diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index e4ba02a..76e3adb 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -32,7 +32,7 @@ A clear description of what actually happened. - **CPU**: [e.g., AMD Ryzen 7 9800X3D] - **TPM**: [e.g., 2.0 Present] - **Third-Party AV**: [e.g., None, Windows Defender only] -- **Script Version**: [e.g., v2.2.0] +- **Script Version**: [e.g., v2.2.1] - **Execution Mode**: [Interactive / Direct / DryRun] **Get System Info:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 04a1fd5..aa30b96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,39 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 --- +## [2.2.1] - 2025-12-19 + +### 🔧 Maintenance Release + +**Critical bugfix for multi-run sessions and code review.** + +### 🔨 Fixed + +**Multi-Run Session Bug (Critical)** +- Fixed: Running framework multiple times in same PowerShell session caused `auditpol.exe` backup failures +- Root cause: `$global:BackupBasePath` was not reset between runs, causing auditpol to fail with "file exists" error +- Fix: Global backup variables (`BackupBasePath`, `BackupIndex`, `NewlyCreatedKeys`, `SessionManifest`, `CurrentModule`) are now reset at script start in `NoIDPrivacy.ps1` +- Impact: Users can now run individual modules, then "Apply All", then individual modules again without errors + +**`.Count` Property Bug (5 files)** +- Fixed: `.Count` property failed on single-object results from `Where-Object` +- Affected files: `Invoke-ASRRules.ps1`, `Framework.ps1`, `Test-AdvancedSecurity.ps1`, `Test-DiscoveryProtocolsSecurity.ps1`, `Restore-DNSSettings.ps1` +- Fix: Wrapped results in `@()` to ensure array type + +### ✅ Changed + +**ASR Prompt Text Improved** +- Changed "untrusted software" to "new software" in ASR prevalence rule prompt +- More neutral language - the software isn't necessarily untrusted, just new/unknown to Microsoft's reputation system + +**Code Quality** +- Full codebase review of backup/restore system (2970 lines in `Core/Rollback.ps1`) +- Wireless Display (Miracast) security implementation verified against Microsoft documentation +- All 7 registry policies confirmed correct per MS Policy CSP docs +- Version numbers aligned across all 50+ files + +--- + ## [2.2.0] - 2025-12-08 ### 🚀 Enhanced Framework - 630+ Settings diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3493e9b..57a1feb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -68,7 +68,7 @@ Modules/ ``` Modules/AdvancedSecurity/ -├── AdvancedSecurity.psd1 # Manifest with version 2.2.0 +├── AdvancedSecurity.psd1 # Manifest with version 2.2.1 ├── AdvancedSecurity.psm1 # Loads Private/*.ps1 and Public/*.ps1 ├── Config/ │ ├── RDP.json # RDP hardening config @@ -105,7 +105,7 @@ Modules/AdvancedSecurity/ ```powershell @{ RootModule = 'YourModule.psm1' - ModuleVersion = '2.2.0' + ModuleVersion = '2.2.1' GUID = 'YOUR-GUID-HERE' # Generate with [guid]::NewGuid() Author = 'Your Name' CompanyName = 'NoID Privacy' @@ -128,7 +128,7 @@ Modules/AdvancedSecurity/ Tags = @('Security', 'Hardening', 'Windows11') ProjectUri = 'https://github.com/yourusername/noid-privacy' ReleaseNotes = @" -v2.2.0 - Initial Release +v2.2.1 - Initial Release - Feature 1 - Feature 2 "@ @@ -141,7 +141,7 @@ v2.2.0 - Initial Release ```powershell @{ RootModule = 'AdvancedSecurity.psm1' - ModuleVersion = '2.2.0' + ModuleVersion = '2.2.1' GUID = 'a1b2c3d4-e5f6-7890-abcd-ef1234567890' Author = 'NexusOne23' Description = 'Advanced Security hardening beyond Microsoft Security Baseline' @@ -155,7 +155,7 @@ v2.2.0 - Initial Release PSData = @{ Tags = @('Security', 'Hardening', 'RDP', 'TLS', 'Windows11') ReleaseNotes = @" -v2.2.0 - Production Release +v2.2.1 - Production Release - RDP NLA enforcement + optional complete disable - WDigest credential protection - Administrative shares disable (domain-aware) @@ -781,4 +781,4 @@ mkdir "Modules\YourModule\Config" --- -**Questions? Study AdvancedSecurity v2.2.0 - it's the reference implementation!** 🎯 +**Questions? Study AdvancedSecurity v2.2.1 - it's the reference implementation!** 🎯 diff --git a/Core/Config.ps1 b/Core/Config.ps1 index 2f0fd63..5ea0aed 100644 --- a/Core/Config.ps1 +++ b/Core/Config.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ #> @@ -79,7 +79,7 @@ function New-DefaultConfig { ) $defaultConfig = @{ - version = "2.2.0" + version = "2.2.1" modules = @{ SecurityBaseline = @{ enabled = $true @@ -114,7 +114,7 @@ function New-DefaultConfig { priority = 6 status = "IMPLEMENTED" description = "Microsoft Edge v139 Security Baseline: 20 security policies including SmartScreen enforcement, site isolation, SSL/TLS hardening, extension blocklist, IE Mode restrictions, and Spectre mitigations. No LGPO.exe dependency." - version = "2.2.0" + version = "2.2.1" baseline = "Edge v139" policies = 20 features = @{ @@ -133,7 +133,7 @@ function New-DefaultConfig { priority = 7 status = "IMPLEMENTED" description = "Advanced Security hardening beyond MS Baseline: RDP NLA/Disable, WDigest protection, Admin Shares disable, Risky ports/services, Legacy TLS disable, WPAD disable, PowerShell v2 removal, SRP .lnk protection, Windows Update (3 GUI settings), Finger Protocol block. Opt-in by design (use -SecurityProfile Balanced/Enterprise/Maximum)" - version = "2.2.0" + version = "2.2.1" policies = 36 features = @{ rdp_hardening = $true diff --git a/Core/Framework.ps1 b/Core/Framework.ps1 index f723fe7..8bfca38 100644 --- a/Core/Framework.ps1 +++ b/Core/Framework.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ .EXAMPLE @@ -24,7 +24,7 @@ # All configuration comes from config.json via Initialize-Config. # Script-level variables -$script:FrameworkVersion = "2.2.0" +$script:FrameworkVersion = "2.2.1" $script:FrameworkRoot = Split-Path -Parent $PSScriptRoot $script:ExecutionStartTime = Get-Date @@ -301,7 +301,7 @@ function Start-HardeningProcess { # Correct calculation from ModuleResults $totalModules = $hardeningResult.ModulesExecuted - $successCount = ($hardeningResult.ModuleResults | Where-Object { $_.Success }).Count + $successCount = @($hardeningResult.ModuleResults | Where-Object { $_.Success }).Count $failureCount = $totalModules - $successCount Write-Host "Total modules executed: $totalModules" -ForegroundColor White diff --git a/Core/Logger.ps1 b/Core/Logger.ps1 index f0d31d6..5056dfb 100644 --- a/Core/Logger.ps1 +++ b/Core/Logger.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ #> diff --git a/Core/NonInteractive.ps1 b/Core/NonInteractive.ps1 index aed48bf..56da9a6 100644 --- a/Core/NonInteractive.ps1 +++ b/Core/NonInteractive.ps1 @@ -12,7 +12,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Usage in modules: 1. Call Test-NonInteractiveMode to check if prompts should be skipped diff --git a/Core/Rollback.ps1 b/Core/Rollback.ps1 index f51aa1a..33cb121 100644 --- a/Core/Rollback.ps1 +++ b/Core/Rollback.