threatmodel Windows EN - edamametechnologies/threatmodels GitHub Wiki
Windows Threat Model (EN)
Contents
- EDAMAME helper inactive
- Cached logon credentials enabled
- No antivirus enabled
- Disk encryption disabled
- User Account Control disabled
- Automatic logon enabled
- Potentially compromised email address
- Unverified network environment
- Windows Script Host enabled
- Remote Desktop Protocol (RDP) enabled
- Windows Update disabled
- Guest account enabled
- Built-in Administrator account enabled
- Windows Firewall disabled
- Remote Registry Service enabled
- LM and NTLMv1 protocols enabled
- Lsass.exe process protection not enabled
- PowerShell execution policy not securely configured
- Chrome browser not up to date
- SMBv1 Protocol Enabled
EDAMAME helper inactive
Threat
Dimension : system services / Severity : 5
EDAMAME's Helper software is not running or requires an update. It's required for maximum Security Score analysis.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 12 | Command line | user | helper_check |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 12 | Command line | user | https://github.com/edamametechnologies/edamame_helper/releases/download |
Rollback
https://www.youtube.com/watch?v=xORy1bFBKCI
Cached logon credentials enabled
Threat
Dimension : credentials / Severity : 4
Tags : ISO 27001/2,Access Control, PCI-DSS,Requirement-8.2.3, SOC 2,CC-Logical Access Controls
Cached logon credentials are a security risk as they can be used by attackers to gain access to your system. They are stored on your system and can be retrieved by attackers who gain access to your computer or network. We recommend disabling cached logon credentials to increase the security of your system.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | if(((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI' -Name 'DisablePasswordCaching' -ErrorAction SilentlyContinue).DisablePasswordCaching) -ne 1) { 'Password caching is not disabled' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI /v DisablePasswordCaching /t REG_DWORD /d 1 /f |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI /v DisablePasswordCaching /t REG_DWORD /d 0 /f |
No antivirus enabled
Threat
Dimension : applications / Severity : 5
Tags : CIS Benchmark Level 1,Security Configuration Benchmarks, ISO 27001/2,Malware Protection, PCI-DSS,Requirement-5, SOC 2,CC-Malware Protection
You don't have any antivirus installed (Windows Defender, Sentinel One...). We recommend you to enable one.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | Function Get-AVStatus { [cmdletbinding()] Param() Process { $AV = Get-CimInstance -Namespace 'root/SecurityCenter2' -ClassName 'AntivirusProduct'; $enabledAVs = $AV | Where-Object { $productState = '0x{0:x}' -f $_.ProductState; $enabled = $productState.Substring(3, 2) -match '10|11'; return $enabled }; if (-not $enabledAVs) { Write-Output 'no epp' } } }; Get-AVStatus |
Remediation
Rollback
Disk encryption disabled
Threat
Dimension : system services / Severity : 4
Tags : CIS Benchmark Level 1,windows_security/bitlocker_enforce, ISO 27001/2,Information Security Incident Management, PCI-DSS,Requirement-3.4, SOC 2,CC-Data Protection
Your main storage is not encrypted. While there is a little performance impact by enabling it, we really urge you to set it up. Without that anyone physically accessing your computer can access your data.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | admin | manage-bde -status | findstr 'Protection Off' |
Remediation
https://www.youtube.com/watch?v=PtMyu9xrJ_E
Rollback
https://www.youtube.com/watch?v=lY0Iz0NpAoU
User Account Control disabled
Threat
Dimension : system integrity / Severity : 5
Tags : CIS Benchmark Level 2,Section: 1.1.1, ISO 27001/2,Control: A.9.4.4, PCI-DSS,Requirement-7.1, SOC 2,CC-User Access
User Account Control (UAC) is a security feature in Windows that helps prevent unauthorized changes to your computer. If UAC is disabled, it's easier for malware to make changes to your system without your knowledge. You should enable UAC to protect your system from such attacks.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | if((Get-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -ErrorAction SilentlyContinue).EnableLUA -eq 0) { 'UAC disabled' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -Name EnableLUA -Value 1 -Type DWord |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -Name EnableLUA -Value 0 -Type DWord |
Automatic logon enabled
Threat
Dimension : credentials / Severity : 4
Tags : CIS Benchmark Level 2,Section: 2.3.1.1, ISO 27001/2,Control: A.9.3.1, PCI-DSS,Requirement-8.1.5, SOC 2,CC-User Authentication
