The State of the Harden Windows Security

[HotCakeX]

Over the past several months, I have dedicated considerable effort to enhancing and maintaining the AppControl Manager, delivering numerous updates and performance improvements.

Over the coming weeks, my attention will shift to the Harden Windows Security application, where I intend to address as many outstanding feature requests from the Issues tracker as possible.

Key attributes of the new Harden Windows Security application include:

• Self-Contained Architecture: Developed in Rust and C#, with substantial code reuse from the AppControl Manager, ensuring stability and consistency.

• Expanded Feature Set: All existing Harden Windows Security capabilities, plus several enhancements driven by user feedback.

• Microsoft Store: It will be available via the Microsoft Store and Winget.

• PowerShell-Free Operation: Fully functional on systems without PowerShell or where PowerShell is disabled.

• Native Intune Integration: Seamless bulk deployment and management through Microsoft Intune.

• Cross-Architecture Support: Compatible with both ARM64 and x64 platforms.

• No External Dependencies: Unlike the current module, there is no requirement for LGPO.exe or other auxiliary executables.

• No 3rd party dependency or file will be used.

• No command-line support initially, it might be added later if enough users need it.

• Multilingual: It will support multiple languages and localizations.

I look forward to delivering a more robust, secure, and user-driven experience with Harden Windows Security application.

Feel free to add more feature requests by opening new issues.

[BuzzedHoney]

Can't wait :D

[HotCakeX]

Thought I'd give an update to the community on the progress of the Harden Windows Security App.

One of the cool things you will see is a Group Policy editor, ability to load POL files natively, convert them to a new specialized JSON format used by the app and vise versa. You will be able to double-click on POL Group Policy files in your system and open them in the new Harden Windows Security app.

You will also be able to highly customize each category, meaning every single policy in each category or sub-category is controllable by you. I know this has been a feature request for a long time from the users. The main categories view is still available just like the module currently offers for those who want to quickly apply the policies from the presets.

When the app is released, it will be in a mature feature-rich state, this is because in order to submit it to the Microsoft Store for validation, it must meet certain quality and feature requirements.

Lastly, the (bad news) is that I'm going to need about 10 more days to finish it up, I've only been able to work on it in my free time so in between my studies, other works and so on, but I promise it'll be worth it! so stay tuned! 😇

[HotCakeX]

Anytime:)

[teleportpast]

I’ve been trying out the app for a few days now and I really like how the sections are organized. Do the setting changes in the Protect section also affect Windows .pol files?

About the Group‑Policy editor, I can’t export the existing policies so I can tweak them. Is it possible to add a concrete example to the wiki that shows:

• which type of rule to pull from Microsoft’s site?
• how to add that rule into the ones you already have?
• is it possible to keep a copy of all the rules?

[HotCakeX]

New and updated docs will be available soon,

The Protect tab is a central hub that runs every sub-page's Verify/Apply/Remove features. If you navigate to each page, they all have those 3 buttons, so the Protect tab runs them, it doesn't have a separate logic.

which type of rule to pull from Microsoft’s site?

I'm not sure what you're referring to. Which Microsoft's site? which rule?

[teleportpast]

Do the setting changes in the Protect section also affect Windows .pol files?

What I want to know is where in Windows Harden Windows Security actually writes its changes. I’m guessing it touches different spots depending on what’s being tweaked.

I'm not sure what you're referring to. Which Microsoft's site? which rule?

I was looking at the site learn.microsoft.com and noticed that most of the time the rules get applied either through Group Policy or by editing the registry, for example Disable Find My device feature in the miscellaneous section:

	GPO	Registry
Disable Find My Device	Computer Configuration → Administrative Templates → Windows Components → Find My Device → Enable/disable Find my device.	HKLM\SOFTWARE\Policies\Microsoft\FindMyDevice – AllowFindMyDevice = 0

https://learn.microsoft.com/en-ie/windows/client-management/mdm/policy-csp-experience#allowfindmydevice

is it possible to keep a copy of all the rules?

After tweaking the rules, I’d like to be able to keep a copy in either POL or JSON format, and also in INF or JSON.

[HotCakeX]

@teleportpast
I added a new section to the Harden System Security app documentation explaining the files and directories structures. Also explains which file is used for which type of policy.

Security measure are primarily applied to Group Policies, but some are applied via Registry keys where Group Policies don't exist, and many are applied via native Windows APIs and COM/WMI.

The app currently doesn't support backup & restore functionality where you can import/export custom configs. That's something planned for a future update.

[HotCakeX]

Thanks everyone for showing your love and support and for being patient! 🫶🏻

The app is finally here, please check out the release notes for all of the information and if you feel like i didn't cover something please feel free to ask: https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/HardenSystemSecurity-v.1.0.1.0