Andreas/noid-privacy
1
0
Fork 0
mirror of https://github.com/NexusOne23/noid-privacy.git synced 2026-02-07 04:01:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

v2.2.1: Critical multi-run session bugfix, .Count property fix, ASR prompt improvement, code quality review

Browse source
This commit is contained in:
NexusOne23 2025-12-20 23:08:01 +01:00
parent c6f8291d50
commit b3efcf35fd
68 changed files with 307 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bug_report.md vendored
View file

@ -32,7 +32,7 @@ A clear description of what actually happened.
- **CPU**: [e.g., AMD Ryzen 7 9800X3D]
- **TPM**: [e.g., 2.0 Present]
- **Third-Party AV**: [e.g., None, Windows Defender only]
- **Script Version**: [e.g., v2.2.0]
- **Script Version**: [e.g., v2.2.1]
- **Execution Mode**: [Interactive / Direct / DryRun]
**Get System Info:**

33
CHANGELOG.md
View file

@ -7,6 +7,39 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
---
## [2.2.1] - 2025-12-19
### 🔧 Maintenance Release
**Critical bugfix for multi-run sessions and code review.**
### 🔨 Fixed
**Multi-Run Session Bug (Critical)**
- Fixed: Running framework multiple times in same PowerShell session caused `auditpol.exe` backup failures
- Root cause: `$global:BackupBasePath` was not reset between runs, causing auditpol to fail with "file exists" error
- Fix: Global backup variables (`BackupBasePath`, `BackupIndex`, `NewlyCreatedKeys`, `SessionManifest`, `CurrentModule`) are now reset at script start in `NoIDPrivacy.ps1`
- Impact: Users can now run individual modules, then "Apply All", then individual modules again without errors
**`.Count` Property Bug (5 files)**
- Fixed: `.Count` property failed on single-object results from `Where-Object`
- Affected files: `Invoke-ASRRules.ps1`, `Framework.ps1`, `Test-AdvancedSecurity.ps1`, `Test-DiscoveryProtocolsSecurity.ps1`, `Restore-DNSSettings.ps1`
- Fix: Wrapped results in `@()` to ensure array type
### ✅ Changed
**ASR Prompt Text Improved**
- Changed "untrusted software" to "new software" in ASR prevalence rule prompt
- More neutral language - the software isn't necessarily untrusted, just new/unknown to Microsoft's reputation system
**Code Quality**
- Full codebase review of backup/restore system (2970 lines in `Core/Rollback.ps1`)
- Wireless Display (Miracast) security implementation verified against Microsoft documentation
- All 7 registry policies confirmed correct per MS Policy CSP docs
- Version numbers aligned across all 50+ files
---
## [2.2.0] - 2025-12-08
### 🚀 Enhanced Framework - 630+ Settings

