powershell-security-hardening

Original：🇺🇸 English

Translated

5 scripts

Expert in Windows security hardening and PowerShell security configuration. Specializes in securing automation, enforcing least privilege, and aligning with enterprise security baselines. Use for securing PowerShell environments and Windows systems. Triggers include "PowerShell security", "constrained language mode", "JEA", "execution policy", "security baseline", "PowerShell logging".

1installs

Source404kidwiz/claude-supercode-skills

Added on2026-02-08

NPX Install

npx skill4agent add 404kidwiz/claude-supercode-skills powershell-security-hardening

SKILL.md Content

View Translation Comparison →

PowerShell Security Hardening

Purpose

Provides expertise in Windows security hardening and PowerShell security configuration. Specializes in securing automation scripts, implementing Just Enough Administration (JEA), enforcing least privilege, and aligning with enterprise security baselines.

When to Use

Configuring PowerShell security policies
Implementing Constrained Language Mode
Setting up Just Enough Administration (JEA)
Enabling PowerShell logging and auditing
Securing automation credentials
Applying CIS/STIG baselines
Protecting against PowerShell attacks
Implementing execution policies

Quick Start

Invoke this skill when:

Hardening PowerShell environments
Implementing JEA or constrained language mode
Configuring PowerShell logging
Securing automation credentials
Applying security baselines

Do NOT invoke when:

General Windows administration → use
```
/windows-infra-admin
```
PowerShell development → use
```
/powershell-7-expert
```
Active Directory security → use
```
/ad-security-reviewer
```
Network security → use
```
/network-engineer
```

Decision Framework

Security Requirement?
├── Script Execution Control
│   ├── Basic → Execution Policy
│   └── Strict → AppLocker/WDAC
├── Language Restriction
│   └── Constrained Language Mode
├── Privilege Reduction
│   └── JEA (Just Enough Administration)
└── Auditing
    └── Script Block Logging + Transcription

Core Workflows

1. PowerShell Logging Setup

Enable Script Block Logging via GPO
Enable Module Logging for key modules
Configure transcription to secure location
Set up protected event log forwarding
Create alerts for suspicious patterns
Test logging with sample scripts

2. JEA Configuration

Define role capabilities file
Specify allowed cmdlets and parameters
Create session configuration
Register JEA endpoint
Test with limited user account
Document role assignments

3. Constrained Language Mode

Assess application requirements
Create AppLocker/WDAC policy
Enable CLM for untrusted scripts
Whitelist required scripts
Test application functionality
Monitor for bypass attempts

Best Practices

Enable script block logging on all systems
Use JEA instead of full admin rights
Store credentials in secure vault (not scripts)
Apply AMSI for malware detection
Use signed scripts with AllSigned policy
Regularly audit PowerShell usage logs

Anti-Patterns

Anti-Pattern	Problem	Correct Approach
Credentials in scripts	Exposure risk	SecretManagement vault
Disabled logging	No visibility	Enable all logging
Bypass execution policy	Security theater	AppLocker/WDAC
Full admin for automation	Over-privileged	JEA with minimal rights
Ignoring AMSI	Malware blind spot	Keep AMSI enabled