From 64b9e3c5f43350e70fc0c287f026a508ddb70df9 Mon Sep 17 00:00:00 2001 From: sysadmin Date: Tue, 9 Jun 2026 02:22:04 +0100 Subject: [PATCH] feat(welcome): Invoke-Hardening accepts -Modules subset + -ParamsJson --- windows/hardening/Invoke-Hardening.ps1 | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/windows/hardening/Invoke-Hardening.ps1 b/windows/hardening/Invoke-Hardening.ps1 index 2359e27..81d2b25 100644 --- a/windows/hardening/Invoke-Hardening.ps1 +++ b/windows/hardening/Invoke-Hardening.ps1 @@ -1,17 +1,18 @@ #Requires -Version 5.1 -<# SilverMetal Enhanced - Windows | First-boot hardening runner. - Runs the §A-H modules (00*.ps1 .. 08*.ps1) in order, then the Verify gate. - Called by SetupComplete.cmd via -File (no cmd-quoting fragility). Logs to the - pipeline that SetupComplete redirects. -#> -[CmdletBinding()] param() +<# Runs the §A-H modules (optionally a subset) then Verify. + -Modules "00","03","05" -> run only those numeric-prefixed modules (default: all 0*). + -ParamsJson '{"wdac":"audit"}' -> exported as $env:SM_PARAMS for modules to read. #> +[CmdletBinding()] param([string[]]$Modules, [string]$ParamsJson) $ErrorActionPreference = 'Continue' $here = Split-Path -Parent $MyInvocation.MyCommand.Path +if ($ParamsJson) { $env:SM_PARAMS = $ParamsJson } Write-Host "=== SilverMetal hardening modules ===" -Get-ChildItem (Join-Path $here '0*.ps1') | Sort-Object Name | ForEach-Object { - Write-Host "--> $($_.Name)" - try { & $_.FullName } catch { Write-Warning "$($_.Name) FAILED: $_" } +$all = Get-ChildItem (Join-Path $here '0*.ps1') | Sort-Object Name +if ($Modules) { $all = $all | Where-Object { $Modules -contains $_.Name.Substring(0,2) } } +foreach ($f in $all) { + Write-Host "--> $($f.Name)" + try { & $f.FullName } catch { Write-Warning "$($f.Name) FAILED: $_" } } -Write-Host "=== Verify (effects needing reboot/PIN will show pending) ===" +Write-Host "=== Verify ===" try { & (Join-Path $here 'Verify-SilverMetalWindows.ps1') } catch { Write-Warning "Verify error: $_" } -Write-Host "=== SilverMetal hardening runner done ===" +Write-Host "=== runner done ==="