Fixlet creation steps needed for the below task

Hi Team,

i need to re-mediate the vulnerabilities on windows 10 endpoints by following steps.So i need your help on the below steps in creating Fixlet.

  1. Remove shared passwords across all devices
  2. Implement ‘Pass the Hash’ prevention techniques and/or Local Administrator
    Password Solution (LAPS)
  3. Increase administrative passwords to a length of 15 chars or more, including
    special and numeric characters
  4. Rename the local ‘administrator’ account and deny network access to from
    this account
  5. Disable and/or remove all default and guest accounts

Thank you,

@bma

Do you have Bigfix Compliance sites? Most of this content would be covered there. Otherwise have a search here in the forum as well as on https://Bigfix.me

Hi @JasonWalker

We don’t have compliance site.
I have checked in the BigFix forum too but no luck

Can you please help me on the above 5 steps?

Thank in Heaps

as with most anything in BigFix.

Step 1 is figure out how you would do the steps manually with the command line.

Step 2 is create a fixlet to do those steps with BigFix.

RiyazBasha,
Everything past Item #1 is something considered “Standard” behavior with a secured Windows installation. If you have a Domain environment, you should do them via Group Policy Object (GPO) entries. If you don’t have a Domain, look up how to deploy Local Group Policies with BigFix. There are plenty of examples of how to do this in BigFix. It amounts to a Registry Setting. You would need to leave the Deployment BigFix Action Open perpetually so that if the settings were ever reverted by someone, BigFix would restore them to their secured settings.

I’m not clear what you are referring to with Item #1.