Harden Windows Security | Only with official documented methods | Always up to date

Morro · Sep 18, 2023

@SpyNetGirl

I have never used PowerShell, so it was both overwhelming and also a bit scary to read through your Github page.

But it is also very interesting, and I might try to apply it to my new PC once it is delivered. (After I have the basics setup, and fully updated it, and after I made a backup image.)

1) Is it difficult to start up the Harden-Windows-Security. (Sorry, again, I never used PowerShell before.

)
2) In case I decide to use your Harden-Windows-Security and decide to use all parts, Will settings that do not work in Windows 11 Pro (I have no Business License... that I know of.)
be auto skipped when I decide to give your hardened method a try? Or can/should I opt out of functions that are not needed for a PC that only I will use?
3) Will the backup software I will use on my new PC work with the settings from BitLocker that your method sets? (I will be using Hasleo Backup Suite Free.)
4) If I decide to also use your WinSecureDNSMgr module, can I set NextDNS or would that be ill-advised when using WinSecureDNSMgr? In case it is, I could try for instance Cloudflare WARP. When I tried it on my old current PC, it was very fast.

I do not have my new PC yet, but in the opening post of a thread I made you can see system specs, in case you need them to answer some of my questions.

Need Advice - Looking for advice for new Desktop I will get. (Soon I hope.)

SpyNetGirl · Sep 19, 2023

Morro said:
@SpyNetGirl

I have never used PowerShell, so it was both overwhelming and also a bit scary to read through your Github page. But it is also very interesting, and I might try to apply it to my new PC once it is delivered. (After I have the basics setup, and fully updated it, and after I made a backup image.)

1) Is it difficult to start up the Harden-Windows-Security. (Sorry, again, I never used PowerShell before. )
2) In case I decide to use your Harden-Windows-Security and decide to use all parts, Will settings that do not work in Windows 11 Pro (I have no Business License... that I know of.)
be auto skipped when I decide to give your hardened method a try? Or can/should I opt out of functions that are not needed for a PC that only I will use?
3) Will the backup software I will use on my new PC work with the settings from BitLocker that your method sets? (I will be using Hasleo Backup Suite Free.)
4) If I decide to also use your WinSecureDNSMgr module, can I set NextDNS or would that be ill-advised when using WinSecureDNSMgr? In case it is, I could try for instance Cloudflare WARP. When I tried it on my old current PC, it was very fast.

I do not have my new PC yet, but in the opening post of a thread I made you can see system specs, in case you need them to answer some of my questions.

Need Advice - Looking for advice for new Desktop I will get. (Soon I hope.)

Hi,
1. I have YouTube videos and Gifs, starting it is as easy as a copy & paste. I think I will write a less technical Q&A post on GitHub with common questions to help find answers quickly. Learning PowerShell is really useful, I have made 2 beginner guides on Github wiki. If you ping me there about any questions i will be able to respond faster (sometimes in minutes)
2. Settings that need more than pro license simply have no effect on pro version. They're just not activated.
3. I'm not familiar with that backup software, if it backs up data after logging in to Windows then it works, but if it expects the disks to be unencrypted/unsecured before login/boot then I don't think it will work, still have to test it though.
4. Yes, I use NextDNS too and use the module to configure it on my system, that was actually why I made it to help me do it faster.Cloudflare WARP is pretty good too.

I'll check out that thread, seems interesting ^^ btw if you already have a supported hardware (like at least Intel 8th generation CPU) you can use the hardening module.

Morro · Sep 19, 2023

SpyNetGirl said:
Hi,
1. I have YouTube videos and Gifs, starting it is as easy as a copy & paste. I think I will write a less technical Q&A post on GitHub with common questions to help find answers quickly. Learning PowerShell is really useful, I have made 2 beginner guides on Github wiki. If you ping me there about any questions i will be able to respond faster (sometimes in minutes)
2. Settings that need more than pro license simply have no effect on pro version. They're just not activated.
3. I'm not familiar with that backup software, if it backs up data after logging in to Windows then it works, but if it expects the disks to be unencrypted/unsecured before login/boot then I don't think it will work, still have to test it though.
4. Yes, I use NextDNS too and use the module to configure it on my system, that was actually why I made it to help me do it faster.Cloudflare WARP is pretty good too.

I'll check out that thread, seems interesting ^^ btw if you already have a supported hardware (like at least Intel 8th generation CPU) you can use the hardening module.

Thank you very much for the reply.

Morro · Sep 22, 2023

@SpyNetGirl

Well, I got my new PC yesterday, and I installed your modules for Hardening Windows Security. I had to wait a very... very long time with the BitLocker part though. Apparently Encrypting a 5TB external HD takes quite some time... who would have expected that.

It looked like it all went well to me.

But then when I booted up my PC this morning, my internet connection was suddenly not working for several hours? But after I came home, and tried again my PC had a working connection again?

I have no idea why that happened, but I just hope that it does not happen again.

Also, this afternoon after I had connection again, I installed your WinSecureDNSMgr module with the installation command from your GitHub page. Is it supposed to be so short and display nothing? I saw a coloured bar for a few seconds and then the PowerShell command line again. (Or whatever people want to call it.) No choices to make like with the Harden Windows Modules, is that suppose to happen like that with the WinSecureDNSMgr module? Or did I not do something right.

