From 00ba9f18804ff1de8c67cc5bce097d25368221c2 Mon Sep 17 00:00:00 2001
From: Logan Cook <2997336+MWG-Logan@users.noreply.github.com>
Date: Fri, 6 Mar 2026 11:16:47 -0500
Subject: [PATCH 1/2] chore(docs): Update comments and instructions in security
 script

---
 Task/Windows Workstation Security Tweaks Combined Script.ps1 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Task/Windows Workstation Security Tweaks Combined Script.ps1 b/Task/Windows Workstation Security Tweaks Combined Script.ps1
index 129c2cd..d675df2 100644
--- a/Task/Windows Workstation Security Tweaks Combined Script.ps1	
+++ b/Task/Windows Workstation Security Tweaks Combined Script.ps1	
@@ -1,6 +1,9 @@
 <#
 Author: Logan Cook
 Notes: Requires `WinFeatureShould-Be` Helper function
+Instructions: To discover new items to enforce, visit https://security.microsoft.com/exposure-recommendations -> Devices -> Misconfigurations.
+    After selecting a misconfiguration and selecting the 'remediation options' tab, check if there is a registry control. If there is, that is what you use here.
+    If there is no registry control, the hardening is likely intended to be done via device CSPs. Intune (usually Attack Surface Reduction) is a great secondary enforcement mechanism.
 #>
 
 param(
@@ -176,4 +179,4 @@ Get-WindowsRegistryValue -Path "HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\F
 # Granular State gathering
 #   CMDlet DSC block
 
-WinFeatureShould-Be -Feature "SMB1Protocol" -State $SMB1
\ No newline at end of file
+WinFeatureShould-Be -Feature "SMB1Protocol" -State $SMB1

From d2fab8b834deebefc99c3fa4e020e538b8f73426 Mon Sep 17 00:00:00 2001
From: Logan Cook <2997336+MWG-Logan@users.noreply.github.com>
Date: Fri, 6 Mar 2026 11:20:51 -0500
Subject: [PATCH 2/2] chore: commit to kick cicd