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ #> @@ -64,7 +64,7 @@ function Initialize-BackupSystem { displayName = "" # Auto-generated based on modules sessionType = "unknown" # wizard | advanced | manual timestamp = Get-Date -Format "o" - frameworkVersion = "2.2.0" + frameworkVersion = "2.2.1" modules = @() totalItems = 0 restorable = $true @@ -2246,7 +2246,7 @@ function Restore-Session { "HKCU:\Software\Microsoft\Windows\CurrentVersion\SystemSettings\AccountNotifications", "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement", "HKCU:\SOFTWARE\Microsoft\Personalization\Settings", - # NEW: Input Personalization Settings (v2.2.0 - FIX missing HKCU restore) + # NEW: Input Personalization Settings (v2.2.1 - FIX missing HKCU restore) "HKCU:\SOFTWARE\Microsoft\InputPersonalization", "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore", "HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics" diff --git a/Core/Validator.ps1 b/Core/Validator.ps1 index 7a6606c..24084f2 100644 --- a/Core/Validator.ps1 +++ b/Core/Validator.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ #> diff --git a/Docs/FEATURES.md b/Docs/FEATURES.md index 7123f17..04904a6 100644 --- a/Docs/FEATURES.md +++ b/Docs/FEATURES.md @@ -1,6 +1,6 @@ # NoID Privacy - Complete Feature List -**Framework Version:** v2.2.0 +**Framework Version:** v2.2.1 **Total Security Settings:** 633 (Paranoid mode) **Modules:** 7 (All Production-Ready) **Last Updated:** December 8, 2025 @@ -11,13 +11,13 @@ | Module | Settings | Status | Description | |--------|----------|--------|-------------| -| **SecurityBaseline** | 425 | ✅ v2.2.0 | Microsoft Security Baseline for Windows 11 v25H2 | -| **ASR** | 19 | ✅ v2.2.0 | Attack Surface Reduction rules | -| **DNS** | 5 | ✅ v2.2.0 | Secure DNS with DoH encryption | -| **Privacy** | 78 | ✅ v2.2.0 | Telemetry control, OneDrive hardening (Strict: 70 Registry + 2 Services + 6 OneDrive) | -| **AntiAI** | 32 | ✅ v2.2.0 | AI lockdown (15 features, 32 compliance checks) | -| **EdgeHardening** | 24 | ✅ v2.2.0 | Microsoft Edge browser security (24 policies) | -| **AdvancedSecurity** | 50 | ✅ v2.2.0 | Advanced hardening beyond MS Baseline (incl. Wireless Display, Discovery Protocols, IPv6) | +| **SecurityBaseline** | 425 | ✅ v2.2.1 | Microsoft Security Baseline for Windows 11 v25H2 | +| **ASR** | 19 | ✅ v2.2.1 | Attack Surface Reduction rules | +| **DNS** | 5 | ✅ v2.2.1 | Secure DNS with DoH encryption | +| **Privacy** | 78 | ✅ v2.2.1 | Telemetry control, OneDrive hardening (Strict: 70 Registry + 2 Services + 6 OneDrive) | +| **AntiAI** | 32 | ✅ v2.2.1 | AI lockdown (15 features, 32 compliance checks) | +| **EdgeHardening** | 24 | ✅ v2.2.1 | Microsoft Edge browser security (24 policies) | +| **AdvancedSecurity** | 50 | ✅ v2.2.1 | Advanced hardening beyond MS Baseline (incl. Wireless Display, Discovery Protocols, IPv6) | | **TOTAL** | **633** | ✅ **100%** | **Complete Framework (Paranoid mode)** | --- @@ -238,7 +238,7 @@ Clipchamp.Clipchamp, SpotifyAB.SpotifyMusic ## 🤖 Module 5: AntiAI (32 Policies) -**Description:** Disable 15 Windows AI features via 32 registry policies (v2.2.0) +**Description:** Disable 15 Windows AI features via 32 registry policies (v2.2.1) ### 15 AI Features Disabled: @@ -724,7 +724,7 @@ Some UI elements in Paint and Photos apps may **still be visible** but non-funct ``` ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -NoID Privacy v2.2.0 +NoID Privacy v2.2.1 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Total Settings: 633 ✅ @@ -745,4 +745,4 @@ Framework Completion: 🎉 100% COMPLETE --- **Last Updated:** December 8, 2025 -**Framework Version:** v2.2.0 +**Framework Version:** v2.2.1 diff --git a/Docs/LICENSE-HISTORY.md b/Docs/LICENSE-HISTORY.md index 2079065..7cfb28d 100644 --- a/Docs/LICENSE-HISTORY.md +++ b/Docs/LICENSE-HISTORY.md @@ -35,7 +35,7 @@ See [LICENSE](LICENSE) for full text. **Impact:** - **v1.8.3 and earlier:** Remain under MIT License (cannot be changed retroactively) -- **v2.2.0 and later:** Licensed under GPL v3.0 +- **v2.2.1 and later:** Licensed under GPL v3.0 - Forks of v1.x can remain MIT-licensed - Forks of v2.x must comply with GPL v3.0 diff --git a/Docs/NONINTERACTIVE-MODE.md b/Docs/NONINTERACTIVE-MODE.md index 7ae74e6..6a48993 100644 --- a/Docs/NONINTERACTIVE-MODE.md +++ b/Docs/NONINTERACTIVE-MODE.md @@ -277,23 +277,54 @@ $env:NOIDPRIVACY_NONINTERACTIVE = "true" --- -## Return Codes +## Exit Codes (v2.2.1+) -**Note:** Exit codes are currently not implemented. Error handling should be done via try/catch blocks and checking the log files. +The framework returns structured exit codes for CI/CD integration: -### **Example: Error Handling in Scripts** +| Code | Name | Description | +|------|------|-------------| +| **0** | `SUCCESS` | All operations completed successfully | +| **1** | `ERROR_GENERAL` | General/unspecified error | +| **2** | `ERROR_PREREQUISITES` | System requirements not met (OS, PowerShell, Admin) | +| **3** | `ERROR_CONFIG` | Configuration file error (missing, invalid JSON) | +| **4** | `ERROR_MODULE` | One or more modules failed during execution | +| **5** | `ERROR_FATAL` | Fatal/unexpected exception | +| **10** | `SUCCESS_REBOOT` | Success, but reboot is required for changes to take effect | + +### **Example: CI/CD Exit Code Handling** ```powershell -try { - .\NoIDPrivacy.ps1 -Module All -ErrorAction Stop - Write-Output "Hardening completed successfully" +# Run hardening and capture exit code +$process = Start-Process powershell -ArgumentList "-ExecutionPolicy Bypass -File `".\NoIDPrivacy.ps1`" -Module All" -Wait -PassThru +$exitCode = $process.ExitCode + +switch ($exitCode) { + 0 { Write-Host "SUCCESS: All modules applied" -ForegroundColor Green } + 10 { Write-Host "SUCCESS: Reboot required" -ForegroundColor Yellow; Restart-Computer -Force } + 2 { Write-Host "FAILED: Prerequisites not met" -ForegroundColor Red; exit 1 } + 3 { Write-Host "FAILED: Config error" -ForegroundColor Red; exit 1 } + 4 { Write-Host "FAILED: Module errors" -ForegroundColor Red; exit 1 } + 5 { Write-Host "FAILED: Fatal exception" -ForegroundColor Red; exit 1 } + default { Write-Host "FAILED: Unknown error ($exitCode)" -ForegroundColor Red; exit 1 } } -catch { - Write-Error "Hardening failed: $_" +``` + +### **Example: Simple Success/Failure Check** + +```powershell +.\NoIDPrivacy.ps1 -Module All +$exitCode = $LASTEXITCODE + +if ($exitCode -eq 0 -or $exitCode -eq 10) { + Write-Host "Hardening completed successfully" + if ($exitCode -eq 10) { Write-Host "Reboot recommended" } +} +else { + Write-Host "Hardening failed with exit code: $exitCode" # Check logs for details $latestLog = Get-ChildItem "Logs" -Filter "NoIDPrivacy-*.log" | Sort-Object LastWriteTime -Descending | Select-Object -First 1 Get-Content $latestLog.FullName | Select-String "ERROR" - exit 1 + exit $exitCode } ``` diff --git a/Modules/ASR/ASR.psd1 b/Modules/ASR/ASR.psd1 index 5fc6694..af30d8c 100644 --- a/Modules/ASR/ASR.psd1 +++ b/Modules/ASR/ASR.psd1 @@ -1,6 +1,6 @@ @{ RootModule = 'ASR.psm1' - ModuleVersion = '2.2.0' + ModuleVersion = '2.2.1' GUID = 'b2c3d4e5-f6a7-8901-bcde-f23456789012' Author = 'NexusOne23' CompanyName = 'Open Source Project' @@ -25,7 +25,7 @@ LicenseUri = '' ProjectUri = '' ReleaseNotes = @" -v2.2.0 - Production Release +v2.2.1 - Production Release - All 19 ASR rules implementation - Hybrid approach: Registry backup + Set-MpPreference application - SCCM/Configuration Manager detection diff --git a/Modules/ASR/ASR.psm1 b/Modules/ASR/ASR.psm1 index d8d4a8b..9ae0f9e 100644 --- a/Modules/ASR/ASR.psm1 +++ b/Modules/ASR/ASR.psm1 @@ -11,7 +11,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+, Administrator