[v1.0.27] - 2023-01-08

Added

• Added "Prevent standard users to install root certificates" policy
• Added a new category of policies, for Domain Controllers specific parameters
  • This is empty for now, will soon be populated...

[v1.0.26] - 2022-12-03

Added

• Added "Configure the maximum/minimum SMB2 client dialect supported" policies
• Added a NOTE to the "Enable PowerShell Constrained Language Mode" policy

Changed

• Updated the "Available Settings" pages

Fixed

• Typos and wording, both for en-US and fr-FR templates

[v1.0.25] - 2022-11-19

Added

• Configuration profiles for Schannel TLS cipher suites
  • Loosely based on Mozilla recommendations, ANSSI recommendations and best practices

[v1.0.24] - 2022-11-17

Fixed

• Apply "EnableCertPaddingCheck" as REG_SZ, not DWORD
• Improve Schannel-related descriptions

[v1.0.23] - 2022-10-17

Added

• "Disable the strong-name bypass feature" policy for .NET Framework
  • More infos in the .NET documentation: https://learn.microsoft.com/en-us/dotnet/standard/assembly/disable-strong-name-bypass-feature
• "Disable the SAM server TCP listener"
  • More details in this Twitter thread: https://twitter.com/agowa338/status/1581205232238796800
  • Credits to @tyranid for the registry key

[v1.0.22] - 2022-08-29

Added

• "Disable Time-Travel Debugging" policy (#11)
• "Remove current working directory from DLL search" policy (#10)

Fixed

• Typo in the fr-FR description of the "Number of PBKDF2 iterations for cached logons credentials hashing" policy

[v1.0.21] - 2022-08-12

Fixed

• Typo in the Disabled list of the NET 2 Strong Crypto policy (#9)

[v1.0.20] - 2022-07-23

Added

• "Disable the WPBT functionnality" policy (#8)

[v1.0.19] - 2022-05-23

Added

• New policy to enable/disable kCET support on 21H2+ systems
  • Thanks to Yarden Shafir (@yarden_shafir) and Connor McGarr (@33y0re)
  • Cf. https://connormcgarr.github.io/hvci/ (#Conclusion)

[v1.0.18] - 2022-02-07

Added

• "Disable standard user in safe boot mode" policy (#5)