edwin
/
windows-server-hardening
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Powershell scripts to harden Windows Server 2016 & 2019
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
164 KiB
 
Tag: Branch: Tree: c8ce0d79e0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c8ce0d79e0'
${ noResults }
windows-server-hardening/HT-WindowsServer2016.ps1

2484 lines
91 KiB
Raw Blame History

<#
.DESCRIPTION
This script aims to harden Hot Topic Windows Server 2016 using Desired State Configurations (DSC) for CIS Benchmark Windows Server 2016
.EXAMPLE
.\HT-WindowsServer2016.ps1 [Script will generate MOF files in directory]
Start-DscConfiguration -Path .\HT-WindowsServer2016 -Force -Verbose -Wait
#>
# Configuration Definition
Configuration HT-WindowsServer2016 {
param (
[string[]]$ComputerName ='localhost'
)
Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
Import-DscResource -ModuleName 'AuditPolicyDsc'
Import-DscResource -ModuleName 'SecurityPolicyDsc'
Import-DscResource -ModuleName 'NetworkingDsc'
Node $ComputerName {
AccountPolicy AccountPolicies
{
Name = 'PasswordPolicies'
# CceId: CCE-37166-6
# DataSource: Security Policy
# Ensure 'Enforce password history' is set to '24 or more password'
Enforce_password_history = 24
# CceId: CCE-37167-4
# DataSource: Security Policy
# Ensure 'Maximum password age' is set to '90 or fewer days, but not 0'
Maximum_Password_Age = 90
# CceId: CCE-37073-4
# DataSource: Security Policy
# Ensure 'Minimum password age' is set to '1 or more day'
Minimum_Password_Age = 1
# CceId: CCE-36534-6
# DataSource: Security Policy
# Ensure 'Minimum password length' is set to '12 or more character'
Minimum_Password_Length = 12
# CceId: CCE-37063-5
# DataSource: Security Policy
# Ensure 'Password must meet complexity requirements' is set to 'Enabled'
Password_must_meet_complexity_requirements = 'Enabled'
# CceId: CCE-36286-3
# DataSource: Security Policy
# Ensure 'Store passwords using reversible encryption' is set to 'Disabled'
Store_passwords_using_reversible_encryption = 'Disabled'
}
# CceId: CCE-35818-4
# DataSource: Security Policy
# Configure 'Access this computer from the network'
UserRightsAssignment Accessthiscomputerfromthenetwork {
Policy = 'Access_this_computer_from_the_network'
Identity = 'Administrators, Authenticated Users'
}
# CceId: CCE-37072-6
# DataSource: Security Policy
# Configure 'Allow log on through Remote Desktop Services'
UserRightsAssignment AllowlogonthroughRemoteDesktopServices {
Policy = 'Allow_log_on_through_Remote_Desktop_Services'
Identity = 'Administrators, Remote Desktop Users'
}
# CceId: CCE-37659-0
# DataSource: Security Policy
# Configure 'Allow log on locally'
UserRightsAssignment Allowlogonlocally {
Policy = 'Allow_log_on_locally'
Identity = 'Administrators'
}
# CceId: CCE-35823-4
# DataSource: Security Policy
# Configure 'Create symbolic links'
UserRightsAssignment Createsymboliclinks {
Policy = 'Create_symbolic_links'
Identity = 'Administrators'
}
# CceId: CCE-37954-5
# DataSource: Security Policy
# Configure 'Deny access to this computer from the network'
UserRightsAssignment Denyaccesstothiscomputerfromthenetwork {
Policy = 'Deny_access_to_this_computer_from_the_network'
Identity = 'Guests'
}
# CceId: CCE-36860-5
# DataSource: Security Policy
# Configure 'Enable computer and user accounts to be trusted for delegation'
UserRightsAssignment Enablecomputeranduseraccountstobetrustedfordelegation {
Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
Identity = ''
}
# CceId: CCE-35906-7
# DataSource: Security Policy
# Configure 'Manage auditing and security log'
UserRightsAssignment Manageauditingandsecuritylog {
Policy = 'Manage_auditing_and_security_log'
Identity = 'Administrators'
}
# CceId: CCE-37056-9
# DataSource: Security Policy
# Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'
UserRightsAssignment AccessCredentialManagerasatrustedcaller {
Policy = 'Access_Credential_Manager_as_a_trusted_caller'
Identity = ''
}
# CceId: CCE-36876-1
# DataSource: Security Policy
# Ensure 'Act as part of the operating system' is set to 'No One'
UserRightsAssignment Actaspartoftheoperatingsystem {
Policy = 'Act_as_part_of_the_operating_system'