privileges, Windows Defender #> diff --git a/Modules/ASR/Public/Invoke-ASRRules.ps1 b/Modules/ASR/Public/Invoke-ASRRules.ps1 index 91700e0..57c3af7 100644 --- a/Modules/ASR/Public/Invoke-ASRRules.ps1 +++ b/Modules/ASR/Public/Invoke-ASRRules.ps1 @@ -307,7 +307,7 @@ function Invoke-ASRRules { Write-Host "This rule blocks very new or unknown executables that" -ForegroundColor Yellow Write-Host "are not yet trusted by Microsoft's reputation systems." -ForegroundColor Yellow Write-Host "" - Write-Host "Do you install NEW or UNTRUSTED software frequently?" -ForegroundColor White + Write-Host "Do you install NEW software frequently?" -ForegroundColor White Write-Host "" Write-Host " - Games from independent developers" -ForegroundColor Gray Write-Host " - Beta software / Early access programs" -ForegroundColor Gray @@ -315,12 +315,12 @@ function Invoke-ASRRules { Write-Host " - Open-source tools without Microsoft reputation" -ForegroundColor Gray Write-Host "" Write-Host "Options:" -ForegroundColor Cyan - Write-Host " [Y] Yes - I need to install untrusted software" -ForegroundColor Yellow + Write-Host " [Y] Yes - I regularly install new software" -ForegroundColor Yellow Write-Host " > AUDIT mode: Events logged, installs allowed" -ForegroundColor Gray - Write-Host " > Developer/test mode (less secure)" -ForegroundColor Gray + Write-Host " > Recommended if you install software from various sources" -ForegroundColor Gray Write-Host "" - Write-Host " [N] No - I only install trusted software" -ForegroundColor Green - Write-Host " > BLOCK mode: Maximum security (recommended)" -ForegroundColor Gray + Write-Host " [N] No - I rarely install new software" -ForegroundColor Green + Write-Host " > BLOCK mode: Maximum security" -ForegroundColor Gray Write-Host " > New/unknown installers may be blocked" -ForegroundColor Gray Write-Host "" @@ -483,14 +483,14 @@ function Invoke-ASRRules { $mpPref = Get-MpPreference $currentActions = $mpPref.AttackSurfaceReductionRules_Actions if ($currentActions) { - $result.Details.BlockMode = ($currentActions | Where-Object { $_ -eq 1 }).Count - $result.Details.AuditMode = ($currentActions | Where-Object { $_ -eq 2 }).Count - $result.Details.DisabledMode = ($currentActions | Where-Object { $_ -eq 0 }).Count + $result.Details.BlockMode = @($currentActions | Where-Object { $_ -eq 1 }).Count + $result.Details.AuditMode = @($currentActions | Where-Object { $_ -eq 2 }).Count + $result.Details.DisabledMode = @($currentActions | Where-Object { $_ -eq 0 }).Count } else { # Fallback to array count - $result.Details.BlockMode = ($asrRules | Where-Object { $_.Action -eq 1 }).Count - $result.Details.AuditMode = ($asrRules | Where-Object { $_.Action -eq 2 }).Count - $result.Details.DisabledMode = ($asrRules | Where-Object { $_.Action -eq 0 }).Count + $result.Details.BlockMode = @($asrRules | Where-Object { $_.Action -eq 1 }).Count + $result.Details.AuditMode = @($asrRules | Where-Object { $_.Action -eq 2 }).Count + $result.Details.DisabledMode = @($asrRules | Where-Object { $_.Action -eq 0 }).Count } # Step 6: Verification diff --git a/Modules/AdvancedSecurity/AdvancedSecurity.psd1 b/Modules/AdvancedSecurity/AdvancedSecurity.psd1 index b30da68..86578ac 100644 --- a/Modules/AdvancedSecurity/AdvancedSecurity.psd1 +++ b/Modules/AdvancedSecurity/AdvancedSecurity.psd1 @@ -2,7 +2,7 @@ # Module manifest for AdvancedSecurity # Version - ModuleVersion = '2.2.0' + ModuleVersion = '2.2.1' # Unique ID GUID = 'e7f5a3d2-8c9b-4f1e-a6d3-9b2c8f4e5a1d' @@ -48,7 +48,7 @@ LicenseUri = '' ProjectUri = '' ReleaseNotes = @' -v2.2.0 (2025-12-08) +v2.2.1 (2025-12-08) - Production release of AdvancedSecurity module - 49 advanced hardening settings implemented (was 36) - NEW: Wireless Display (Miracast) security hardening diff --git a/Modules/AdvancedSecurity/AdvancedSecurity.psm1 b/Modules/AdvancedSecurity/AdvancedSecurity.psm1 index e59e73f..cc6c6f0 100644 --- a/Modules/AdvancedSecurity/AdvancedSecurity.psm1 +++ b/Modules/AdvancedSecurity/AdvancedSecurity.psm1 @@ -1,5 +1,5 @@ # AdvancedSecurity Module Loader -# Version: 2.2.0 +# Version: 2.2.1 # Description: Advanced Security Hardening - Beyond Microsoft Security Baseline # Get module path diff --git a/Modules/AdvancedSecurity/Config/AdminShares.json b/Modules/AdvancedSecurity/Config/AdminShares.json index 40b438b..b1a6ea1 100644 --- a/Modules/AdvancedSecurity/Config/AdminShares.json +++ b/Modules/AdvancedSecurity/Config/AdminShares.json @@ -2,7 +2,7 @@ "$schema": "http://json-schema.org/draft-07/schema#", "title": "Administrative Shares Configuration", "description": "Configuration for disabling administrative shares (C$, ADMIN$, etc.) to prevent lateral movement", - "version": "2.2.0", + "version": "2.2.1", "Administrative_Shares": { "description": "Disable automatic creation and remove existing administrative shares", diff --git a/Modules/AdvancedSecurity/Config/Credentials.json b/Modules/AdvancedSecurity/Config/Credentials.json index e0c4103..83f137a 100644 --- a/Modules/AdvancedSecurity/Config/Credentials.json +++ b/Modules/AdvancedSecurity/Config/Credentials.json @@ -2,7 +2,7 @@ "$schema": "http://json-schema.org/draft-07/schema#", "title": "Credential Protection Configuration", "description": "Configuration for credential hardening including WDigest protection", - "version": "2.2.0", + "version": "2.2.1", "WDigest_Protection": { "description": "Prevent WDigest from storing plaintext passwords in LSASS memory", diff --git a/Modules/AdvancedSecurity/Config/RDP.json b/Modules/AdvancedSecurity/Config/RDP.json index 35cf5a5..99428a3 100644 --- a/Modules/AdvancedSecurity/Config/RDP.json +++ b/Modules/AdvancedSecurity/Config/RDP.json @@ -2,7 +2,7 @@ "$schema": "http://json-schema.org/draft-07/schema#", "title": "RDP Hardening Configuration", "description": "Configuration for RDP (Remote Desktop Protocol) hardening including NLA enforcement and optional complete disable", - "version": "2.2.0", + "version": "2.2.1", "NLA_Enforcement": { "description": "Network Level Authentication (NLA) enforcement settings", diff --git a/Modules/AdvancedSecurity/Private/Block-FingerProtocol.ps1 b/Modules/AdvancedSecurity/Private/Block-FingerProtocol.ps1 index c9b43c2..8d13cad 100644 --- a/Modules/AdvancedSecurity/Private/Block-FingerProtocol.ps1 +++ b/Modules/AdvancedSecurity/Private/Block-FingerProtocol.ps1 @@ -21,7 +21,7 @@ function Block-FingerProtocol { .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Administrator privileges REFERENCES: diff --git a/Modules/AdvancedSecurity/Private/Set-SRPRules.ps1 b/Modules/AdvancedSecurity/Private/Set-SRPRules.ps1 index fe59a95..f355997 100644 --- a/Modules/AdvancedSecurity/Private/Set-SRPRules.ps1 +++ b/Modules/AdvancedSecurity/Private/Set-SRPRules.ps1 @@ -27,7 +27,7 @@ function Set-SRPRules { .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Administrator privileges REFERENCES: diff --git a/Modules/AdvancedSecurity/Private/Set-WindowsUpdate.ps1 b/Modules/AdvancedSecurity/Private/Set-WindowsUpdate.ps1 index ca1c405..a6a7d70 100644 --- a/Modules/AdvancedSecurity/Private/Set-WindowsUpdate.ps1 +++ b/Modules/AdvancedSecurity/Private/Set-WindowsUpdate.ps1 @@ -22,7 +22,7 @@ function Set-WindowsUpdate { .