Automatic logon allows the system to automatically log on a user after booting up. This can be a security risk if the system is not physically secured as anyone can access the system without providing any credentials. It is recommended to disable automatic logon.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | if((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -ErrorAction SilentlyContinue).AutoAdminLogon -eq '1') { 'Automatic logon enabled' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name AutoAdminLogon -Value 0 |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name AutoAdminLogon -Value 1 |
Potentially compromised email address
Threat
Dimension : credentials / Severity : 1
Tags : ISO 27001/2,Information Security Incident Management, PCI-DSS,Requirement-12.10, SOC 2,CC-Incident Response, Personal Posture
Your email address might have recently appeared in a data breach. Please set your email in the Identity tab, review the breaches if any and follow instructions.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 12 | Command line | user | pwned -i 365 |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 12 | Command line | digitalidentity_manager |
Rollback
https://en.wikipedia.org/wiki/Have_I_Been_Pwned
Unverified network environment
Threat
Dimension : network / Severity : 1
Tags : ISO 27001/2,Information Security Incident Management, PCI-DSS,Requirement-12.10, SOC 2,CC-Incident Response, Personal Posture
The network you are connected to is not a known one. If you are allowed to scan this network, go to the network tab and verify the presence of potentially dangerous devices.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | lanscan |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | network_manager |
Rollback
https://en.wikipedia.org/wiki/Port_scanner
Windows Script Host enabled
Threat
Dimension : system integrity / Severity : 4
Tags : CIS Benchmark Level 1,Section: 9.1.2, ISO 27001/2,Control: A.12.2.1, PCI-DSS,Requirement-2.2.2, SOC 2,CC-Malicious Code Prevention
Windows Script Host is a built-in Windows scripting environment that allows running of VBScript, JScript, and other scripting languages. Disabling it can help mitigate some types of malware attacks.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | if((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name Enabled -ErrorAction SilentlyContinue).Enabled -eq 1) { 'Windows Script Host enabled' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | reg add HKLM\SOFTWARE\Microsoft'Windows Script Host'\Settings /v Enabled /t REG_DWORD /d 0 /f |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | reg add HKLM\SOFTWARE\Microsoft'Windows Script Host'\Settings /v Enabled /t REG_DWORD /d 1 /f |
Remote Desktop Protocol (RDP) enabled
Threat
Dimension : network / Severity : 4
Tags : CIS Benchmark Level 1,Section: 8.1.1, ISO 27001/2,Control: A.13.7.1, PCI-DSS,Requirement-2.3, SOC 2,CC-Network Security
RDP allows users to remotely access and control a Windows computer from another location. While this can be convenient, it also presents a significant security risk if left enabled and unprotected. An attacker could potentially gain access to your computer and compromise your sensitive data or even take control of your system.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | if((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -ErrorAction SilentlyContinue).fDenyTSConnections -eq 0) { 'Terminal Services connections allowed' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 1 |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0 |
Windows Update disabled
Threat
Dimension : system integrity / Severity : 5
Tags : CIS Benchmark Level 1,Section: 2.3.1, ISO 27001/2,Control: A.12.6.1, PCI-DSS,Requirement-6.1, SOC 2,CC-System Monitoring
Disabling Windows Update prevents critical security patches and updates from being installed on your system, leaving your system vulnerable to known exploits and threats. It is highly recommended that you enable Windows Update to ensure your system is up to date with the latest security patches.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | $registryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'; $noAutoUpdate = (Get-ItemProperty -Path $registryPath -Name NoAutoUpdate -ErrorAction SilentlyContinue).NoAutoUpdate; $useWUServer = (Get-ItemProperty -Path $registryPath -Name UseWUServer -ErrorAction SilentlyContinue).UseWUServer; Write-Output ($(if ($noAutoUpdate -eq 0 -or $useWUServer -eq 1) { '' } else { $messages = @(); if ($noAutoUpdate -ne 0) {$messages += 'NoAutoUpdate is set.'}; if ($useWUServer -ne 1) {$messages += 'Updates are not managed through GPO.'}; $messages -join ' ' })) |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 0 /f |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 1 /f |