12
CONTRIBUTING.md
View file

@ -68,7 +68,7 @@ Modules/
```
Modules/AdvancedSecurity/
├── AdvancedSecurity.psd1 # Manifest with version 2.2.0
├── AdvancedSecurity.psd1 # Manifest with version 2.2.1
├── AdvancedSecurity.psm1 # Loads Private/*.ps1 and Public/*.ps1
├── Config/
│ ├── RDP.json # RDP hardening config
@ -105,7 +105,7 @@ Modules/AdvancedSecurity/
```powershell
@{
RootModule = 'YourModule.psm1'
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
GUID = 'YOUR-GUID-HERE' # Generate with [guid]::NewGuid()
Author = 'Your Name'
CompanyName = 'NoID Privacy'
@ -128,7 +128,7 @@ Modules/AdvancedSecurity/
Tags = @('Security', 'Hardening', 'Windows11')
ProjectUri = 'https://github.com/yourusername/noid-privacy'
ReleaseNotes = @"
v2.2.0 - Initial Release
v2.2.1 - Initial Release
- Feature 1
- Feature 2
"@
@ -141,7 +141,7 @@ v2.2.0 - Initial Release
```powershell
@{
RootModule = 'AdvancedSecurity.psm1'
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
GUID = 'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
Author = 'NexusOne23'
Description = 'Advanced Security hardening beyond Microsoft Security Baseline'
@ -155,7 +155,7 @@ v2.2.0 - Initial Release
PSData = @{
Tags = @('Security', 'Hardening', 'RDP', 'TLS', 'Windows11')
ReleaseNotes = @"
v2.2.0 - Production Release
v2.2.1 - Production Release
- RDP NLA enforcement + optional complete disable
- WDigest credential protection
- Administrative shares disable (domain-aware)
@ -781,4 +781,4 @@ mkdir "Modules\YourModule\Config"
---
**Questions? Study AdvancedSecurity v2.2.0 - it's the reference implementation!** 🎯
**Questions? Study AdvancedSecurity v2.2.1 - it's the reference implementation!** 🎯

8
Core/Config.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
#>
@ -79,7 +79,7 @@ function New-DefaultConfig {
)
$defaultConfig = @{
version = "2.2.0"
version = "2.2.1"
modules = @{
SecurityBaseline = @{
enabled = $true
@ -114,7 +114,7 @@ function New-DefaultConfig {
priority = 6
status = "IMPLEMENTED"
description = "Microsoft Edge v139 Security Baseline: 20 security policies including SmartScreen enforcement, site isolation, SSL/TLS hardening, extension blocklist, IE Mode restrictions, and Spectre mitigations. No LGPO.exe dependency."
version = "2.2.0"
version = "2.2.1"
baseline = "Edge v139"
policies = 20
features = @{
@ -133,7 +133,7 @@ function New-DefaultConfig {
priority = 7
status = "IMPLEMENTED"
description = "Advanced Security hardening beyond MS Baseline: RDP NLA/Disable, WDigest protection, Admin Shares disable, Risky ports/services, Legacy TLS disable, WPAD disable, PowerShell v2 removal, SRP .lnk protection, Windows Update (3 GUI settings), Finger Protocol block. Opt-in by design (use -SecurityProfile Balanced/Enterprise/Maximum)"
version = "2.2.0"
version = "2.2.1"
policies = 36
features = @{
rdp_hardening = $true

6
Core/Framework.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
.EXAMPLE
@ -24,7 +24,7 @@
# All configuration comes from config.json via Initialize-Config.
# Script-level variables
$script:FrameworkVersion = "2.2.0"
$script:FrameworkVersion = "2.2.1"
$script:FrameworkRoot = Split-Path -Parent $PSScriptRoot
$script:ExecutionStartTime = Get-Date
@ -301,7 +301,7 @@ function Start-HardeningProcess {
# Correct calculation from ModuleResults
$totalModules = $hardeningResult.ModulesExecuted
$successCount = ($hardeningResult.ModuleResults | Where-Object { $_.Success }).Count
$successCount = @($hardeningResult.ModuleResults | Where-Object { $_.Success }).Count
$failureCount = $totalModules - $successCount
Write-Host "Total modules executed: $totalModules" -ForegroundColor White

2
Core/Logger.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
#>

2
Core/NonInteractive.ps1
View file

@ -12,7 +12,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Usage in modules:
1. Call Test-NonInteractiveMode to check if prompts should be skipped

6
Core/Rollback.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
#>
@ -64,7 +64,7 @@ function Initialize-BackupSystem {
displayName = "" # Auto-generated based on modules
sessionType = "unknown" # wizard | advanced | manual
timestamp = Get-Date -Format "o"
frameworkVersion = "2.2.0"
frameworkVersion = "2.2.1"
modules = @()
totalItems = 0
restorable = $true
@ -2246,7 +2246,7 @@ function Restore-Session {
"HKCU:\Software\Microsoft\Windows\CurrentVersion\SystemSettings\AccountNotifications",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement",
"HKCU:\SOFTWARE\Microsoft\Personalization\Settings",
# NEW: Input Personalization Settings (v2.2.0 - FIX missing HKCU restore)
# NEW: Input Personalization Settings (v2.2.1 - FIX missing HKCU restore)
"HKCU:\SOFTWARE\Microsoft\InputPersonalization",
"HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics"

2
Core/Validator.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
#>

22
Docs/FEATURES.md
View file

@ -1,6 +1,6 @@
# NoID Privacy - Complete Feature List
**Framework Version:** v2.2.0
**Framework Version:** v2.2.1
**Total Security Settings:** 633 (Paranoid mode)
**Modules:** 7 (All Production-Ready)
**Last Updated:** December 8, 2025
@ -11,13 +11,13 @@
| Module | Settings | Status | Description |
|--------|----------|--------|-------------|
| **SecurityBaseline** | 425 | ✅ v2.2.0 | Microsoft Security Baseline for Windows 11 v25H2 |
| **ASR** | 19 | ✅ v2.2.0 | Attack Surface Reduction rules |
| **DNS** | 5 | ✅ v2.2.0 | Secure DNS with DoH encryption |
| **Privacy** | 78 | ✅ v2.2.0 | Telemetry control, OneDrive hardening (Strict: 70 Registry + 2 Services + 6 OneDrive) |
| **AntiAI** | 32 | ✅ v2.2.0 | AI lockdown (15 features, 32 compliance checks) |
| **EdgeHardening** | 24 | ✅ v2.2.0 | Microsoft Edge browser security (24 policies) |
| **AdvancedSecurity** | 50 | ✅ v2.2.0 | Advanced hardening beyond MS Baseline (incl. Wireless Display, Discovery Protocols, IPv6) |
| **SecurityBaseline** | 425 | ✅ v2.2.1 | Microsoft Security Baseline for Windows 11 v25H2 |
| **ASR** | 19 | ✅ v2.2.1 | Attack Surface Reduction rules |
| **DNS** | 5 | ✅ v2.2.1 | Secure DNS with DoH encryption |
| **Privacy** | 78 | ✅ v2.2.1 | Telemetry control, OneDrive hardening (Strict: 70 Registry + 2 Services + 6 OneDrive) |
| **AntiAI** | 32 | ✅ v2.2.1 | AI lockdown (15 features, 32 compliance checks) |
| **EdgeHardening** | 24 | ✅ v2.2.1 | Microsoft Edge browser security (24 policies) |
| **AdvancedSecurity** | 50 | ✅ v2.2.1 | Advanced hardening beyond MS Baseline (incl. Wireless Display, Discovery Protocols, IPv6) |
| **TOTAL** | **633** | ✅ **100%** | **Complete Framework (Paranoid mode)** |
---
@ -238,7 +238,7 @@ Clipchamp.Clipchamp, SpotifyAB.SpotifyMusic
## 🤖 Module 5: AntiAI (32 Policies)
**Description:** Disable 15 Windows AI features via 32 registry policies (v2.2.0)
**Description:** Disable 15 Windows AI features via 32 registry policies (v2.2.1)
### 15 AI Features Disabled:
@ -724,7 +724,7 @@ Some UI elements in Paint and Photos apps may **still be visible** but non-funct
```
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
NoID Privacy v2.2.0
NoID Privacy v2.2.1
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Total Settings: 633 ✅
@ -745,4 +745,4 @@ Framework Completion: 🎉 100% COMPLETE
---
**Last Updated:** December 8, 2025
**Framework Version:** v2.2.0
**Framework Version:** v2.2.1

2
Docs/LICENSE-HISTORY.md
View file

@ -35,7 +35,7 @@ See [LICENSE](LICENSE) for full text.
**Impact:**
- **v1.8.3 and earlier:** Remain under MIT License (cannot be changed retroactively)
- **v2.2.0 and later:** Licensed under GPL v3.0
- **v2.2.1 and later:** Licensed under GPL v3.0
- Forks of v1.x can remain MIT-licensed
- Forks of v2.x must comply with GPL v3.0

49
Docs/NONINTERACTIVE-MODE.md
View file

@ -277,23 +277,54 @@ $env:NOIDPRIVACY_NONINTERACTIVE = "true"
---
## Return Codes
## Exit Codes (v2.2.1+)
**Note:** Exit codes are currently not implemented. Error handling should be done via try/catch blocks and checking the log files.
The framework returns structured exit codes for CI/CD integration:
### **Example: Error Handling in Scripts**
| Code | Name | Description |
|------|------|-------------|
| **0** | `SUCCESS` | All operations completed successfully |
| **1** | `ERROR_GENERAL` | General/unspecified error |
| **2** | `ERROR_PREREQUISITES` | System requirements not met (OS, PowerShell, Admin) |
| **3** | `ERROR_CONFIG` | Configuration file error (missing, invalid JSON) |
| **4** | `ERROR_MODULE` | One or more modules failed during execution |
| **5** | `ERROR_FATAL` | Fatal/unexpected exception |
| **10** | `SUCCESS_REBOOT` | Success, but reboot is required for changes to take effect |
### **Example: CI/CD Exit Code Handling**
```powershell
try {
.\NoIDPrivacy.ps1 -Module All -ErrorAction Stop
Write-Output "Hardening completed successfully"
# Run hardening and capture exit code
$process = Start-Process powershell -ArgumentList "-ExecutionPolicy Bypass -File `".\NoIDPrivacy.ps1`" -Module All" -Wait -PassThru
$exitCode = $process.ExitCode
switch ($exitCode) {
0 { Write-Host "SUCCESS: All modules applied" -ForegroundColor Green }
10 { Write-Host "SUCCESS: Reboot required" -ForegroundColor Yellow; Restart-Computer -Force }
2 { Write-Host "FAILED: Prerequisites not met" -ForegroundColor Red; exit 1 }
3 { Write-Host "FAILED: Config error" -ForegroundColor Red; exit 1 }
4 { Write-Host "FAILED: Module errors" -ForegroundColor Red; exit 1 }
5 { Write-Host "FAILED: Fatal exception" -ForegroundColor Red; exit 1 }
default { Write-Host "FAILED: Unknown error ($exitCode)" -ForegroundColor Red; exit 1 }
}
catch {
Write-Error "Hardening failed: $_"
```
### **Example: Simple Success/Failure Check**
```powershell
.\NoIDPrivacy.ps1 -Module All
$exitCode = $LASTEXITCODE
if ($exitCode -eq 0 -or $exitCode -eq 10) {
Write-Host "Hardening completed successfully"
if ($exitCode -eq 10) { Write-Host "Reboot recommended" }
}
else {
Write-Host "Hardening failed with exit code: $exitCode"
# Check logs for details
$latestLog = Get-ChildItem "Logs" -Filter "NoIDPrivacy-*.log" | Sort-Object LastWriteTime -Descending | Select-Object -First 1
Get-Content $latestLog.FullName | Select-String "ERROR"
exit 1
exit $exitCode
}
```