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Administrator privileges Based on: Windows Settings > Windows Update > Advanced options #> diff --git a/Modules/AdvancedSecurity/Private/Test-DiscoveryProtocolsSecurity.ps1 b/Modules/AdvancedSecurity/Private/Test-DiscoveryProtocolsSecurity.ps1 index a503348..0cbf0af 100644 --- a/Modules/AdvancedSecurity/Private/Test-DiscoveryProtocolsSecurity.ps1 +++ b/Modules/AdvancedSecurity/Private/Test-DiscoveryProtocolsSecurity.ps1 @@ -28,6 +28,7 @@ function Test-DiscoveryProtocolsSecurity { Tcp5357ListenersClosed = $null Tcp5358ListenersClosed = $null Compliant = $false + Pass = $true # Optional feature (Maximum only) - always pass } try { @@ -69,7 +70,7 @@ function Test-DiscoveryProtocolsSecurity { if ($rules.Count -gt 0) { $result.FirewallRulesPresent = ($rules.Count -eq $ruleNames.Count) - $result.FirewallRulesEnabled = ($rules | Where-Object { $_.Enabled -eq 'True' -and $_.Action -eq 'Block' }).Count -eq $ruleNames.Count + $result.FirewallRulesEnabled = @($rules | Where-Object { $_.Enabled -eq 'True' -and $_.Action -eq 'Block' }).Count -eq $ruleNames.Count } # 4) Optional: check that ports are not listening diff --git a/Modules/AdvancedSecurity/Private/Test-FirewallShieldsUp.ps1 b/Modules/AdvancedSecurity/Private/Test-FirewallShieldsUp.ps1 index dbc2bb9..b3b9a98 100644 --- a/Modules/AdvancedSecurity/Private/Test-FirewallShieldsUp.ps1 +++ b/Modules/AdvancedSecurity/Private/Test-FirewallShieldsUp.ps1 @@ -16,10 +16,12 @@ function Test-FirewallShieldsUp { $value = Get-ItemProperty -Path $regPath -Name $valueName -ErrorAction SilentlyContinue if ($null -eq $value -or $value.$valueName -ne 1) { + # Shields Up is OPTIONAL (Maximum profile only) - not a failure if not enabled return @{ - Pass = $false - Message = "Shields Up NOT enabled (Public network allows configured exceptions)" + Pass = $true # Optional feature - always pass + Message = "Shields Up not enabled (Optional - Maximum profile only)" CurrentValue = if ($null -eq $value) { "Not Set" } else { $value.$valueName } + IsEnabled = $false } } @@ -27,13 +29,15 @@ function Test-FirewallShieldsUp { Pass = $true Message = "Shields Up ENABLED (Public network blocks ALL incoming)" CurrentValue = 1 + IsEnabled = $true } } catch { return @{ - Pass = $false + Pass = $true # Don't fail on error for optional feature Message = "Error checking Shields Up: $_" CurrentValue = "Error" + IsEnabled = $false } } } diff --git a/Modules/AdvancedSecurity/Public/Invoke-AdvancedSecurity.ps1 b/Modules/AdvancedSecurity/Public/Invoke-AdvancedSecurity.ps1 index b37168e..be94ab1 100644 --- a/Modules/AdvancedSecurity/Public/Invoke-AdvancedSecurity.ps1 +++ b/Modules/AdvancedSecurity/Public/Invoke-AdvancedSecurity.ps1 @@ -11,7 +11,7 @@ function Invoke-AdvancedSecurity { - Enterprise: Conservative approach with domain-safety checks - Maximum: Maximum hardening for air-gapped/high-security environments - Features implemented (v2.2.0): + Features implemented (v2.2.1): - RDP NLA enforcement + optional complete disable - WDigest credential protection - Administrative shares disable (domain-aware) diff --git a/Modules/AdvancedSecurity/Public/Test-AdvancedSecurity.ps1 b/Modules/AdvancedSecurity/Public/Test-AdvancedSecurity.ps1 index 973bcb6..6d8f875 100644 --- a/Modules/AdvancedSecurity/Public/Test-AdvancedSecurity.ps1 +++ b/Modules/AdvancedSecurity/Public/Test-AdvancedSecurity.ps1 @@ -110,13 +110,15 @@ function Test-AdvancedSecurity { Write-Host "Testing Discovery Protocols (WS-Discovery + mDNS)..." -ForegroundColor Gray $discoveryTest = Test-DiscoveryProtocolsSecurity if ($discoveryTest) { + # Optional feature (Maximum profile only) - use Pass field which is always true + $statusText = if ($discoveryTest.Compliant) { "Disabled (Maximum)" } else { "Enabled (Optional - Maximum profile only)" } $results += [PSCustomObject]@{ Feature = "Discovery Protocols (WS-Discovery + mDNS)" - Status = if ($discoveryTest.Compliant) { "Secure" } else { "Insecure" } + Status = $statusText Details = "mDNS=" + $(if ($discoveryTest.EnableMDNS -eq 0) { "Disabled" } else { "Enabled/Not Set" }) + "; Services: FDResPub=" + $discoveryTest.FDResPubDisabled + ", fdPHost=" + $discoveryTest.FdPHostDisabled + "; FirewallRulesEnabled=" + $discoveryTest.FirewallRulesEnabled - Compliant = $discoveryTest.Compliant + Compliant = $discoveryTest.Pass # Always true - optional feature } } @@ -124,9 +126,11 @@ function Test-AdvancedSecurity { Write-Host "Testing Firewall Shields Up (Public)..." -ForegroundColor Gray $shieldsUpTest = Test-FirewallShieldsUp # Always pass - this is an optional hardening only for the Maximum (air-gapped) profile + $statusText = if ($shieldsUpTest.IsEnabled) { "Enabled (Maximum)" } else { "Not enabled (Optional - Maximum profile only)" } $results += [PSCustomObject]@{ Feature = "Firewall Shields Up (Public)" - Compliant = $shieldsUpTest.Pass + Status = $statusText + Compliant = $shieldsUpTest.Pass # Always true - optional feature Details = $shieldsUpTest.Message } @@ -147,8 +151,8 @@ function Test-AdvancedSecurity { Write-Host "============================================" -ForegroundColor Cyan Write-Host "" - $compliantCount = ($results | Where-Object { $_.Compliant -eq $true }).Count - $totalTests = $results.Count + $compliantCount = @($results | Where-Object { $_.Compliant -eq $true }).Count + $totalTests = @($results).Count $compliancePercent = [math]::Round(($compliantCount / $totalTests) * 100, 1) Write-Host "Total Tests: $totalTests" -ForegroundColor White diff --git a/Modules/AntiAI/AntiAI.psd1 b/Modules/AntiAI/AntiAI.psd1 index 976d8b4..ff9a6cb 100644 --- a/Modules/AntiAI/AntiAI.psd1 +++ b/Modules/AntiAI/AntiAI.psd1 @@ -1,6 +1,6 @@ @{ RootModule = 'AntiAI.psm1' - ModuleVersion = '2.2.0' + ModuleVersion = '2.2.1' GUID = 'f8e9d7c6-5b4a-3c2d-1e0f-9a8b7c6d5e4f' Author = 'NexusOne23' CompanyName = 'Open Source Project' diff --git a/Modules/AntiAI/AntiAI.psm1 b/Modules/AntiAI/AntiAI.psm1 index e8a065a..1be9fe0 100644 --- a/Modules/AntiAI/AntiAI.psm1 +++ b/Modules/AntiAI/AntiAI.psm1 @@ -11,7 +11,7 @@ .NOTES Module: AntiAI - Version: 2.2.0 + Version: 2.2.1 Author: NoID Privacy #> @@ -29,7 +29,7 @@ $privateFunctions = @( 'Disable-Recall' 'Set-RecallProtection' 'Disable-Copilot' - 'Disable-CopilotAdvanced' # NEW v2.2.0: URI handlers, Edge sidebar, Recall export + 'Disable-CopilotAdvanced' # NEW v2.2.1: URI handlers, Edge sidebar, Recall export 'Disable-ClickToDo' 'Disable-SettingsAgent' 'Disable-ExplorerAI' # NEW: File Explorer AI Actions menu diff --git a/Modules/AntiAI/Private/Disable-CopilotAdvanced.ps1 b/Modules/AntiAI/Private/Disable-CopilotAdvanced.ps1 index 670d181..2d91313 100644 --- a/Modules/AntiAI/Private/Disable-CopilotAdvanced.ps1 +++ b/Modules/AntiAI/Private/Disable-CopilotAdvanced.ps1 @@ -40,7 +40,7 @@ .NOTES Requires Administrator privileges. - Part of NoID Privacy AntiAI Module v2.2.0 + Part of NoID Privacy AntiAI Module v2.2.1 #> function Disable-CopilotAdvanced { [CmdletBinding()] diff --git a/Modules/AntiAI/Private/Test-AntiAICompliance.ps1 b/Modules/AntiAI/Private/Test-AntiAICompliance.ps1 index 83be26e..d0148da 100644 --- a/Modules/AntiAI/Private/Test-AntiAICompliance.ps1 +++ b/Modules/AntiAI/Private/Test-AntiAICompliance.ps1 @@ -42,7 +42,7 @@ .NOTES Author: NoID Privacy - Version: 2.2.0 (Extended