Windows Security Hardening

🚀 winsecMCP

winsecMCP is a Python-based MCP server designed to be used with the Claude client. It aims to assist administrators in automatically executing security configurations for Windows systems. This tool offers a series of functions to check and modify security settings, including firewall configuration, Remote Desktop Protocol (RDP) settings, User Account Control (UAC) settings, account policies (password requirements, lockout policies), service management and hardening, and user account management.

🚀 Quick Start

Run the script with administrator privileges and start the Claude client:

python winsecMCP.py

Ensure that the following content is added to your claude_desktop_config.json file:

{
  "mcpServers": {
    "windows_hardening_agent": {
      "command": "python",
      "args": [
        "C:\\Path\\to\\hardening_server.py"
      ]
    }
  }
}

✨ Features

Information Gathering

• Obtain system status and permission levels.
• Check the status of RDP, firewall, UAC, and guest accounts.
• View password policies and account lockout settings.
• Scan for potentially insecure services.

Security Hardening

• Enable/disable RDP.
• Configure the Windows firewall.
• Manage UAC settings.
• Set password and account lockout policies.
• Disable unnecessary services.
• Manage user accounts and group memberships.

📦 Installation

System Requirements

• Operating System: Windows
• Python Version: 3.10 or higher
• Administrator privileges (required for most operations)
• Required Python packages:
  • mcp

📄 License

This project is licensed under the Apache License 2.0. For detailed information, please refer to the LICENSE file.

⚠️ Important Note

This tool modifies system settings, which may affect the normal operation of the system. Please test it in a controlled environment before formal use. The author is not responsible for any damage or issues caused by the use of this tool.