Harden Windows Security script update v2023.8.11

1. Removed the Windows Kernel Information Disclosure CVE-2023-32019 category and security measures, because it's now enabled by default in Windows and is no longer necessary.

The resolution described in this article has been released enabled by default. To apply the enabled by default resolution, install the Windows update that is dated on or after August 8, 2023. No further user action is required.

2. Enhanced the clarity and security of the script’s code by employing single quotation marks instead of double quotation marks wherever feasible and rigorously/explicitly specifying the types of the variables.

3. Changed the security measure related to Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. The majority of this security measure has been implemented by default in Windows now, leaving only a minor portion outstanding. This final segment is also provisional and will soon be fully activated by default as the document indicates. Once this occurs, it will become superfluous and this script will cease to incorporate it.

As always, the paramount thing you have to do is to ensure your operating system (OS) is always up to date and latest version.

4. In the Miscellaneous category, when adding all user accounts to the Hyper-V security group, the group is now detected using its SID rather than name. This makes it work on systems with non-English locales.

5. The "Restrict Unauthenticated RPC Clients" policy when set to "Authenticated without exceptions" prevents Windows Sandbox from working. So, that policy which was added 3 days ago is now removed.

Microsoft Security Baseline sets it to the correct secure value which is "Authenticated" but "Authenticated without exceptions" is more restrict and causes that problem.

All you have to do to revert it back is to run the script again, specially the Microsoft Security Baseline category, so that it will change to the correct value and you will be able to use Windows Sandbox again.