Make them all run from Ansible
Delete ssh keys, save to a file in the admin directory
Scan directories for anything not signed by microsoft, mark it for removal. Remove obvious things like mesh agent and tacticalrmm
Change Kerberos password, mitigates Mimikatz?
Change accounts passwords in addition to disabling them, one extra step for the red team
Deletes Desktop shortcuts, replaces with actual shortcuts, so I never click the Firefox icon which is probably malware.
Add machine to domain, remove machine from domain.
Add to teleport.
Notify me whenever a new TCP connection is made, registry key added, etc.
Constantly scan?
Enable logging?