validation) + Version: 2.2.1 (Extended validation) Requires: Windows 11 24H2+, Administrator privileges #> diff --git a/Modules/AntiAI/Public/Invoke-AntiAI.ps1 b/Modules/AntiAI/Public/Invoke-AntiAI.ps1 index 0e6c067..c9dcb05 100644 --- a/Modules/AntiAI/Public/Invoke-AntiAI.ps1 +++ b/Modules/AntiAI/Public/Invoke-AntiAI.ps1 @@ -52,7 +52,7 @@ .NOTES Author: NoID Privacy - Version: 2.2.0 + Version: 2.2.1 Requires: Windows 11 24H2 or later, Administrator privileges Impact: All AI features completely disabled, reboot required #> @@ -70,7 +70,7 @@ function Invoke-AntiAI { Write-Host "" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan - Write-Host " ANTI-AI MODULE v2.2.0" -ForegroundColor Cyan + Write-Host " ANTI-AI MODULE v2.2.1" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "" Write-Host "Disables 15 AI features (32 policies):" -ForegroundColor White @@ -171,7 +171,7 @@ function Invoke-AntiAI { @{ Path = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Paint"; Name = "DisableImageCreator"; Type = "DWord" }, @{ Path = "HKLM:\SOFTWARE\Policies\WindowsNotepad"; Name = "DisableAIFeatures"; Type = "DWord" }, @{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsAI"; Name = "DisableSettingsAgent"; Type = "DWord" }, - # NEW v2.2.0: Advanced Copilot Blocking + # NEW v2.2.1: Advanced Copilot Blocking @{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsAI"; Name = "AllowRecallExport"; Type = "DWord" }, @{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Edge"; Name = "EdgeSidebarEnabled"; Type = "DWord" }, @{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Edge"; Name = "ShowHubsSidebar"; Type = "DWord" }, @@ -355,7 +355,7 @@ function Invoke-AntiAI { } # ============================================================================ - # ADVANCED COPILOT BLOCKING (NEW v2.2.0) + # ADVANCED COPILOT BLOCKING (NEW v2.2.1) # ============================================================================ Write-Host "" Write-Host " [Advanced Copilot Blocks]" -ForegroundColor Cyan diff --git a/Modules/DNS/DNS.psd1 b/Modules/DNS/DNS.psd1 index 2f6b5a0..5d882cb 100644 --- a/Modules/DNS/DNS.psd1 +++ b/Modules/DNS/DNS.psd1 @@ -2,7 +2,7 @@ # Module manifest for DNS module RootModule = 'DNS.psm1' - ModuleVersion = '2.2.0' + ModuleVersion = '2.2.1' GUID = 'a8f7b3c9-4e5d-4a2b-9c1d-8f3e5a7b9c2d' Author = 'NexusOne23' CompanyName = 'Open Source Project' diff --git a/Modules/DNS/DNS.psm1 b/Modules/DNS/DNS.psm1 index ceb834c..90291ca 100644 --- a/Modules/DNS/DNS.psm1 +++ b/Modules/DNS/DNS.psm1 @@ -12,7 +12,7 @@ .NOTES Author: NoID Privacy - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+, Administrator privileges #> diff --git a/Modules/DNS/Public/Restore-DNSSettings.ps1 b/Modules/DNS/Public/Restore-DNSSettings.ps1 index 1467bfb..4b3f7e7 100644 --- a/Modules/DNS/Public/Restore-DNSSettings.ps1 +++ b/Modules/DNS/Public/Restore-DNSSettings.ps1 @@ -128,7 +128,7 @@ function Restore-DNSSettings { $keyContent = Get-ChildItem $dnsClientPath -ErrorAction SilentlyContinue $keyProps = Get-ItemProperty $dnsClientPath -ErrorAction SilentlyContinue # Count properties (exclude PS metadata like PSPath, etc.) - $propCount = ($keyProps.PSObject.Properties | Where-Object { $_.Name -notin @('PSPath','PSParentPath','PSChildName','PSDrive','PSProvider') }).Count + $propCount = @($keyProps.PSObject.Properties | Where-Object { $_.Name -notin @('PSPath','PSParentPath','PSChildName','PSDrive','PSProvider') }).Count if (($null -eq $keyContent -or $keyContent.Count -eq 0) -and $propCount -eq 0) { Remove-Item $dnsClientPath -Force -ErrorAction SilentlyContinue @@ -158,7 +158,7 @@ function Restore-DNSSettings { if (Test-Path $dnsParamsPath) { $keyContent = Get-ChildItem $dnsParamsPath -ErrorAction SilentlyContinue $keyProps = Get-ItemProperty $dnsParamsPath -ErrorAction SilentlyContinue - $propCount = ($keyProps.PSObject.Properties | Where-Object { $_.Name -notin @('PSPath','PSParentPath','PSChildName','PSDrive','PSProvider') }).Count + $propCount = @($keyProps.PSObject.Properties | Where-Object { $_.Name -notin @('PSPath','PSParentPath','PSChildName','PSDrive','PSProvider') }).Count if (($null -eq $keyContent -or $keyContent.Count -eq 0) -and $propCount -eq 0) { Remove-Item $dnsParamsPath -Force -ErrorAction SilentlyContinue diff --git a/Modules/EdgeHardening/EdgeHardening.psd1 b/Modules/EdgeHardening/EdgeHardening.psd1 index 445ea89..4cd43bd 100644 --- a/Modules/EdgeHardening/EdgeHardening.psd1 +++ b/Modules/EdgeHardening/EdgeHardening.psd1 @@ -3,7 +3,7 @@ RootModule = 'EdgeHardening.psm1' # Version number of this module - ModuleVersion = '2.2.0' + ModuleVersion = '2.2.1' # ID used to uniquely identify this module GUID = '8e3f4c2a-9b1d-4e7a-a2c5-6f8b3d9e1a4c' @@ -48,7 +48,7 @@ LicenseUri = '' ProjectUri = '' ReleaseNotes = @" -v2.2.0 - Production Release +v2.2.1 - Production Release - Microsoft Edge v139 Security Baseline implementation - 20 security policies (native PowerShell, no LGPO.exe) - SmartScreen enforcement with override prevention diff --git a/Modules/EdgeHardening/EdgeHardening.psm1 b/Modules/EdgeHardening/EdgeHardening.psm1 index a31eb64..a3192f4 100644 --- a/Modules/EdgeHardening/EdgeHardening.psm1 +++ b/Modules/EdgeHardening/EdgeHardening.psm1 @@ -16,7 +16,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+, Administrator privileges #> diff --git a/Modules/EdgeHardening/Public/Invoke-EdgeHardening.ps1 b/Modules/EdgeHardening/Public/Invoke-EdgeHardening.ps1 index ffc9c4c..5d61c83 100644 --- a/Modules/EdgeHardening/Public/Invoke-EdgeHardening.ps1 +++ b/Modules/EdgeHardening/Public/Invoke-EdgeHardening.ps1 @@ -48,7 +48,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+, Administrator privileges IMPORTANT: This applies Microsoft's recommended security baseline. diff --git a/Modules/EdgeHardening/Public/Test-EdgeHardening.ps1 b/Modules/EdgeHardening/Public/Test-EdgeHardening.ps1 index 98c327a..ea319fe 100644 --- a/Modules/EdgeHardening/Public/Test-EdgeHardening.ps1 +++ b/Modules/EdgeHardening/Public/Test-EdgeHardening.ps1 @@ -23,7 +23,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Can be run without Administrator privileges #> diff --git a/Modules/Privacy/Privacy.psd1 b/Modules/Privacy/Privacy.psd1 index e3c6192..3750e51 100644 --- a/Modules/Privacy/Privacy.psd1 +++ b/Modules/Privacy/Privacy.psd1 @@ -1,6 +1,6 @@ @{ RootModule = 'Privacy.psm1' - ModuleVersion = '2.2.0' + ModuleVersion = '2.2.1' GUID = 'a9f7c8d3-2e5b-4a1f-9c3d-7e8f5a6b2c4d' Author = 'NexusOne23' CompanyName = 'Open Source Project' diff --git a/Modules/Privacy/Privacy.psm1 b/Modules/Privacy/Privacy.psm1 index 180c4c0..8b3d537 100644 --- a/Modules/Privacy/Privacy.psm1 +++ b/Modules/Privacy/Privacy.psm1 @@ -16,7 +16,7 @@ .NOTES Module: Privacy - Version: 2.2.0 + Version: 2.2.1 Author: NoID Privacy #> diff --git a/Modules/Privacy/Private/Backup-PrivacySettings.ps1 b/Modules/Privacy/Private/Backup-PrivacySettings.ps1 index 72cdc2e..993976c 100644 --- a/Modules/Privacy/Private/Backup-PrivacySettings.ps1 +++ b/Modules/Privacy/Private/Backup-PrivacySettings.ps1 @@ -38,12 +38,12 @@ function Backup-PrivacySettings { "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore", "HKLM:\SOFTWARE\Policies\Microsoft\Dsh", "HKLM:\SOFTWARE\Policies\Microsoft\FindMyDevice", - "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput", # AllowLinguisticDataCollection (v2.2.0) + "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput", # AllowLinguisticDataCollection (v2.2.1) "HKLM:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics", # HKCU User Keys "HKCU:\Software\Policies\Microsoft\Windows\Explorer", "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo", - # NEW: Anti-Advertising & Search Settings (v2.2.0) + # NEW: Anti-Advertising & Search Settings (v2.2.1) "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search", "HKCU:\Software\Microsoft\Windows\CurrentVersion\SearchSettings", @@ -52,7 +52,7 @@ function Backup-PrivacySettings { "HKCU:\Software\Microsoft\Windows\CurrentVersion\SystemSettings\AccountNotifications", "HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement", "HKCU:\SOFTWARE\Microsoft\Personalization\Settings", - # NEW: Input Personalization Settings (v2.2.0 - FIX missing HKCU backup) + # NEW: Input Personalization Settings (v2.2.1 - FIX missing HKCU backup) "HKCU:\SOFTWARE\Microsoft\InputPersonalization", "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore", "HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics" diff --git a/Modules/Privacy/Public/Invoke-PrivacyHardening.ps1 b/Modules/Privacy/Public/Invoke-PrivacyHardening.ps1 index 1cf3af6..3472d6d 100644 --- a/Modules/Privacy/Public/Invoke-PrivacyHardening.ps1 +++ b/Modules/Privacy/Public/Invoke-PrivacyHardening.ps1 @@ -354,7 +354,7 @@ function Invoke-PrivacyHardening { $bloatwareListPath = Join-Path $moduleBackupPath "REMOVED_APPS_LIST.txt" $listContent = @() $listContent += "================================================================" - $listContent += " REMOVED APPS - NoID Privacy v2.2.0" + $listContent += " REMOVED APPS - NoID Privacy v2.2.1" $listContent += " Session: $(Split-Path $moduleBackupPath -Leaf)" $listContent += " Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')" $listContent += "================================================================" diff --git a/Modules/SecurityBaseline/Public/Invoke-SecurityBaseline.ps1 b/Modules/SecurityBaseline/Public/Invoke-SecurityBaseline.ps1 index 2e545ca..77e6079 100644 --- a/Modules/SecurityBaseline/Public/Invoke-SecurityBaseline.ps1 +++ b/Modules/SecurityBaseline/Public/Invoke-SecurityBaseline.ps1 @@ -44,7 +44,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 - Self-Contained Edition + Version: 2.2.1 - Self-Contained Edition Requires: PowerShell 5.1+, Administrator privileges BREAKING CHANGE from v1.0: diff --git a/Modules/SecurityBaseline/SecurityBaseline.psd1 b/Modules/SecurityBaseline/SecurityBaseline.psd1 index 1c4eb0d..8c268a6 100644 --- a/Modules/SecurityBaseline/SecurityBaseline.psd1 +++ b/Modules/SecurityBaseline/SecurityBaseline.psd1 @@ -1,6 +1,6 @@ @{ RootModule = 'SecurityBaseline.psm1' - ModuleVersion = '2.2.0' + ModuleVersion = '2.2.1' GUID = 'a1b2c3d4-e5f6-7890-abcd-ef1234567890' Author = 'NexusOne23' CompanyName = 'Open Source Project' @@ -26,7 +26,7 @@ LicenseUri = '' ProjectUri = '' ReleaseNotes = @" -v2.2.0 - Self-Contained Edition +v2.2.1 - Self-Contained Edition - NO LGPO.exe REQUIRED! Fully self-contained implementation - 425 Microsoft Security Baseline settings for Windows 11 25H2 - 335 Registry policies (Computer + User) diff --git a/Modules/SecurityBaseline/SecurityBaseline.psm1 b/Modules/SecurityBaseline/SecurityBaseline.psm1 index 3ca7500..c9333c3 100644 --- a/Modules/SecurityBaseline/SecurityBaseline.psm1 +++ b/Modules/SecurityBaseline/SecurityBaseline.psm1 @@ -13,7 +13,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+, Administrator privileges #> diff --git a/NoIDPrivacy-Interactive.ps1 b/NoIDPrivacy-Interactive.ps1 index cbf6211..263159c 100644 --- a/NoIDPrivacy-Interactive.ps1 +++ b/NoIDPrivacy-Interactive.ps1 @@ -19,7 +19,7 @@ resulting from its use. USE AT YOUR OWN RISK. Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+, Administrator For CLI mode use: NoIDPrivacy.ps1 -Module #> @@ -30,7 +30,7 @@ # No parameters - interactive mode only $ErrorActionPreference = 'Stop' -$Host.UI.RawUI.WindowTitle = "NoID Privacy v2.2.0" +$Host.UI.RawUI.WindowTitle = "NoID Privacy v2.2.1" # Set script root path (required by modules to load configs) $script:RootPath = $PSScriptRoot @@ -90,7 +90,7 @@ function Write-Banner { Clear-Host Write-Host "" Write-Host " ========================================" -ForegroundColor Cyan - Write-Host " NoID Privacy v2.2.0 " -ForegroundColor Cyan + Write-Host " NoID Privacy v2.2.1 " -ForegroundColor Cyan Write-Host " ========================================" -ForegroundColor Cyan Write-Host "" Write-Host " Professional Windows 11 Security & Privacy Hardening Framework" -ForegroundColor Gray @@ -105,7 +105,7 @@ function Write-Banner { $osBuild = if ($os) { $os.BuildNumber } else { $null } $psVersion = $PSVersionTable.PSVersion.ToString() - $envLine = " Version 2.2.0" + $envLine = " Version 2.2.1" if ($osBuild) { $envLine += " | Windows Build $osBuild" } @@ -600,11 +600,18 @@ function Invoke-HardeningWorkflow { # FIX: Call framework ONCE with all modules instead of separate calls # This ensures single backup session and single log file + # Exit code handling: 0 = Success, 10 = Success with Reboot recommended + # Any other code indicates failure + $rebootRecommended = $false + if ($modulesToRun.Count -eq 7) { # All modules selected - use "All" for single unified session Write-Step "Running ALL modules in unified session..." -Status INFO & $frameworkScript -Module All -VerboseLogging - if ($LASTEXITCODE -ne 0) { + if ($LASTEXITCODE -eq 10) { + $rebootRecommended = $true + } + elseif ($LASTEXITCODE -ne 0) { $allSucceeded = $false } } @@ -612,7 +619,10 @@ function Invoke-HardeningWorkflow { # Single module Write-Step "Running module: $($modulesToRun[0])" -Status INFO & $frameworkScript -Module $modulesToRun[0] -VerboseLogging - if ($LASTEXITCODE -ne 0) { + if ($LASTEXITCODE -eq 10) { + $rebootRecommended = $true + } + elseif ($LASTEXITCODE -ne 0) { $allSucceeded = $false } } @@ -622,7 +632,10 @@ function Invoke-HardeningWorkflow { foreach ($mod in $modulesToRun) { Write-Step "Running module: $mod" -Status INFO & $frameworkScript -Module $mod -VerboseLogging - if ($LASTEXITCODE -ne 0) { + if ($LASTEXITCODE -eq 10) { + $rebootRecommended = $true + } + elseif ($LASTEXITCODE -ne 0) { $allSucceeded = $false } Write-Host "" @@ -651,6 +664,9 @@ function Invoke-HardeningWorkflow { if ($allSucceeded) { Write-ColorText " Your system is now hardened with enterprise-grade security!" -Color Green + if ($rebootRecommended) { + Write-ColorText " A system reboot is recommended for all changes to take effect." -Color Yellow + } } else { Write-ColorText " Some modules had warnings or were skipped. Check details above." -Color Yellow @@ -659,8 +675,10 @@ function Invoke-HardeningWorkflow { Write-Host "" - # Always prompt for reboot (even with warnings/skips, changes were made) - Invoke-RebootPrompt -Context 'Hardening' + # Prompt for reboot if recommended by exit code or if changes were made + if ($rebootRecommended -or $allSucceeded) { + Invoke-RebootPrompt -Context 'Hardening' + } Write-Host "" } diff --git a/NoIDPrivacy.ps1 b/NoIDPrivacy.ps1 index 363b945..70f45b0 100644 --- a/NoIDPrivacy.ps1 +++ b/NoIDPrivacy.ps1 @@ -50,9 +50,24 @@ resulting from its use. USE AT YOUR OWN RISK. Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+, Administrator privileges, Windows 11 License: GPL-3.0 (Core CLI). See LICENSE for full terms. + +.OUTPUTS + Exit Codes for CI/CD Integration: + + 0 = SUCCESS - All operations completed successfully + 1 = ERROR_GENERAL - General/unspecified error + 2 = ERROR_PREREQUISITES - System requirements not met (OS, PowerShell, Admin) + 3 = ERROR_CONFIG - Configuration file error (missing, invalid JSON) + 4 = ERROR_MODULE - One or more modules failed during execution + 5 = ERROR_FATAL - Fatal/unexpected exception + 10 = SUCCESS_REBOOT - Success, but reboot is required for changes to take effect + + Example CI/CD usage: + $exitCode = (Start-Process powershell -ArgumentList "-File NoIDPrivacy.ps1 -Module All" -Wait -PassThru).ExitCode + if ($exitCode -eq 0 -or $exitCode -eq 10) { "Success" } else { "Failed with code $exitCode" } #> [CmdletBinding()] @@ -83,6 +98,27 @@ param( # Enable strict mode for better error detection Set-StrictMode -Version Latest +# ============================================================================ +# RESET BACKUP STATE - Each NoIDPrivacy.ps1 call gets a fresh session +# ============================================================================ +# This ensures multiple runs from Interactive Menu create separate sessions +$global:BackupBasePath = "" +$global:BackupIndex = @() +$global:NewlyCreatedKeys = @() +$global:SessionManifest = @{} +$global:CurrentModule = "" + +# ============================================================================ +# EXIT CODES - For CI/CD and automation integration +# ============================================================================ +$script:EXIT_SUCCESS = 0 # All operations completed successfully +$script:EXIT_ERROR_GENERAL = 1 # General/unspecified error +$script:EXIT_ERROR_PREREQUISITES = 2 # System requirements not met +$script:EXIT_ERROR_CONFIG = 3 # Configuration file error +$script:EXIT_ERROR_MODULE = 4 # One or more modules failed +$script:EXIT_ERROR_FATAL = 5 # Fatal/unexpected exception +$script:EXIT_SUCCESS_REBOOT = 10 # Success, reboot required + # Script root path $script:RootPath = $PSScriptRoot @@ -99,7 +135,7 @@ try { $logDirectory = Join-Path $script:RootPath "Logs" Initialize-Logger -LogDirectory $logDirectory -MinimumLevel $logLevel - Write-Log -Level INFO -Message "=== NoID Privacy Framework v2.2.0 ===" -Module "Main" + Write-Log -Level INFO -Message "=== NoID Privacy Framework v2.2.1 ===" -Module "Main" Write-Log -Level INFO -Message "Starting framework initialization..." -Module "Main" # Load other Core modules @@ -130,7 +166,7 @@ catch { Write-Host "Stack Trace: $($_.ScriptStackTrace)" -ForegroundColor Red Write-Host "" -ForegroundColor Red Write-Host "Please ensure all framework files are present and not corrupted." -ForegroundColor Yellow - exit 1 + exit $script:EXIT_ERROR_FATAL } # Load configuration @@ -154,7 +190,7 @@ try { catch { Write-Log -Level ERROR -Message "Failed to load configuration file" -Module "Main" -Exception $_.Exception Write-Host "ERROR: Configuration file error - check config.json syntax" -ForegroundColor Red - exit 1 + exit $script:EXIT_ERROR_CONFIG } # Validate prerequisites (full framework pre-flight: system, domain, backup) @@ -166,7 +202,7 @@ try { if (-not $ok) { Write-Log -Level ERROR -Message "Framework prerequisites failed" -Module "Main" Write-Host "ERROR: Prerequisite checks failed. See log for details." -ForegroundColor Red - exit 1 + exit $script:EXIT_ERROR_PREREQUISITES } Write-Log -Level SUCCESS -Message "Framework prerequisites met" -Module "Main" @@ -174,13 +210,13 @@ try { catch { Write-ErrorLog -Message "Framework prerequisite validation failed" -Module "Main" -ErrorRecord $_ Write-Host "ERROR: System requirements not met - see log for details" -ForegroundColor Red - exit 1 + exit $script:EXIT_ERROR_PREREQUISITES } # Display banner Write-Host "" Write-Host "========================================" -ForegroundColor Cyan -Write-Host " NoID Privacy - v2.2.0" -ForegroundColor Cyan +Write-Host " NoID Privacy - v2.2.1" -ForegroundColor Cyan Write-Host " Windows 11 Security Hardening" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "" @@ -303,7 +339,7 @@ if (-not $Module) { $selIndex = [int]$selection - 1 if ($selIndex -lt 0 -or $selIndex -ge $sessions.Count) { Write-Host "Invalid selection." -ForegroundColor Red - exit 1 + exit $script:EXIT_ERROR_GENERAL } $selectedSession = $sessions[$selIndex] @@ -473,11 +509,24 @@ try { if ($result.Success) { Write-Log -Level SUCCESS -Message "Framework execution completed successfully" -Module "Main" - exit 0 + + # Check if reboot is recommended (certain modules modify kernel/driver settings) + $rebootModules = @("SecurityBaseline", "AdvancedSecurity", "AntiAI") + $executedModules = if ($Module -eq "All") { $rebootModules } else { @($Module) } + $needsReboot = @($executedModules | Where-Object { $_ -in $rebootModules }).Count -gt 0 + + if ($needsReboot -and -not $DryRun) { + Write-Host "" + Write-Host "NOTE: A system reboot is recommended for all changes to take effect." -ForegroundColor Yellow + exit $script:EXIT_SUCCESS_REBOOT + } + else { + exit $script:EXIT_SUCCESS + } } else { Write-Log -Level ERROR -Message "Framework execution completed with errors" -Module "Main" - exit 1 + exit $script:EXIT_ERROR_MODULE } } catch { @@ -486,5 +535,5 @@ catch { Write-Host "FATAL ERROR: Unexpected exception during execution" -ForegroundColor Red Write-Host "Error: $($_.Exception.Message)" -ForegroundColor Red Write-Host "" - exit 1 + exit $script:EXIT_ERROR_FATAL } diff --git a/README.md b/README.md index 250f8f5..f33d5ee 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ [![PowerShell](https://img.shields.io/badge/PowerShell-5.1%2B-blue.svg?logo=powershell)](https://github.com/PowerShell/PowerShell) [![Windows 11](https://img.shields.io/badge/Windows%2011-25H2-0078D4.svg?logo=windows11)](https://www.microsoft.com/windows/) [![License](https://img.shields.io/badge/license-GPL--3.0-green.svg?logo=gnu)](LICENSE) -[![Version](https://img.shields.io/badge/version-2.2.0-blue.svg)](CHANGELOG.md) +[![Version](https://img.shields.io/badge/version-2.2.1-blue.svg)](CHANGELOG.md) [![Status](https://img.shields.io/badge/status-production--ready-brightgreen.svg)]() --- @@ -391,13 +391,13 @@ cd noid-privacy | Module | Settings | Description | Status | |--------|----------|-------------|--------| -| **SecurityBaseline** | 425 | Microsoft Security Baseline 25H2 | v2.2.0 | -| **ASR** | 19 | Attack Surface Reduction Rules | v2.2.0 | -| **DNS** | 5 | Secure DNS with DoH encryption | v2.2.0 | -| **Privacy** | 78 | Telemetry, Bloatware, OneDrive hardening (Strict) | v2.2.0 | -| **AntiAI** | 32 | AI lockdown (15 features, 32 compliance checks) | v2.2.0 | -| **EdgeHardening** | 24 | Microsoft Edge security (24 policies) | v2.2.0 | -| **AdvancedSecurity** | 50 | Beyond MS Baseline (SRP, Legacy protocols, Wireless Display, Discovery Protocols, IPv6) | v2.2.0 | +| **SecurityBaseline** | 425 | Microsoft Security Baseline 25H2 | v2.2.1 | +| **ASR** | 19 | Attack Surface Reduction Rules | v2.2.1 | +| **DNS** | 5 | Secure DNS with DoH encryption | v2.2.1 | +| **Privacy** | 