4
Modules/ASR/ASR.psd1
View file

@ -1,6 +1,6 @@
@{
RootModule = 'ASR.psm1'
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
GUID = 'b2c3d4e5-f6a7-8901-bcde-f23456789012'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'
@ -25,7 +25,7 @@
LicenseUri = ''
ProjectUri = ''
ReleaseNotes = @"
v2.2.0 - Production Release
v2.2.1 - Production Release
- All 19 ASR rules implementation
- Hybrid approach: Registry backup + Set-MpPreference application
- SCCM/Configuration Manager detection

2
Modules/ASR/ASR.psm1
View file

@ -11,7 +11,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+, Administrator privileges, Windows Defender
#>

22
Modules/ASR/Public/Invoke-ASRRules.ps1
View file

@ -307,7 +307,7 @@ function Invoke-ASRRules {
Write-Host "This rule blocks very new or unknown executables that" -ForegroundColor Yellow
Write-Host "are not yet trusted by Microsoft's reputation systems." -ForegroundColor Yellow
Write-Host ""
Write-Host "Do you install NEW or UNTRUSTED software frequently?" -ForegroundColor White
Write-Host "Do you install NEW software frequently?" -ForegroundColor White
Write-Host ""
Write-Host " - Games from independent developers" -ForegroundColor Gray
Write-Host " - Beta software / Early access programs" -ForegroundColor Gray
@ -315,12 +315,12 @@ function Invoke-ASRRules {
Write-Host " - Open-source tools without Microsoft reputation" -ForegroundColor Gray
Write-Host ""
Write-Host "Options:" -ForegroundColor Cyan
Write-Host " [Y] Yes - I need to install untrusted software" -ForegroundColor Yellow
Write-Host " [Y] Yes - I regularly install new software" -ForegroundColor Yellow
Write-Host " > AUDIT mode: Events logged, installs allowed" -ForegroundColor Gray
Write-Host " > Developer/test mode (less secure)" -ForegroundColor Gray
Write-Host " > Recommended if you install software from various sources" -ForegroundColor Gray
Write-Host ""
Write-Host " [N] No - I only install trusted software" -ForegroundColor Green
Write-Host " > BLOCK mode: Maximum security (recommended)" -ForegroundColor Gray
Write-Host " [N] No - I rarely install new software" -ForegroundColor Green
Write-Host " > BLOCK mode: Maximum security" -ForegroundColor Gray
Write-Host " > New/unknown installers may be blocked" -ForegroundColor Gray
Write-Host ""
@ -483,14 +483,14 @@ function Invoke-ASRRules {
$mpPref = Get-MpPreference
$currentActions = $mpPref.AttackSurfaceReductionRules_Actions
if ($currentActions) {
$result.Details.BlockMode = ($currentActions | Where-Object { $_ -eq 1 }).Count
$result.Details.AuditMode = ($currentActions | Where-Object { $_ -eq 2 }).Count
$result.Details.DisabledMode = ($currentActions | Where-Object { $_ -eq 0 }).Count
$result.Details.BlockMode = @($currentActions | Where-Object { $_ -eq 1 }).Count
$result.Details.AuditMode = @($currentActions | Where-Object { $_ -eq 2 }).Count
$result.Details.DisabledMode = @($currentActions | Where-Object { $_ -eq 0 }).Count
} else {
# Fallback to array count
$result.Details.BlockMode = ($asrRules | Where-Object { $_.Action -eq 1 }).Count
$result.Details.AuditMode = ($asrRules | Where-Object { $_.Action -eq 2 }).Count
$result.Details.DisabledMode = ($asrRules | Where-Object { $_.Action -eq 0 }).Count
$result.Details.BlockMode = @($asrRules | Where-Object { $_.Action -eq 1 }).Count
$result.Details.AuditMode = @($asrRules | Where-Object { $_.Action -eq 2 }).Count
$result.Details.DisabledMode = @($asrRules | Where-Object { $_.Action -eq 0 }).Count
}
# Step 6: Verification

4
Modules/AdvancedSecurity/AdvancedSecurity.psd1
View file

@ -2,7 +2,7 @@
# Module manifest for AdvancedSecurity
# Version
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
# Unique ID
GUID = 'e7f5a3d2-8c9b-4f1e-a6d3-9b2c8f4e5a1d'
@ -48,7 +48,7 @@
LicenseUri = ''
ProjectUri = ''
ReleaseNotes = @'
v2.2.0 (2025-12-08)
v2.2.1 (2025-12-08)
- Production release of AdvancedSecurity module
- 49 advanced hardening settings implemented (was 36)
- NEW: Wireless Display (Miracast) security hardening

2
Modules/AdvancedSecurity/AdvancedSecurity.psm1
View file

@ -1,5 +1,5 @@
# AdvancedSecurity Module Loader
# Version: 2.2.0
# Version: 2.2.1
# Description: Advanced Security Hardening - Beyond Microsoft Security Baseline
# Get module path

2
Modules/AdvancedSecurity/Config/AdminShares.json
View file

@ -2,7 +2,7 @@
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Administrative Shares Configuration",
"description": "Configuration for disabling administrative shares (C$, ADMIN$, etc.) to prevent lateral movement",
"version": "2.2.0",
"version": "2.2.1",
"Administrative_Shares": {
"description": "Disable automatic creation and remove existing administrative shares",

2
Modules/AdvancedSecurity/Config/Credentials.json
View file

@ -2,7 +2,7 @@
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Credential Protection Configuration",
"description": "Configuration for credential hardening including WDigest protection",
"version": "2.2.0",
"version": "2.2.1",
"WDigest_Protection": {
"description": "Prevent WDigest from storing plaintext passwords in LSASS memory",