Identity = ''
}
# CceId: CCE-35912-5
# DataSource: Security Policy
# Ensure 'Back up files and directories' is set to 'Administrators'
UserRightsAssignment Backupfilesanddirectories {
Policy = 'Back_up_files_and_directories'
Identity = 'Administrators,Backup Operators'
}
# CceId: CCE-37452-0
# DataSource: Security Policy
# Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'
UserRightsAssignment Changethesystemtime {
Policy = 'Change_the_system_time'
Identity = 'Administrators, LOCAL SERVICE'
}
# CceId: CCE-37700-2
# DataSource: Security Policy
# Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'
UserRightsAssignment Changethetimezone {
Policy = 'Change_the_time_zone'
Identity = 'Administrators, LOCAL SERVICE'
}
# CceId: CCE-35821-8
# DataSource: Security Policy
# Ensure 'Create a pagefile' is set to 'Administrators'
UserRightsAssignment Createapagefile {
Policy = 'Create_a_pagefile'
Identity = 'Administrators'
}
# CceId: CCE-36861-3
# DataSource: Security Policy
# Ensure 'Create a token object' is set to 'No One'
UserRightsAssignment Createatokenobject {
Policy = 'Create_a_token_object'
Identity = ''
}
# CceId: CCE-37453-8
# DataSource: Security Policy
# Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'
UserRightsAssignment Createglobalobjects {
Policy = 'Create_global_objects'
Identity = 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'
}
# CceId: CCE-36532-0
# DataSource: Security Policy
# Ensure 'Create permanent shared objects' is set to 'No One'
UserRightsAssignment Createpermanentsharedobjects {
Policy = 'Create_permanent_shared_objects'
Identity = ''
}
# CceId: CCE-36923-1
# DataSource: Security Policy
# Ensure 'Deny log on as a batch job' to include 'Guests'
UserRightsAssignment Denylogonasabatchjob {
Policy = 'Deny_log_on_as_a_batch_job'
Identity = 'Guests'
}
# CceId: CCE-36877-9
# DataSource: Security Policy
# Ensure 'Deny log on as a service' to include 'Guests'
UserRightsAssignment Denylogonasaservice {
Policy = 'Deny_log_on_as_a_service'
Identity = 'Guests'
}
# CceId: CCE-37146-8
# DataSource: Security Policy
# Ensure 'Deny log on locally' to include 'Guests'
UserRightsAssignment Denylogonlocally {
Policy = 'Deny_log_on_locally'
Identity = 'Guests'
}
# CceId: CCE-36867-0
# DataSource: Security Policy
# Ensure 'Deny log on through Remote Desktop Services' to include 'Guests'
UserRightsAssignment DenylogonthroughRemoteDesktopServices {
Policy = 'Deny_log_on_through_Remote_Desktop_Services'
Identity = 'Guests'
}
# CceId: CCE-37877-8
# DataSource: Security Policy
# Ensure 'Force shutdown from a remote system' is set to 'Administrators'
UserRightsAssignment Forceshutdownfromaremotesystem {
Policy = 'Force_shutdown_from_a_remote_system'
Identity = 'Administrators'
}
# CceId: CCE-37639-2
# DataSource: Security Policy
# Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'
UserRightsAssignment Generatesecurityaudits {
Policy = 'Generate_security_audits'
Identity = 'LOCAL SERVICE, NETWORK SERVICE'
}
# CceId: CCE-38326-5
# DataSource: Security Policy
# Ensure 'Increase scheduling priority' is set to 'Administrators'
UserRightsAssignment Increaseschedulingpriority {
Policy = 'Increase_scheduling_priority'
Identity = 'Administrators'
}
# CceId: CCE-36318-4
# DataSource: Security Policy
# Ensure 'Load and unload device drivers' is set to 'Administrators'
UserRightsAssignment Loadandunloaddevicedrivers {
Policy = 'Load_and_unload_device_drivers'
Identity = 'Administrators'
}
# CceId: CCE-36495-0
# DataSource: Security Policy
# Ensure 'Lock pages in memory' is set to 'No One'
UserRightsAssignment Lockpagesinmemory {
Policy = 'Lock_pages_in_memory'
Identity = ''
}
# CceId: CCE-36054-5
# DataSource: Security Policy
# Ensure 'Modify an object label' is set to 'No One'
UserRightsAssignment Modifyanobjectlabel {
Policy = 'Modify_an_object_label'
Identity = ''
}
# CceId: CCE-38113-7
# DataSource: Security Policy
# Ensure 'Modify firmware environment values' is set to 'Administrators'
UserRightsAssignment Modifyfirmwareenvironmentvalues {
Policy = 'Modify_firmware_environment_values'
Identity = 'Administrators'
}