ForgottenSeer 97327 · Sep 22, 2023

@Morro building a fort knox setup

Is your new PC as fast as you hoped?

Morro · Sep 22, 2023

Oh yes it is.

SpyNetGirl · Sep 22, 2023

Morro said:
@SpyNetGirl

Well, I got my new PC yesterday, and I installed your modules for Hardening Windows Security. I had to wait a very... very long time with the BitLocker part though. Apparently Encrypting a 5TB external HD takes quite some time... who would have expected that. It looked like it all went well to me.

But then when I booted up my PC this morning, my internet connection was suddenly not working for several hours? But after I came home, and tried again my PC had a working connection again? I have no idea why that happened, but I just hope that it does not happen again.

Also, this afternoon after I had connection again, I installed your WinSecureDNSMgr module with the installation command from your GitHub page. Is it supposed to be so short and display nothing? I saw a coloured bar for a few seconds and then the PowerShell command line again. (Or whatever people want to call it.) No choices to make like with the Harden Windows Modules, is that suppose to happen like that with the WinSecureDNSMgr module? Or did I not do something right.

I don't know how you partitioned your drive, but you could dedicate about 256 GB to OS drive and the rest for other drives, then you could gradually encrypt them.
You don't have to wait for BitLocker encryption to finish, you can continue your work or even restart your computer. I've done it many times, encryption will be resumed automatically after restart.

Not sure about your Internet connection, why do you think it's related to the module?

For WinSecureDNSMgr, there are documentations on the readme page. It has different modes and it's not like Harden Widows Security module, if any part of the document is not clear enough please let me know so I can improve it.

Also you'll have to show me a screenshot or video recording so I can see what you were trying to do with the DNS and i'll try to help

Morro · Sep 22, 2023

I do not really believe that any more, but when I noticed it, I thought about the fact that your module was the last thing I did yesterday before I switched off my PC. But then I also quickly remembered that I am not the only one using your module, and no one else has mentioned that problem. So it has to be something on my end that happened, I just do not know why a few hours later my internet connection worked again. My apologies for that.

And I will try to get a screenshot of it, as you asked.

Morro · Sep 22, 2023

I used the command seen in the picture.

I saw a yellow bar for maybe a second or two, and that was it. Or do I also need to use the command below to set it up for NextDNS?

Set-DynamicIPDoHServer -DoHTemplate https://dns.nextdns.io/MyNextDNS ID

SpyNetGirl · Sep 22, 2023

@Morro It's okay, even if no one else reported a problem i'd still want to investigate if it's related to the module and you're experiencing it ^^

Thanks for the screenshot. That looks okay, you installed it. Now you want to use NextDNS, you can use this syntax:

Code:

set-cdoh -DoHTemplate '' -IPV4s IPv4,IPv4

so for example like this:

Code:

set-cdoh -DoHTemplate 'https://dns.nextdns.io/a1b2c3' -IPV4s 10.20.30.45,11.22.33.44

You can find those details in your NextDNS profile

Morro · Sep 22, 2023

SpyNetGirl said:
@Morro It's okay, even if no one else reported a problem i'd still want to investigate if it's related to the module and you're experiencing it ^^

Thanks for the screenshot. That looks okay, you installed it. Now you want to use NextDNS, you can use this syntax:

Code:

set-cdoh -DoHTemplate '' -IPV4s IPv4,IPv4

so for example like this:

Code:

set-cdoh -DoHTemplate 'https://dns.nextdns.io/a1b2c3' -IPV4s 10.20.30.45,11.22.33.44

You can find those details in your NextDNS profile

Thank you very much.

SpyNetGirl · Sep 22, 2023

@Morro You're very welcome ^^

If you ever experience any Internet connectivity problem let me know and please do these too and let me know about their results
1. Check your router/modem to make sure it has Internet connectivity and there is no problem from the ISP side.
2. Check your WIFI with another device like your phone to make sure it has Internet and only your computer is the one without Internet.
3. Do a ping test, use this command in PowerShell "ping bing.com -t" and observe the results.
4. Go to Windows settings > Network & Internet and see if there is any problem shown there. You can also check Control Panel for network settings.

Morro · Sep 22, 2023

Ping test looks ok to me.

SpyNetGirl · Sep 22, 2023

Morro said:
Ping test looks ok to me.

View attachment 278763

Looks very good, IPv6 and nice low latency

SpyNetGirl · Sep 29, 2023

Created a basic FAQs document

Answers to the Basic Frequently Asked Questions

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers...

github.com

Warencom · Feb 7, 2024

Regarding the WinSecureDNSMgr installation, you're correct that it's a quick process without the configuration prompts like Harden Windows Security. This is because it doesn't require additional user input beyond specifying the DoH template URL.

Search

Harden Windows Security | Only with official documented methods | Always up to date

Morro

Level 17

SpyNetGirl

Level 3

Morro

Level 17

Morro

Level 17

ForgottenSeer 97327

Morro

Level 17

SpyNetGirl

Level 3

Morro

Level 17

Morro

Level 17

SpyNetGirl

Level 3

Morro

Level 17

SpyNetGirl

Level 3

Morro

Level 17

SpyNetGirl

Level 3

SpyNetGirl

Level 3

Answers to the Basic Frequently Asked Questions

Warencom

New Member

Similar threads