Guest account enabled
Threat
Dimension : credentials / Severity : 4
Tags : CIS Benchmark Level 1,Section: 1.1.2, ISO 27001/2,Control: A.9.2.1, PCI-DSS,Requirement-8.1.6, SOC 2,CC-User Access
The Guest account is a default account in Windows, which allows users to access the system with limited privileges. It's recommended to disable this account to prevent unauthorized access to your system and data.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | $guestAccount = Get-LocalUser | Where-Object {$_.SID -like '*-501'}; if ($guestAccount.Enabled) {'Guest account is active'} else {''} |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | $guestAccount = Get-LocalUser | Where-Object {$_.SID -like '*-501'}; if ($guestAccount.Enabled) {Disable-LocalUser -Name $guestAccount.Name} |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | $guestAccount = Get-LocalUser | Where-Object {$_.SID -like '*-501'}; if (-not $guestAccount.Enabled) {Enable-LocalUser -Name $guestAccount.Name} |
Built-in Administrator account enabled
Threat
Dimension : credentials / Severity : 5
Tags : CIS Benchmark Level 1,Section: 1.1.1, ISO 27001/2,Control: A.9.4.2, PCI-DSS,Requirement-2.3, SOC 2,CC-User Access
The Built-in Administrator account is a powerful account that has full access to the system. Having this account enabled is a security risk as it is a common target for attackers. It should be disabled unless it is absolutely necessary to enable it.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | $adminAccount = Get-LocalUser | Where-Object {$_.SID -like '*-500'}; if ($adminAccount.Enabled) {'Built-in Administrator account enabled'} else {''} |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | $adminAccount = Get-LocalUser | Where-Object {$_.SID -like '*-500'}; if ($adminAccount.Enabled) {Disable-LocalUser -Name $adminAccount.Name} |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | $adminAccount = Get-LocalUser | Where-Object {$_.SID -like '*-500'}; if (-not $adminAccount.Enabled) {Enable-LocalUser -Name $adminAccount.Name} |
Windows Firewall disabled
Threat
Dimension : network / Severity : 5
Tags : CIS Benchmark Level 1,Section: 9.3.1, ISO 27001/2,Control: A.13.1.1, PCI-DSS,Requirement-1.4, SOC 2,CC-Network Security
Windows Firewall is a built-in feature of Windows that helps to protect your computer from unauthorized access. When it's disabled, your computer is vulnerable to attacks from the network. We recommend that you enable it.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | if((Get-NetFirewallProfile -All | Where-Object { $_.Enabled -eq 'False' })) { 'One or more firewall profiles are disabled' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False |
Remote Registry Service enabled
Threat
Dimension : system services / Severity : 3
Tags : CIS Benchmark Level 1,Section: 2.2.4, ISO 27001/2,Control: A.9.4.1, PCI-DSS,Requirement-2.2, SOC 2,CC-System Configuration and Maintenance
The Remote Registry Service allows remote access to the Windows Registry. This can be a security risk if not properly secured.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | if((Get-Service -Name RemoteRegistry).Status -eq 'Running') { 'RemoteRegistry service is running' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | (sc.exe config RemoteRegistry start= disabled) -and (sc.exe stop RemoteRegistry) |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | (sc.exe config RemoteRegistry start= auto) -and (sc.exe start RemoteRegistry) |
LM and NTLMv1 protocols enabled
Threat
Dimension : credentials / Severity : 5
Tags : CIS Benchmark Level 1,Section: 2.3.11.9, ISO 27001/2,Control: A.9.2.3, PCI-DSS,Requirement-8.2.1, SOC 2,CC-User Authentication
