TestimoX

API Reference

Command

Set-CxSecurityOption

Namespace ComputerX.PowerShell
Inputs
System.String

Sets CIS-relevant Local Security Options (registry-backed).

Examples

Authored help example

Example 1


Set-CxSecurityOption -LimitBlankPasswordUse:$true -LmCompatibility NTLMv2OnlyRefuseLMandNTLM

Example 2


Set-CxSecurityOption -ComputerName SERVER01 -RequireSmbSigningServer:$true -Smb1 0

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Set-CxSecurityOption [-ComputerName <string>] [-AllowInsecureGuestAuth <bool>] [-EveryoneIncludesAnonymous <int>] [-LimitBlankPasswordUse <bool>] [-LmCompatibility <LMandNTLM>] [-NoLmHash <bool>] [-NtlmMinClientSec <Sign|Seal|Require128|Require56>] [-NtlmMinServerSec <Sign|Seal|Require128|Require56>] [-NullSessionPipes <string[]>] [-NullSessionShares <string[]>] [-RequireSmbSigningClient <bool>] [-RequireSmbSigningServer <bool>] [-RestrictAnonymous <int>] [-RestrictAnonymousSAM <int>] [-Smb1 <int>] [<CommonParameters>]
#

Parameters

ComputerName string optionalposition: 0pipeline: true (ByPropertyName)
Target computer(s). Use '.' for local computer or provide DNS names.
AllowInsecureGuestAuth bool optionalposition: namedpipeline: false
Allows or blocks insecure guest authentication.
EveryoneIncludesAnonymous int optionalposition: namedpipeline: false
Controls whether the Everyone SID includes anonymous users.
LimitBlankPasswordUse bool optionalposition: namedpipeline: false
Restricts local account blank-password use to console logon only.
LmCompatibility LmCompatibilityLevel optionalposition: namedpipeline: falsevalues: 6
Sets the LM compatibility level used for NTLM authentication behavior. Possible values: LMandNTLM, LMandNTLMRefuseNTLMv2Session, NTLMv2Only, NTLMv2OnlyRefuseLM, NTLMv2OnlyRefuseLMandNTLM, NTLMv2OnlyRefuseLMandNTLMUseKerberos
Possible values: LMandNTLM, LMandNTLMRefuseNTLMv2Session, NTLMv2Only, NTLMv2OnlyRefuseLM, NTLMv2OnlyRefuseLMandNTLM, NTLMv2OnlyRefuseLMandNTLMUseKerberos
NoLmHash bool optionalposition: namedpipeline: false
Prevents Windows from storing LM password hashes.
NtlmMinClientSec NtlmSspFlags optionalposition: namedpipeline: falsevalues: 4
Minimum NTLM SSP security flags required by the client. Possible values: None, Sign, Seal, Require128, Require56
Possible values: Sign, Seal, Require128, Require56
NtlmMinServerSec NtlmSspFlags optionalposition: namedpipeline: falsevalues: 4
Minimum NTLM SSP security flags required by the server. Possible values: None, Sign, Seal, Require128, Require56
Possible values: Sign, Seal, Require128, Require56
NullSessionPipes string[] optionalposition: namedpipeline: false
Server null session named pipes list. Replaces only if provided.
NullSessionShares string[] optionalposition: namedpipeline: false
Server null session shares list (SMB). Replaces only if provided.
RequireSmbSigningClient bool optionalposition: namedpipeline: false
Requires SMB signing on the client component.
RequireSmbSigningServer bool optionalposition: namedpipeline: false
Requires SMB signing on the server component.
RestrictAnonymous int optionalposition: namedpipeline: false
Sets the RestrictAnonymous security option value.
RestrictAnonymousSAM int optionalposition: namedpipeline: false
Sets the RestrictAnonymousSAM security option value.
Smb1 int optionalposition: namedpipeline: false
Enables or disables SMBv1 compatibility through the security option layer.