Scribd
Upload
35 views2 pages

Test 5

This document describes how to automatically harden the PVWA server using a script and additional manual steps. The hardening script performs tasks like enabling IIS authentication, disabling unnecessary IIS features, updating SSL/TLS settings, enabling security policies, and more. The script can be run as administrator in PowerShell. Additional manual steps include removing unneeded protocols, services, clients, and Adobe Flash from the server.

Uploaded by

rafiki.gameiro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views2 pages

Test 5

This document describes how to automatically harden the PVWA server using a script and additional manual steps. The hardening script performs tasks like enabling IIS authentication, disabling unnecessary IIS features, updating SSL/TLS settings, enabling security policies, and more. The script can be run as administrator in PowerShell. Additional manual steps include removing unneeded protocols, services, clients, and Adobe Flash from the server.

Uploaded by

rafiki.gameiro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Harden the PVWA server | CyberArk Docs https://docs.cyberark.com/pam-self-hosted/Latest/en/Content/PAS%...

Harden the PVWA server


This topic describes how to automatically harden the PVWA server using the hardening script,
and manual steps that you perform after running the hardening script.

Overview
You can harden the PVWA server automatically using a script file. The hardening script file
performs the following tasks:

Imports the INF configuration

Validates server roles

Enables IIS Anonymous authentication

Disables IIS Registry shares

Disables IIS Directory browsing

Disables IIS WebDAV

Removes unnecessary IIS Mime types

IIS SSL/TLS settings

Updates IIS SSL\TLS settings

Configures ciphers suites

Policy configuration

Enables screen saver policies

Configures advanced audit policies

Configures Remote Desktop Services policies

Sets EventLog size and retention


General auditing, registry, and file system configuration
Registry audits

Registry permissions

FileSystem permissions

FileSystem audit

Disables services

1 de 2 12/03/2024, 11:18
Harden the PVWA server | CyberArk Docs https://docs.cyberark.com/pam-self-hosted/Latest/en/Content/PAS%...

Run the hardening script

Note
If you have installed PSM on the same machine as PVWA, the following automated tasks
may affect the PSM installation:
Importing INF configuration
Validating Server Roles
Remote Desktop Services
Before you run the hardening script, in the PVWA\InstallationAutomation folder, locate
and open the PVWA_Hardening_Config.xml file.
Make sure the following settings are configured to match your environment:
Set the IsPSMInstalled parameter to True if PSM is also on the same machine.
Set the RemoteDesktopServices step to Enable=Yes if there are any Remote
Desktop services installed on the machine.

In a PowerShell window, run the PVWA_Hardening.ps1 script as Administrator.

Manual hardening steps


Perform the following hardening steps after you have run the hardening script.

Remove or disable other protocols, services, or clients


Only the following protocols services or clients are required for the PVWA server:

Client for Microsoft Network

File and Printer Sharing for Microsoft Network

Internet Protocol Version 4 (TCP/IPv4)

Remove or disable any other protocols, services, or clients from your network connection
properties.

Also disable IPv6 unless it is specifically required for your PVWA server.

Remove Adobe Flash


Adobe Flash is not secure and not required by PVWA. If Adobe Flash is installed on your
PVWA server, remove it.

2 de 2 12/03/2024, 11:18

You might also like