78 | Telemetry, Bloatware, OneDrive hardening (Strict) | v2.2.1 | +| **AntiAI** | 32 | AI lockdown (15 features, 32 compliance checks) | v2.2.1 | +| **EdgeHardening** | 24 | Microsoft Edge security (24 policies) | v2.2.1 | +| **AdvancedSecurity** | 50 | Beyond MS Baseline (SRP, Legacy protocols, Wireless Display, Discovery Protocols, IPv6) | v2.2.1 | | **TOTAL** | **633** | **Complete Framework (Paranoid mode)** | **Production** | **Release Highlights:** @@ -852,10 +852,18 @@ The authors are not responsible for any damage or data loss. ## 📈 Project Status -**Current Version:** 2.2.0 -**Last Updated:** December 8, 2025 +**Current Version:** 2.2.1 +**Last Updated:** December 19, 2025 **Status:** Production-Ready +### Release Highlights v2.2.1 + +- **Critical Fix:** Multi-run session bug (auditpol backup failures when running multiple times) +- **Fix:** `.Count` property bug in 5 files (Where-Object single-object results) +- **Improved:** ASR prompt text ("untrusted" → "new software" - more neutral) +- Full codebase review of backup/restore system (2970 lines) +- Wireless Display security verified against MS Policy CSP docs + ### Release Highlights v2.2.0 - 630+ settings (expanded from 580+) diff --git a/Start-NoIDPrivacy.bat b/Start-NoIDPrivacy.bat index 1bfae35..3e5fe28 100644 --- a/Start-NoIDPrivacy.bat +++ b/Start-NoIDPrivacy.bat @@ -7,12 +7,12 @@ REM This script launches NoIDPrivacy-Interactive.ps1 with REM Administrator privileges (auto-elevation). REM REM Author: NexusOne23 -REM Version: 2.2.0 +REM Version: 2.2.1 REM ======================================== setlocal -title NoID Privacy v2.2.0 +title NoID Privacy v2.2.1 REM Get the directory where this batch file is located set "SCRIPT_DIR=%~dp0" diff --git a/Tests/Run-Tests.ps1 b/Tests/Run-Tests.ps1 index 1c55d38..2ebc497 100644 --- a/Tests/Run-Tests.ps1 +++ b/Tests/Run-Tests.ps1 @@ -17,7 +17,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+, Pester 5.0+ .EXAMPLE diff --git a/Tests/Setup-TestEnvironment.ps1 b/Tests/Setup-TestEnvironment.ps1 index 2115d08..93a2025 100644 --- a/Tests/Setup-TestEnvironment.ps1 +++ b/Tests/Setup-TestEnvironment.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ .EXAMPLE diff --git a/Tests/Unit/ASR.Tests.ps1 b/Tests/Unit/ASR.Tests.ps1 index de1813f..24b97c6 100644 --- a/Tests/Unit/ASR.Tests.ps1 +++ b/Tests/Unit/ASR.Tests.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Pester 5.0+ #> diff --git a/Tests/Unit/AdvancedSecurity.Tests.ps1 b/Tests/Unit/AdvancedSecurity.Tests.ps1 index ab90e41..c224907 100644 --- a/Tests/Unit/AdvancedSecurity.Tests.ps1 +++ b/Tests/Unit/AdvancedSecurity.Tests.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Pester 5.0+ #> diff --git a/Tests/Unit/AntiAI.Tests.ps1 b/Tests/Unit/AntiAI.Tests.ps1 index 0c5d5dc..8b1e678 100644 --- a/Tests/Unit/AntiAI.Tests.ps1 +++ b/Tests/Unit/AntiAI.Tests.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Pester 5.0+ #> diff --git a/Tests/Unit/DNS.Tests.ps1 b/Tests/Unit/DNS.Tests.ps1 index 3e1263a..60cee72 100644 --- a/Tests/Unit/DNS.Tests.ps1 +++ b/Tests/Unit/DNS.Tests.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Pester 5.0+ #> diff --git a/Tests/Unit/EdgeHardening.Tests.ps1 b/Tests/Unit/EdgeHardening.Tests.ps1 index 00aaf4f..9434bae 100644 --- a/Tests/Unit/EdgeHardening.Tests.ps1 +++ b/Tests/Unit/EdgeHardening.Tests.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Pester 5.0+ #> diff --git a/Tests/Unit/ModuleTemplate.Tests.ps1 b/Tests/Unit/ModuleTemplate.Tests.ps1 index 1616293..313f507 100644 --- a/Tests/Unit/ModuleTemplate.Tests.ps1 +++ b/Tests/Unit/ModuleTemplate.Tests.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Pester 5.0+ #> diff --git a/Tests/Unit/Privacy.Tests.ps1 b/Tests/Unit/Privacy.Tests.ps1 index fee83df..518c244 100644 --- a/Tests/Unit/Privacy.Tests.ps1 +++ b/Tests/Unit/Privacy.Tests.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: Pester 5.0+ #> diff --git a/Tools/Parse-EdgeBaseline.ps1 b/Tools/Parse-EdgeBaseline.ps1 index 56d15fe..06c6f0f 100644 --- a/Tools/Parse-EdgeBaseline.ps1 +++ b/Tools/Parse-EdgeBaseline.ps1 @@ -18,7 +18,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ .EXAMPLE diff --git a/Tools/Parse-SecurityBaseline.ps1 b/Tools/Parse-SecurityBaseline.ps1 index 97121fa..a9c8005 100644 --- a/Tools/Parse-SecurityBaseline.ps1 +++ b/Tools/Parse-SecurityBaseline.ps1 @@ -25,7 +25,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ .EXAMPLE diff --git a/Tools/Verify-Complete-Hardening.ps1 b/Tools/Verify-Complete-Hardening.ps1 index 323317b..e8899cc 100644 --- a/Tools/Verify-Complete-Hardening.ps1 +++ b/Tools/Verify-Complete-Hardening.ps1 @@ -27,7 +27,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 #> #Requires -Version 5.1 @@ -3180,7 +3180,7 @@ try {
-

NoID Privacy v2.2.0

+

NoID Privacy v2.2.1

Complete Hardening Compliance Report

All $totalSettings Settings Verified
@@ -3200,7 +3200,7 @@ try {
Framework Version - NoID Privacy v2.2.0 + NoID Privacy v2.2.1
@@ -3642,7 +3642,7 @@ try {
-

Generated by NoID Privacy v2.2.0

+

Generated by NoID Privacy v2.2.1

Professional Windows 11 Security & Privacy Hardening Framework

diff --git a/Utils/Compatibility.ps1 b/Utils/Compatibility.ps1 index fd1a834..910bf63 100644 --- a/Utils/Compatibility.ps1 +++ b/Utils/Compatibility.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ #> diff --git a/Utils/Dependencies.ps1 b/Utils/Dependencies.ps1 index 87c5489..04d84f0 100644 --- a/Utils/Dependencies.ps1 +++ b/Utils/Dependencies.ps1 @@ -7,7 +7,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ #> diff --git a/Utils/Hardware.ps1 b/Utils/Hardware.ps1 index 1da9ecd..5c4a6cb 100644 --- a/Utils/Hardware.ps1 +++ b/Utils/Hardware.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ #> @@ -165,7 +165,7 @@ function Test-SSDDrive { } } -function Get-WindowsEdition { +function Get-WindowsEditionInfo { <# .SYNOPSIS Get Windows edition information @@ -224,7 +224,7 @@ function Get-HardwareReport { return [PSCustomObject]@{ OS = Get-WindowsVersion - Edition = Get-WindowsEdition + Edition = Get-WindowsEditionInfo CPU = Get-CPUInfo Memory = Get-MemoryInfo UEFI = Test-UEFIBoot diff --git a/Utils/Registry.ps1 b/Utils/Registry.ps1 index 239adbc..e7acd1d 100644 --- a/Utils/Registry.ps1 +++ b/Utils/Registry.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ #> diff --git a/Utils/Service.ps1 b/Utils/Service.ps1 index 94bcac0..882832f 100644 --- a/Utils/Service.ps1 +++ b/Utils/Service.ps1 @@ -8,7 +8,7 @@ .NOTES Author: NexusOne23 - Version: 2.2.0 + Version: 2.2.1 Requires: PowerShell 5.1+ #> diff --git a/config.json b/config.json index ee8c707..2d8d052 100644 --- a/config.json +++ b/config.json @@ -1,5 +1,5 @@ { - "version": "2.2.0", + "version": "2.2.1", "modules": { "SecurityBaseline": { "enabled": true, @@ -48,7 +48,7 @@ "description": "Microsoft Edge v139 Security Baseline: 24 security policies", "_comment": "Interactive: Allow extensions (Y/N, default: Y)", "allowExtensions": true, - "version": "2.2.0", + "version": "2.2.1", "baseline": "Edge v139", "policies": 24, "features": { @@ -75,7 +75,7 @@ "disableWirelessDisplay": false, "disableDiscoveryProtocols": true, "disableIPv6": false, - "version": "2.2.0", + "version": "2.2.1", "policies": 50, "features": { "rdp_hardening": true,