2
Modules/AdvancedSecurity/Config/RDP.json
View file

@ -2,7 +2,7 @@
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "RDP Hardening Configuration",
"description": "Configuration for RDP (Remote Desktop Protocol) hardening including NLA enforcement and optional complete disable",
"version": "2.2.0",
"version": "2.2.1",
"NLA_Enforcement": {
"description": "Network Level Authentication (NLA) enforcement settings",

2
Modules/AdvancedSecurity/Private/Block-FingerProtocol.ps1
View file

@ -21,7 +21,7 @@ function Block-FingerProtocol {
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Administrator privileges
REFERENCES:

2
Modules/AdvancedSecurity/Private/Set-SRPRules.ps1
View file

@ -27,7 +27,7 @@ function Set-SRPRules {
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Administrator privileges
REFERENCES:

2
Modules/AdvancedSecurity/Private/Set-WindowsUpdate.ps1
View file

@ -22,7 +22,7 @@ function Set-WindowsUpdate {
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Administrator privileges
Based on: Windows Settings > Windows Update > Advanced options
#>

3
Modules/AdvancedSecurity/Private/Test-DiscoveryProtocolsSecurity.ps1
View file

@ -28,6 +28,7 @@ function Test-DiscoveryProtocolsSecurity {
Tcp5357ListenersClosed = $null
Tcp5358ListenersClosed = $null
Compliant = $false
Pass = $true # Optional feature (Maximum only) - always pass
}
try {
@ -69,7 +70,7 @@ function Test-DiscoveryProtocolsSecurity {
if ($rules.Count -gt 0) {
$result.FirewallRulesPresent = ($rules.Count -eq $ruleNames.Count)
$result.FirewallRulesEnabled = ($rules | Where-Object { $_.Enabled -eq 'True' -and $_.Action -eq 'Block' }).Count -eq $ruleNames.Count
$result.FirewallRulesEnabled = @($rules | Where-Object { $_.Enabled -eq 'True' -and $_.Action -eq 'Block' }).Count -eq $ruleNames.Count
}
# 4) Optional: check that ports are not listening

10
Modules/AdvancedSecurity/Private/Test-FirewallShieldsUp.ps1
View file

@ -16,10 +16,12 @@ function Test-FirewallShieldsUp {
$value = Get-ItemProperty -Path $regPath -Name $valueName -ErrorAction SilentlyContinue
if ($null -eq $value -or $value.$valueName -ne 1) {
# Shields Up is OPTIONAL (Maximum profile only) - not a failure if not enabled
return @{
Pass = $false
Message = "Shields Up NOT enabled (Public network allows configured exceptions)"
Pass = $true # Optional feature - always pass
Message = "Shields Up not enabled (Optional - Maximum profile only)"
CurrentValue = if ($null -eq $value) { "Not Set" } else { $value.$valueName }
IsEnabled = $false
}
}
@ -27,13 +29,15 @@ function Test-FirewallShieldsUp {
Pass = $true
Message = "Shields Up ENABLED (Public network blocks ALL incoming)"
CurrentValue = 1
IsEnabled = $true
}
}
catch {
return @{
Pass = $false
Pass = $true # Don't fail on error for optional feature
Message = "Error checking Shields Up: $_"
CurrentValue = "Error"
IsEnabled = $false
}
}
}

2
Modules/AdvancedSecurity/Public/Invoke-AdvancedSecurity.ps1
View file

@ -11,7 +11,7 @@ function Invoke-AdvancedSecurity {
- Enterprise: Conservative approach with domain-safety checks
- Maximum: Maximum hardening for air-gapped/high-security environments
Features implemented (v2.2.0):
Features implemented (v2.2.1):
- RDP NLA enforcement + optional complete disable
- WDigest credential protection
- Administrative shares disable (domain-aware)

14
Modules/AdvancedSecurity/Public/Test-AdvancedSecurity.ps1
View file

@ -110,13 +110,15 @@ function Test-AdvancedSecurity {
Write-Host "Testing Discovery Protocols (WS-Discovery + mDNS)..." -ForegroundColor Gray
$discoveryTest = Test-DiscoveryProtocolsSecurity
if ($discoveryTest) {
# Optional feature (Maximum profile only) - use Pass field which is always true
$statusText = if ($discoveryTest.Compliant) { "Disabled (Maximum)" } else { "Enabled (Optional - Maximum profile only)" }
$results += [PSCustomObject]@{
Feature = "Discovery Protocols (WS-Discovery + mDNS)"
Status = if ($discoveryTest.Compliant) { "Secure" } else { "Insecure" }
Status = $statusText
Details = "mDNS=" + $(if ($discoveryTest.EnableMDNS -eq 0) { "Disabled" } else { "Enabled/Not Set" }) +
"; Services: FDResPub=" + $discoveryTest.FDResPubDisabled + ", fdPHost=" + $discoveryTest.FdPHostDisabled +
"; FirewallRulesEnabled=" + $discoveryTest.FirewallRulesEnabled
Compliant = $discoveryTest.Compliant
Compliant = $discoveryTest.Pass # Always true - optional feature
}
}
@ -124,9 +126,11 @@ function Test-AdvancedSecurity {
Write-Host "Testing Firewall Shields Up (Public)..." -ForegroundColor Gray
$shieldsUpTest = Test-FirewallShieldsUp
# Always pass - this is an optional hardening only for the Maximum (air-gapped) profile
$statusText = if ($shieldsUpTest.IsEnabled) { "Enabled (Maximum)" } else { "Not enabled (Optional - Maximum profile only)" }
$results += [PSCustomObject]@{
Feature = "Firewall Shields Up (Public)"
Compliant = $shieldsUpTest.Pass
Status = $statusText
Compliant = $shieldsUpTest.Pass # Always true - optional feature
Details = $shieldsUpTest.Message
}
@ -147,8 +151,8 @@ function Test-AdvancedSecurity {
Write-Host "============================================" -ForegroundColor Cyan
Write-Host ""
$compliantCount = ($results | Where-Object { $_.Compliant -eq $true }).Count
$totalTests = $results.Count
$compliantCount = @($results | Where-Object { $_.Compliant -eq $true }).Count
$totalTests = @($results).Count
$compliancePercent = [math]::Round(($compliantCount / $totalTests) * 100, 1)
Write-Host "Total Tests: $totalTests" -ForegroundColor White

2
Modules/AntiAI/AntiAI.psd1
View file

@ -1,6 +1,6 @@
@{
RootModule = 'AntiAI.psm1'
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
GUID = 'f8e9d7c6-5b4a-3c2d-1e0f-9a8b7c6d5e4f'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'

4
Modules/AntiAI/AntiAI.psm1
View file

@ -11,7 +11,7 @@
.NOTES
Module: AntiAI
Version: 2.2.0
Version: 2.2.1
Author: NoID Privacy
#>
@ -29,7 +29,7 @@ $privateFunctions = @(
'Disable-Recall'
'Set-RecallProtection'
'Disable-Copilot'
'Disable-CopilotAdvanced' # NEW v2.2.0: URI handlers, Edge sidebar, Recall export
'Disable-CopilotAdvanced' # NEW v2.2.1: URI handlers, Edge sidebar, Recall export
'Disable-ClickToDo'
'Disable-SettingsAgent'
'Disable-ExplorerAI' # NEW: File Explorer AI Actions menu