The LM and NTLMv1 protocols are outdated and insecure authentication protocols. They should be disabled to prevent potential security threats. Leaving these protocols enabled can allow attackers to potentially crack passwords and gain unauthorized access to sensitive information.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 0 | Command line | user | if(((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA' -ErrorAction SilentlyContinue).LMCompatibilityLevel -lt 5) -or ((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\MSV1_0' -ErrorAction SilentlyContinue).NtlmMinClientSec -lt 537395200) -or ((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\MSV1_0' -ErrorAction SilentlyContinue).NtlmMinServerSec -lt 537395200)) { 'Weak NTLM settings' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 0 | Command line | system | Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA' -Name 'LMCompatibilityLevel' -Value '5' -Type DWord; Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\MSV1_0' -Name 'NtlmMinClientSec' -Value '537395200' -Type DWord; Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\MSV1_0' -Name 'NtlmMinServerSec' -Value '537395200' -Type DWord |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 0 | Command line | system | Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA' -Name 'LmCompatibilityLevel' -Value '1' -Type DWord; Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\MSV1_0' -Name 'NtlmMinClientSec' -Value '262144' -Type DWord; Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\MSV1_0' -Name 'NtlmMinServerSec' -Value '537395200' -Type DWord |
Lsass.exe process protection not enabled
Threat
Dimension : system integrity / Severity : 4
Tags : CIS Benchmark Level 1,Section: 2.2.39, ISO 27001/2,Control: A.12.1.2, PCI-DSS,Requirement-6.2, SOC 2,CC-System Integrity
Lsass.exe is a critical system process that handles user authentication. It contains sensitive information such as passwords and security tokens. If this process is compromised, it could lead to a security breach. Enabling Lsass.exe process protection helps prevent attacks against this process. This content will show you how to enable Lsass.exe process protection.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | if((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'RunAsPPL' -ErrorAction SilentlyContinue).RunAsPPL -eq 0) { 'RunAsPPL is a REG_DWORD with value 0' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 1 /f |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 0 /f |
PowerShell execution policy not securely configured
Threat
Dimension : system integrity / Severity : 4
Tags : CIS Benchmark Level 1,Section: 1.1.3, ISO 27001/2,Control: A.12.4.2, PCI-DSS,Requirement-2.2.4, SOC 2,CC-System Hardening
PowerShell is a powerful command-line tool that is built into Windows, and is often used by attackers to carry out malicious activities. The execution policy determines which scripts are allowed to run on a Windows system. If the execution policy is set to Unrestricted, it could allow an attacker to run malicious scripts on your system.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | $currentUserPolicy= Get-ExecutionPolicy -Scope CurrentUser; if($currentUserPolicy -eq 'Unrestricted') { 'Execution Policy is unrestricted' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-ExecutionPolicy -ExecutionPolicy Default -Scope CurrentUser -Force |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -Force |
Chrome browser not up to date
Threat
Dimension : applications / Severity : 3
Tags : ISO 27001/2,Application Security, PCI-DSS,Requirement-6, SOC 2,CC-System Operations
Your Google Chrome browser is not up to date. Running the latest version ensures you have the latest security features and performance improvements.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | $path = 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome'; if (Test-Path $path) { $local_version = (Get-ItemProperty -Path $path).DisplayVersion; $web_content = Invoke-WebRequest -UseBasicParsing 'https://chromiumdash.appspot.com/fetch_releases?channel=Stable&platform=Windows&num=1'; $latest_version = ($web_content.Content | ConvertFrom-Json)[0].version; if ([version]$latest_version -le [version]$local_version) { Write-Output '' } else { Write-Output "Chrome is not up to date (Installed: $local_version, Latest: $latest_version)"; } } else { Write-Output '' } |
Remediation
https://support.google.com/chrome/answer/95414?hl=en
Rollback
https://support.google.com/chrome/a/answer/6350036?hl=en
SMBv1 Protocol Enabled
Threat
Dimension : network / Severity : 5
Tags : CIS Benchmark Level 1,windows_security/smb1_protocol_disabled
The SMBv1 protocol is enabled on your system. This protocol is outdated and has known vulnerabilities that can allow attackers to take over your system. It should be disabled to improve your system's security.
Implementation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | user | if((Get-SmbServerConfiguration).EnableSMB1Protocol -eq $true) { 'SMBv1 enabled' } else { '' } |
Remediation
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -norestart |
Rollback
Tested for | Action | Elevation | Script |
---|---|---|---|
Windows 10 | Command line | system | Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -norestart |