CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows PowerShell\Turn on PowerShell Script Block Logging

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template PowerShellExecutionPolicy.admx/adml that is included with the Microsoft Windows 10 RTM (Release 1507) Administrative Templates (or newer).

Impact:

Logging of PowerShell script input is disabled.

Default Value:

Enabled. (PowerShell will log script blocks the first time they are used.)

CIS Controls:

Version 6

16.4 Automatically Log Off Users After Standard Period Of Inactivity Regularly monitor the use of all accounts, automatically logging off users after a standard period of inactivity.

Version 7

5.1 Establish Secure Configurations Maintain documented, standard security configuration standards for all authorized operating systems and software.

1149 | P a g e