2
Modules/AntiAI/Private/Disable-CopilotAdvanced.ps1
View file

@ -40,7 +40,7 @@
.NOTES
Requires Administrator privileges.
Part of NoID Privacy AntiAI Module v2.2.0
Part of NoID Privacy AntiAI Module v2.2.1
#>
function Disable-CopilotAdvanced {
[CmdletBinding()]

2
Modules/AntiAI/Private/Test-AntiAICompliance.ps1
View file

@ -42,7 +42,7 @@
.NOTES
Author: NoID Privacy
Version: 2.2.0 (Extended validation)
Version: 2.2.1 (Extended validation)
Requires: Windows 11 24H2+, Administrator privileges
#>

8
Modules/AntiAI/Public/Invoke-AntiAI.ps1
View file

@ -52,7 +52,7 @@
.NOTES
Author: NoID Privacy
Version: 2.2.0
Version: 2.2.1
Requires: Windows 11 24H2 or later, Administrator privileges
Impact: All AI features completely disabled, reboot required
#>
@ -70,7 +70,7 @@ function Invoke-AntiAI {
Write-Host "" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host " ANTI-AI MODULE v2.2.0" -ForegroundColor Cyan
Write-Host " ANTI-AI MODULE v2.2.1" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host ""
Write-Host "Disables 15 AI features (32 policies):" -ForegroundColor White
@ -171,7 +171,7 @@ function Invoke-AntiAI {
@{ Path = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Paint"; Name = "DisableImageCreator"; Type = "DWord" },
@{ Path = "HKLM:\SOFTWARE\Policies\WindowsNotepad"; Name = "DisableAIFeatures"; Type = "DWord" },
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsAI"; Name = "DisableSettingsAgent"; Type = "DWord" },
# NEW v2.2.0: Advanced Copilot Blocking
# NEW v2.2.1: Advanced Copilot Blocking
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsAI"; Name = "AllowRecallExport"; Type = "DWord" },
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Edge"; Name = "EdgeSidebarEnabled"; Type = "DWord" },
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Edge"; Name = "ShowHubsSidebar"; Type = "DWord" },
@ -355,7 +355,7 @@ function Invoke-AntiAI {
}
# ============================================================================
# ADVANCED COPILOT BLOCKING (NEW v2.2.0)
# ADVANCED COPILOT BLOCKING (NEW v2.2.1)
# ============================================================================
Write-Host ""
Write-Host " [Advanced Copilot Blocks]" -ForegroundColor Cyan

2
Modules/DNS/DNS.psd1
View file

@ -2,7 +2,7 @@
# Module manifest for DNS module
RootModule = 'DNS.psm1'
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
GUID = 'a8f7b3c9-4e5d-4a2b-9c1d-8f3e5a7b9c2d'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'

2
Modules/DNS/DNS.psm1
View file

@ -12,7 +12,7 @@
.NOTES
Author: NoID Privacy
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+, Administrator privileges
#>

4
Modules/DNS/Public/Restore-DNSSettings.ps1
View file

@ -128,7 +128,7 @@ function Restore-DNSSettings {
$keyContent = Get-ChildItem $dnsClientPath -ErrorAction SilentlyContinue
$keyProps = Get-ItemProperty $dnsClientPath -ErrorAction SilentlyContinue
# Count properties (exclude PS metadata like PSPath, etc.)
$propCount = ($keyProps.PSObject.Properties | Where-Object { $_.Name -notin @('PSPath','PSParentPath','PSChildName','PSDrive','PSProvider') }).Count
$propCount = @($keyProps.PSObject.Properties | Where-Object { $_.Name -notin @('PSPath','PSParentPath','PSChildName','PSDrive','PSProvider') }).Count
if (($null -eq $keyContent -or $keyContent.Count -eq 0) -and $propCount -eq 0) {
Remove-Item $dnsClientPath -Force -ErrorAction SilentlyContinue
@ -158,7 +158,7 @@ function Restore-DNSSettings {
if (Test-Path $dnsParamsPath) {
$keyContent = Get-ChildItem $dnsParamsPath -ErrorAction SilentlyContinue
$keyProps = Get-ItemProperty $dnsParamsPath -ErrorAction SilentlyContinue
$propCount = ($keyProps.PSObject.Properties | Where-Object { $_.Name -notin @('PSPath','PSParentPath','PSChildName','PSDrive','PSProvider') }).Count
$propCount = @($keyProps.PSObject.Properties | Where-Object { $_.Name -notin @('PSPath','PSParentPath','PSChildName','PSDrive','PSProvider') }).Count
if (($null -eq $keyContent -or $keyContent.Count -eq 0) -and $propCount -eq 0) {
Remove-Item $dnsParamsPath -Force -ErrorAction SilentlyContinue

4
Modules/EdgeHardening/EdgeHardening.psd1
View file

@ -3,7 +3,7 @@
RootModule = 'EdgeHardening.psm1'
# Version number of this module
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
# ID used to uniquely identify this module
GUID = '8e3f4c2a-9b1d-4e7a-a2c5-6f8b3d9e1a4c'
@ -48,7 +48,7 @@
LicenseUri = ''
ProjectUri = ''
ReleaseNotes = @"
v2.2.0 - Production Release
v2.2.1 - Production Release
- Microsoft Edge v139 Security Baseline implementation
- 20 security policies (native PowerShell, no LGPO.exe)
- SmartScreen enforcement with override prevention

2
Modules/EdgeHardening/EdgeHardening.psm1
View file

@ -16,7 +16,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+, Administrator privileges
#>

2
Modules/EdgeHardening/Public/Invoke-EdgeHardening.ps1
View file

@ -48,7 +48,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+, Administrator privileges
IMPORTANT: This applies Microsoft's recommended security baseline.

