save current progress preference and hide the progress
-        $prevProgressPreference = $global:ProgressPreference
-        $global:ProgressPreference = 'SilentlyContinue'
-        try {
-            # Run the script block in the scope of the caller of this module function
-            . $ScriptBlock
-        }
-        finally {
-            # Restore the original behavior
-            $global:ProgressPreference = $prevProgressPreference
-        }
-    }
-} 
-
 # Make sure the latest version of the module is installed and if not, automatically update it, clean up any old versions
 function Update-self {   
 
-    [version]$CurrentVersion = (Test-ModuleManifest "$psscriptroot\Harden-Windows-Security-Module.psd1").Version
+    [System.Version]$CurrentVersion = (Test-ModuleManifest -Path "$psscriptroot\Harden-Windows-Security-Module.psd1").Version
 
     try {
-        Invoke-WithoutProgress {             
-            [version]$global:LatestVersion = Invoke-RestMethod -Uri 'https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/Harden-Windows-Security%20Module/version.txt'             
-        }
+        [System.Version]$global:LatestVersion = Invoke-RestMethod -Uri 'https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/Harden-Windows-Security%20Module/version.txt' -ProgressAction SilentlyContinue     
     }
     catch {   
         Write-Error -Message "Couldn't verify if the latest version of the module is installed, please check your Internet connection."
@@ -105,26 +78,40 @@ function Update-self {
 # Self update the module
 Update-self
 
-# Requirements Check
+#Region Requirements-Check
 
 # check if user's OS is Windows Home edition
 if ((Get-CimInstance -ClassName Win32_OperatingSystem).OperatingSystemSKU -eq '101') {
     Write-Error 'Windows Home edition detected, exiting...'
     break
 }
 
-# check if user's OS is latest version
-if (-NOT ([System.Environment]::OSVersion.Version -ge [version]'10.0.22621')) {
-    Write-Error "You're not using the latest version of the Windows OS, exiting..."
+# Check if user's OS is the latest build
+# Minimum OS build number required for the hardening measures used in this script
+[System.Decimal]$Requiredbuild = '22621.2428'
+
+# Get OS build version
+[System.Decimal]$OSBuild = [System.Environment]::OSVersion.Version.Build
+
+# Get Update Build Revision (UBR) number
+[System.Decimal]$UBR = Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'UBR'
+
+# Create full OS build number as seen in Windows Settings
+[System.Decimal]$FullOSBuild = "$OSBuild.$UBR"
+
+# Make sure the current OS build is equal or greater than the required build
+if (-NOT ($FullOSBuild -ge $Requiredbuild)) {
+    Write-Error -Message "You're not using the latest build of the Windows OS. A minimum build of $Requiredbuild is required but your OS build is $FullOSBuild`nPlease go to Windows Update to install the updates and then try again."
     break
 }
 
 if (Test-IsAdmin) {
     # check to make sure TPM is available and enabled
-    [bool]$TPMFlag1 = (Get-Tpm).tpmpresent
-    [bool]$TPMFlag2 = (Get-Tpm).tpmenabled
-    if (!$TPMFlag1 -or !$TPMFlag2) {
-        Write-Error 'TPM is not available or enabled, please go to your UEFI settings to enable it and then try again.'
-        break    
+    $TPM = Get-Tpm
+    if (-not ($TPM.tpmpresent -and $TPM.tpmenabled)) {
+        Write-Error -Message 'TPM is not available or enabled, please enable it in UEFI settings and try again.'
+        break
     }
-}
+}
+
+#Endregion Requirements-Check
diff --git a/Harden-Windows-Security Module/Main files/Harden-Windows-Security-Module.psd1 b/Harden-Windows-Security Module/Main files/Harden-Windows-Security-Module.psd1
@@ -12,7 +12,7 @@
   # RootModule = ''
 
   # Version number of this module.
-  ModuleVersion        = '0.2.4'
+  ModuleVersion        = '0.2.5'
 
   # Supported PSEditions
   CompatiblePSEditions = @('Core')
@@ -81,7 +81,7 @@ Harden Windows Safely, Securely, only with Official Microsoft methods
 '@
 
   # Minimum version of the PowerShell engine required by this module
-  PowerShellVersion    = '7.3.8'
+  PowerShellVersion    = '7.4.0'
 
   # Name of the PowerShell host required by this module
   # PowerShellHostName = ''