Script to Automate Implementation of Security & Compliance Analyzer Recommendations

Automated Script Limitations and Considerations

• The script only applies missing security best practices found on the machine where Veeam Backup & Replication is installed, where the script is run from. The script will not apply security best practices to any other machine.
• Some of the practices apply security settings that might affect other applications. For example, the script will attempt to disable SSL2.0 on a server, which will cause other applications that depend on SSL 2.0 to fail.
• Some of the practices apply security settings that might cause server lockdown. For example, the script may attempt to disable Remote Desktop Services (TermService), restricting RDP access to the server; it may also disable Windows Remote Management (WinRM service), which, when disabled, may cause problems with external management of the server.
• The script will not process Suppressed entries within the Security & Compliance Analyzer UI. Before using the apply option within the script, compare the report output of the script to the entries within the UI and suppress any security recommendations you do not want the script to attempt to remediate.
  Note: If you suppress any options after the script has generated its report, use option 1 to refresh the compliance report so that the script acknowledges the suppressed option(s). You'll note that the (total: #) for option 2 will change.
• This script does not have an undo option. Once changes are made, if you wish to revert those changes, you must do so manually.