2
Modules/EdgeHardening/Public/Test-EdgeHardening.ps1
View file

@ -23,7 +23,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Can be run without Administrator privileges
#>

2
Modules/Privacy/Privacy.psd1
View file

@ -1,6 +1,6 @@
@{
RootModule = 'Privacy.psm1'
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
GUID = 'a9f7c8d3-2e5b-4a1f-9c3d-7e8f5a6b2c4d'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'

2
Modules/Privacy/Privacy.psm1
View file

@ -16,7 +16,7 @@
.NOTES
Module: Privacy
Version: 2.2.0
Version: 2.2.1
Author: NoID Privacy
#>

6
Modules/Privacy/Private/Backup-PrivacySettings.ps1
View file

@ -38,12 +38,12 @@ function Backup-PrivacySettings {
"HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore",
"HKLM:\SOFTWARE\Policies\Microsoft\Dsh",
"HKLM:\SOFTWARE\Policies\Microsoft\FindMyDevice",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput", # AllowLinguisticDataCollection (v2.2.0)
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput", # AllowLinguisticDataCollection (v2.2.1)
"HKLM:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics",
# HKCU User Keys
"HKCU:\Software\Policies\Microsoft\Windows\Explorer",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo",
# NEW: Anti-Advertising & Search Settings (v2.2.0)
# NEW: Anti-Advertising & Search Settings (v2.2.1)
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\Search",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\SearchSettings",
@ -52,7 +52,7 @@ function Backup-PrivacySettings {
"HKCU:\Software\Microsoft\Windows\CurrentVersion\SystemSettings\AccountNotifications",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement",
"HKCU:\SOFTWARE\Microsoft\Personalization\Settings",
# NEW: Input Personalization Settings (v2.2.0 - FIX missing HKCU backup)
# NEW: Input Personalization Settings (v2.2.1 - FIX missing HKCU backup)
"HKCU:\SOFTWARE\Microsoft\InputPersonalization",
"HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics"

2
Modules/Privacy/Public/Invoke-PrivacyHardening.ps1
View file

@ -354,7 +354,7 @@ function Invoke-PrivacyHardening {
$bloatwareListPath = Join-Path $moduleBackupPath "REMOVED_APPS_LIST.txt"
$listContent = @()
$listContent += "================================================================"
$listContent += " REMOVED APPS - NoID Privacy v2.2.0"
$listContent += " REMOVED APPS - NoID Privacy v2.2.1"
$listContent += " Session: $(Split-Path $moduleBackupPath -Leaf)"
$listContent += " Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
$listContent += "================================================================"

2
Modules/SecurityBaseline/Public/Invoke-SecurityBaseline.ps1
View file

@ -44,7 +44,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0 - Self-Contained Edition
Version: 2.2.1 - Self-Contained Edition
Requires: PowerShell 5.1+, Administrator privileges
BREAKING CHANGE from v1.0:

4
Modules/SecurityBaseline/SecurityBaseline.psd1
View file

@ -1,6 +1,6 @@
@{
RootModule = 'SecurityBaseline.psm1'
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
GUID = 'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'
@ -26,7 +26,7 @@
LicenseUri = ''
ProjectUri = ''
ReleaseNotes = @"
v2.2.0 - Self-Contained Edition
v2.2.1 - Self-Contained Edition
- NO LGPO.exe REQUIRED! Fully self-contained implementation
- 425 Microsoft Security Baseline settings for Windows 11 25H2
- 335 Registry policies (Computer + User)

2
Modules/SecurityBaseline/SecurityBaseline.psm1
View file

@ -13,7 +13,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+, Administrator privileges
#>

36
NoIDPrivacy-Interactive.ps1
View file

@ -19,7 +19,7 @@
resulting from its use. USE AT YOUR OWN RISK.
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+, Administrator
For CLI mode use: NoIDPrivacy.ps1 -Module <name>
#>
@ -30,7 +30,7 @@
# No parameters - interactive mode only
$ErrorActionPreference = 'Stop'
$Host.UI.RawUI.WindowTitle = "NoID Privacy v2.2.0"
$Host.UI.RawUI.WindowTitle = "NoID Privacy v2.2.1"
# Set script root path (required by modules to load configs)
$script:RootPath = $PSScriptRoot
@ -90,7 +90,7 @@ function Write-Banner {
Clear-Host
Write-Host ""
Write-Host " ========================================" -ForegroundColor Cyan
Write-Host " NoID Privacy v2.2.0 " -ForegroundColor Cyan
Write-Host " NoID Privacy v2.2.1 " -ForegroundColor Cyan
Write-Host " ========================================" -ForegroundColor Cyan
Write-Host ""
Write-Host " Professional Windows 11 Security & Privacy Hardening Framework" -ForegroundColor Gray
@ -105,7 +105,7 @@ function Write-Banner {
$osBuild = if ($os) { $os.BuildNumber } else { $null }
$psVersion = $PSVersionTable.PSVersion.ToString()
$envLine = " Version 2.2.0"
$envLine = " Version 2.2.1"
if ($osBuild) {
$envLine += " | Windows Build $osBuild"
}
@ -600,11 +600,18 @@ function Invoke-HardeningWorkflow {
# FIX: Call framework ONCE with all modules instead of separate calls
# This ensures single backup session and single log file
# Exit code handling: 0 = Success, 10 = Success with Reboot recommended
# Any other code indicates failure
$rebootRecommended = $false
if ($modulesToRun.Count -eq 7) {
# All modules selected - use "All" for single unified session
Write-Step "Running ALL modules in unified session..." -Status INFO
& $frameworkScript -Module All -VerboseLogging
if ($LASTEXITCODE -ne 0) {
if ($LASTEXITCODE -eq 10) {
$rebootRecommended = $true
}
elseif ($LASTEXITCODE -ne 0) {
$allSucceeded = $false
}
}
@ -612,7 +619,10 @@ function Invoke-HardeningWorkflow {
# Single module
Write-Step "Running module: $($modulesToRun[0])" -Status INFO
& $frameworkScript -Module $modulesToRun[0] -VerboseLogging
if ($LASTEXITCODE -ne 0) {
if ($LASTEXITCODE -eq 10) {
$rebootRecommended = $true
}
elseif ($LASTEXITCODE -ne 0) {
$allSucceeded = $false
}
}
@ -622,7 +632,10 @@ function Invoke-HardeningWorkflow {
foreach ($mod in $modulesToRun) {
Write-Step "Running module: $mod" -Status INFO
& $frameworkScript -Module $mod -VerboseLogging
if ($LASTEXITCODE -ne 0) {
if ($LASTEXITCODE -eq 10) {
$rebootRecommended = $true
}
elseif ($LASTEXITCODE -ne 0) {
$allSucceeded = $false
}
Write-Host ""
@ -651,6 +664,9 @@ function Invoke-HardeningWorkflow {
if ($allSucceeded) {
Write-ColorText " Your system is now hardened with enterprise-grade security!" -Color Green
if ($rebootRecommended) {
Write-ColorText " A system reboot is recommended for all changes to take effect." -Color Yellow
}
}
else {
Write-ColorText " Some modules had warnings or were skipped. Check details above." -Color Yellow
@ -659,8 +675,10 @@ function Invoke-HardeningWorkflow {
Write-Host ""
# Always prompt for reboot (even with warnings/skips, changes were made)
Invoke-RebootPrompt -Context 'Hardening'
# Prompt for reboot if recommended by exit code or if changes were made
if ($rebootRecommended -or $allSucceeded) {
Invoke-RebootPrompt -Context 'Hardening'
}
Write-Host ""
}

