Quickstart¶
This walks through the core lifecycle: audit → apply → report → drift. Run these in an elevated PowerShell on a test server first.
1. Audit¶
See how the server measures up against a baseline (read-only, changes nothing):
Each control returns PASS, FAIL, WARNING, MANUAL, NOT APPLICABLE, or ERROR, with a weighted security score.
2. Preview, then apply¶
Dry-run first, then harden (an automatic snapshot is taken before any change):
.\CloudInfraSecure.ps1 apply -Baseline CloudInfraSecure-Standard -WhatIf
.\CloudInfraSecure.ps1 apply -Baseline CloudInfraSecure-Standard
Apply is idempotent (already-compliant controls are skipped) and never reboots — controls that need a reboot are flagged in the result.
3. Report¶
Generate a branded, self-contained HTML report:
Open the newest file in C:\CloudInfraSecure\Reports\. Also available: -Format JSON and -Format CSV.
4. Verify¶
Marketplace-style assurance — integrity, score, baseline compliance, and drift since deployment:
5. Roll back (if needed)¶
.\CloudInfraSecure.ps1 rollback -Control WIN-SMB-001 # single control
.\CloudInfraSecure.ps1 rollback # entire latest snapshot
6. Enable drift monitoring¶
Register a daily check that alerts only when a hardened control regresses:
See Drift & Alerts to set up email notifications.
Fleet-friendly
Add -OutputFormat JSON to any command for machine-readable output, and rely on exit codes (0 success · 1 FAIL · 2 error · 3 not admin · 4 drift) for automation.