71
NoIDPrivacy.ps1
View file

@ -50,9 +50,24 @@
resulting from its use. USE AT YOUR OWN RISK.
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+, Administrator privileges, Windows 11
License: GPL-3.0 (Core CLI). See LICENSE for full terms.
.OUTPUTS
Exit Codes for CI/CD Integration:
0 = SUCCESS - All operations completed successfully
1 = ERROR_GENERAL - General/unspecified error
2 = ERROR_PREREQUISITES - System requirements not met (OS, PowerShell, Admin)
3 = ERROR_CONFIG - Configuration file error (missing, invalid JSON)
4 = ERROR_MODULE - One or more modules failed during execution
5 = ERROR_FATAL - Fatal/unexpected exception
10 = SUCCESS_REBOOT - Success, but reboot is required for changes to take effect
Example CI/CD usage:
$exitCode = (Start-Process powershell -ArgumentList "-File NoIDPrivacy.ps1 -Module All" -Wait -PassThru).ExitCode
if ($exitCode -eq 0 -or $exitCode -eq 10) { "Success" } else { "Failed with code $exitCode" }
#>
[CmdletBinding()]
@ -83,6 +98,27 @@ param(
# Enable strict mode for better error detection
Set-StrictMode -Version Latest
# ============================================================================
# RESET BACKUP STATE - Each NoIDPrivacy.ps1 call gets a fresh session
# ============================================================================
# This ensures multiple runs from Interactive Menu create separate sessions
$global:BackupBasePath = ""
$global:BackupIndex = @()
$global:NewlyCreatedKeys = @()
$global:SessionManifest = @{}
$global:CurrentModule = ""
# ============================================================================
# EXIT CODES - For CI/CD and automation integration
# ============================================================================
$script:EXIT_SUCCESS = 0 # All operations completed successfully
$script:EXIT_ERROR_GENERAL = 1 # General/unspecified error
$script:EXIT_ERROR_PREREQUISITES = 2 # System requirements not met
$script:EXIT_ERROR_CONFIG = 3 # Configuration file error
$script:EXIT_ERROR_MODULE = 4 # One or more modules failed
$script:EXIT_ERROR_FATAL = 5 # Fatal/unexpected exception
$script:EXIT_SUCCESS_REBOOT = 10 # Success, reboot required
# Script root path
$script:RootPath = $PSScriptRoot
@ -99,7 +135,7 @@ try {
$logDirectory = Join-Path $script:RootPath "Logs"
Initialize-Logger -LogDirectory $logDirectory -MinimumLevel $logLevel
Write-Log -Level INFO -Message "=== NoID Privacy Framework v2.2.0 ===" -Module "Main"
Write-Log -Level INFO -Message "=== NoID Privacy Framework v2.2.1 ===" -Module "Main"
Write-Log -Level INFO -Message "Starting framework initialization..." -Module "Main"
# Load other Core modules
@ -130,7 +166,7 @@ catch {
Write-Host "Stack Trace: $($_.ScriptStackTrace)" -ForegroundColor Red
Write-Host "" -ForegroundColor Red
Write-Host "Please ensure all framework files are present and not corrupted." -ForegroundColor Yellow
exit 1
exit $script:EXIT_ERROR_FATAL
}
# Load configuration
@ -154,7 +190,7 @@ try {
catch {
Write-Log -Level ERROR -Message "Failed to load configuration file" -Module "Main" -Exception $_.Exception
Write-Host "ERROR: Configuration file error - check config.json syntax" -ForegroundColor Red
exit 1
exit $script:EXIT_ERROR_CONFIG
}
# Validate prerequisites (full framework pre-flight: system, domain, backup)
@ -166,7 +202,7 @@ try {
if (-not $ok) {
Write-Log -Level ERROR -Message "Framework prerequisites failed" -Module "Main"
Write-Host "ERROR: Prerequisite checks failed. See log for details." -ForegroundColor Red
exit 1
exit $script:EXIT_ERROR_PREREQUISITES
}
Write-Log -Level SUCCESS -Message "Framework prerequisites met" -Module "Main"
@ -174,13 +210,13 @@ try {
catch {
Write-ErrorLog -Message "Framework prerequisite validation failed" -Module "Main" -ErrorRecord $_
Write-Host "ERROR: System requirements not met - see log for details" -ForegroundColor Red
exit 1
exit $script:EXIT_ERROR_PREREQUISITES
}
# Display banner
Write-Host ""
Write-Host "========================================" -ForegroundColor Cyan
Write-Host " NoID Privacy - v2.2.0" -ForegroundColor Cyan
Write-Host " NoID Privacy - v2.2.1" -ForegroundColor Cyan
Write-Host " Windows 11 Security Hardening" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host ""
@ -303,7 +339,7 @@ if (-not $Module) {
$selIndex = [int]$selection - 1
if ($selIndex -lt 0 -or $selIndex -ge $sessions.Count) {
Write-Host "Invalid selection." -ForegroundColor Red
exit 1
exit $script:EXIT_ERROR_GENERAL
}
$selectedSession = $sessions[$selIndex]
@ -473,11 +509,24 @@ try {
if ($result.Success) {
Write-Log -Level SUCCESS -Message "Framework execution completed successfully" -Module "Main"
exit 0
# Check if reboot is recommended (certain modules modify kernel/driver settings)
$rebootModules = @("SecurityBaseline", "AdvancedSecurity", "AntiAI")
$executedModules = if ($Module -eq "All") { $rebootModules } else { @($Module) }
$needsReboot = @($executedModules | Where-Object { $_ -in $rebootModules }).Count -gt 0
if ($needsReboot -and -not $DryRun) {
Write-Host ""
Write-Host "NOTE: A system reboot is recommended for all changes to take effect." -ForegroundColor Yellow
exit $script:EXIT_SUCCESS_REBOOT
}
else {
exit $script:EXIT_SUCCESS
}
}
else {
Write-Log -Level ERROR -Message "Framework execution completed with errors" -Module "Main"
exit 1
exit $script:EXIT_ERROR_MODULE
}
}
catch {
@ -486,5 +535,5 @@ catch {
Write-Host "FATAL ERROR: Unexpected exception during execution" -ForegroundColor Red
Write-Host "Error: $($_.Exception.Message)" -ForegroundColor Red
Write-Host ""
exit 1
exit $script:EXIT_ERROR_FATAL
}

28
README.md
View file

@ -8,7 +8,7 @@
[![PowerShell](https://img.shields.io/badge/PowerShell-5.1%2B-blue.svg?logo=powershell)](https://github.com/PowerShell/PowerShell)
[![Windows 11](https://img.shields.io/badge/Windows%2011-25H2-0078D4.svg?logo=windows11)](https://www.microsoft.com/windows/)
[![License](https://img.shields.io/badge/license-GPL--3.0-green.svg?logo=gnu)](LICENSE)
[![Version](https://img.shields.io/badge/version-2.2.0-blue.svg)](CHANGELOG.md)
[![Version](https://img.shields.io/badge/version-2.2.1-blue.svg)](CHANGELOG.md)
[![Status](https://img.shields.io/badge/status-production--ready-brightgreen.svg)]()
---
@ -391,13 +391,13 @@ cd noid-privacy
| Module | Settings | Description | Status |
|--------|----------|-------------|--------|
| **SecurityBaseline** | 425 | Microsoft Security Baseline 25H2 | v2.2.0 |
| **ASR** | 19 | Attack Surface Reduction Rules | v2.2.0 |
| **DNS** | 5 | Secure DNS with DoH encryption | v2.2.0 |
| **Privacy** | 78 | Telemetry, Bloatware, OneDrive hardening (Strict) | v2.2.0 |
| **AntiAI** | 32 | AI lockdown (15 features, 32 compliance checks) | v2.2.0 |
| **EdgeHardening** | 24 | Microsoft Edge security (24 policies) | v2.2.0 |
| **AdvancedSecurity** | 50 | Beyond MS Baseline (SRP, Legacy protocols, Wireless Display, Discovery Protocols, IPv6) | v2.2.0 |
| **SecurityBaseline** | 425 | Microsoft Security Baseline 25H2 | v2.2.1 |
| **ASR** | 19 | Attack Surface Reduction Rules | v2.2.1 |
| **DNS** | 5 | Secure DNS with DoH encryption | v2.2.1 |
| **Privacy** | 78 | Telemetry, Bloatware, OneDrive hardening (Strict) | v2.2.1 |
| **AntiAI** | 32 | AI lockdown (15 features, 32 compliance checks) | v2.2.1 |
| **EdgeHardening** | 24 | Microsoft Edge security (24 policies) | v2.2.1 |
| **AdvancedSecurity** | 50 | Beyond MS Baseline (SRP, Legacy protocols, Wireless Display, Discovery Protocols, IPv6) | v2.2.1 |
| **TOTAL** | **633** | **Complete Framework (Paranoid mode)** | **Production** |
**Release Highlights:**
@ -852,10 +852,18 @@ The authors are not responsible for any damage or data loss.
## 📈 Project Status
**Current Version:** 2.2.0
**Last Updated:** December 8, 2025
**Current Version:** 2.2.1
**Last Updated:** December 19, 2025
**Status:** Production-Ready
### Release Highlights v2.2.1
- **Critical Fix:** Multi-run session bug (auditpol backup failures when running multiple times)
- **Fix:** `.Count` property bug in 5 files (Where-Object single-object results)
- **Improved:** ASR prompt text ("untrusted" → "new software" - more neutral)
- Full codebase review of backup/restore system (2970 lines)
- Wireless Display security verified against MS Policy CSP docs
### Release Highlights v2.2.0
- 630+ settings (expanded from 580+)

4
Start-NoIDPrivacy.bat
View file

@ -7,12 +7,12 @@ REM This script launches NoIDPrivacy-Interactive.ps1 with
REM Administrator privileges (auto-elevation).
REM
REM Author: NexusOne23
REM Version: 2.2.0
REM Version: 2.2.1
REM ========================================
setlocal
title NoID Privacy v2.2.0
title NoID Privacy v2.2.1
REM Get the directory where this batch file is located
set "SCRIPT_DIR=%~dp0"

2
Tests/Run-Tests.ps1
View file

@ -17,7 +17,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+, Pester 5.0+
.EXAMPLE

2
Tests/Setup-TestEnvironment.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
.EXAMPLE

2
Tests/Unit/ASR.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Pester 5.0+
#>

2
Tests/Unit/AdvancedSecurity.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Pester 5.0+
#>

2
Tests/Unit/AntiAI.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Pester 5.0+
#>

2
Tests/Unit/DNS.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Pester 5.0+
#>

2
Tests/Unit/EdgeHardening.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Pester 5.0+
#>

2
Tests/Unit/ModuleTemplate.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Pester 5.0+
#>

2
Tests/Unit/Privacy.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: Pester 5.0+
#>

2
Tools/Parse-EdgeBaseline.ps1
View file

@ -18,7 +18,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
.EXAMPLE

2
Tools/Parse-SecurityBaseline.ps1
View file

@ -25,7 +25,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
.EXAMPLE

8
Tools/Verify-Complete-Hardening.ps1
View file

@ -27,7 +27,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
#>
#Requires -Version 5.1
@ -3180,7 +3180,7 @@ try {
<body>
<div class="container">
<div class="header">
<h1>NoID Privacy v2.2.0</h1>
<h1>NoID Privacy v2.2.1</h1>
<p class="subtitle">Complete Hardening Compliance Report</p>
<span class="badge">All $totalSettings Settings Verified</span>
</div>
@ -3200,7 +3200,7 @@ try {
</div>
<div class="meta-item">
<span class="meta-label">Framework Version</span>
<span class="meta-value">NoID Privacy v2.2.0</span>
<span class="meta-value">NoID Privacy v2.2.1</span>
</div>
</div>
@ -3642,7 +3642,7 @@ try {
</div>
<div class="footer">
<p>Generated by NoID Privacy v2.2.0</p>
<p>Generated by NoID Privacy v2.2.1</p>
<p>Professional Windows 11 Security & Privacy Hardening Framework</p>
</div>
</div>

2
Utils/Compatibility.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
#>

2
Utils/Dependencies.ps1
View file

@ -7,7 +7,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
#>

6
Utils/Hardware.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
#>
@ -165,7 +165,7 @@ function Test-SSDDrive {
}
}
function Get-WindowsEdition {
function Get-WindowsEditionInfo {
<#
.SYNOPSIS
Get Windows edition information
@ -224,7 +224,7 @@ function Get-HardwareReport {
return [PSCustomObject]@{
OS = Get-WindowsVersion
Edition = Get-WindowsEdition
Edition = Get-WindowsEditionInfo
CPU = Get-CPUInfo
Memory = Get-MemoryInfo
UEFI = Test-UEFIBoot

2
Utils/Registry.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
#>

2
Utils/Service.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+
#>

6
config.json
View file

@ -1,5 +1,5 @@
{
"version": "2.2.0",
"version": "2.2.1",
"modules": {
"SecurityBaseline": {
"enabled": true,
@ -48,7 +48,7 @@
"description": "Microsoft Edge v139 Security Baseline: 24 security policies",
"_comment": "Interactive: Allow extensions (Y/N, default: Y)",
"allowExtensions": true,
"version": "2.2.0",
"version": "2.2.1",
"baseline": "Edge v139",
"policies": 24,
"features": {
@ -75,7 +75,7 @@
"disableWirelessDisplay": false,
"disableDiscoveryProtocols": true,
"disableIPv6": false,
"version": "2.2.0",
"version": "2.2.1",
"policies": 50,
"features": {
"rdp_hardening": true,