# CceId: CCE-36143-6
# DataSource: Security Policy
# Ensure 'Perform volume maintenance tasks' is set to 'Administrators'
UserRightsAssignment Performvolumemaintenancetasks {
Policy = 'Perform_volume_maintenance_tasks'
Identity = 'Administrators'
}
# CceId: CCE-37131-0
# DataSource: Security Policy
# Ensure 'Profile single process' is set to 'Administrators'
UserRightsAssignment Profilesingleprocess {
Policy = 'Profile_single_process'
Identity = 'Administrators'
}
# CceId: CCE-36052-9
# DataSource: Security Policy
# Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'
UserRightsAssignment Profilesystemperformance {
Policy = 'Profile_system_performance'
Identity = 'Administrators,WdiServiceHost'
}
# CceId: CCE-37430-6
# DataSource: Security Policy
# Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'
UserRightsAssignment Replaceaprocessleveltoken {
Policy = 'Replace_a_process_level_token'
Identity = 'LOCAL SERVICE, NETWORK SERVICE'
}
# CceId: CCE-37613-7
# DataSource: Security Policy
# Ensure 'Restore files and directories' is set to 'Administrators, Backup Operators'
UserRightsAssignment Restorefilesanddirectories {
Policy = 'Restore_files_and_directories'
Identity = 'Administrators, Backup Operators'
}
# CceId: CCE-38328-1
# DataSource: Security Policy
# Ensure 'Shut down the system' is set to 'Administrators'
UserRightsAssignment Shutdownthesystem {
Policy = 'Shut_down_the_system'
Identity = 'Administrators'
}
# CceId: CCE-38325-7
# DataSource: Security Policy
# Ensure 'Take ownership of files or other objects' is set to 'Administrators'
UserRightsAssignment Takeownershipoffilesorotherobjects {
Policy = 'Take_ownership_of_files_or_other_objects'
Identity = 'Administrators'
}
# Control No: AZ-WIN-00184
# DataSource: Security Policy
# Bypass traverse checking
UserRightsAssignment Bypasstraversechecking {
Policy = 'Bypass_traverse_checking'
Identity = 'Administrators, Authenticated Users, Backup Operators, Local Service, Network Service'
}
# Control No: AZ-WIN-00185
# DataSource: Security Policy
# Increase a process working set
UserRightsAssignment Increaseaprocessworkingset {
Policy = 'Increase_a_process_working_set'
Identity = 'Administrators, Local Service'
}
SecurityOption AccountSecurityOptions {
Name = 'AccountSecurityOptions'
# CceId: CCE-37615-2
# DataSource: Registry Policy
# Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'
Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled'
# CceId: CCE-35907-5
# DataSource: Registry Policy
# Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'
Audit_Shut_down_system_immediately_if_unable_to_log_security_audits = 'Disabled'
# CceId: CCE-37942-0
# DataSource: Registry Policy
# Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'
Devices_Prevent_users_from_installing_printer_drivers = 'Enabled'
# CceId: CCE-36142-8
# DataSource: Registry Policy
# Ensure 'Domain member: Digitally encrypt or sign secure channel data ' is set to 'Enabled'
Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled'
# CceId: CCE-37130-2
# DataSource: Registry Policy
# Ensure 'Domain member: Digitally encrypt secure channel data ' is set to 'Enabled'
Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled'
# CceId: CCE-37222-7
# DataSource: Registry Policy
# Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'
Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled'
# CceId: CCE-37508-9
# DataSource: Registry Policy
# Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'
Domain_member_Disable_machine_account_password_changes = 'Disabled'
# CceId: CCE-37431-4
# DataSource: Registry Policy
# Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'
Domain_member_Maximum_machine_account_password_age = '30'
# CceId: CCE-37614-5
# DataSource: Registry Policy
# Ensure 'Domain member: Require strong session key' is set to 'Enabled'
Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled'
# CceId: CCE-36056-0
# DataSource: Registry Policy
# Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'
Interactive_logon_Do_not_display_last_user_name = 'Enabled'
# CceId: CCE-37637-6
# DataSource: Registry Policy
# Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'
Interactive_logon_Do_not_require_CTRL_ALT_DEL = 'Disabled'
# CceId: CCE-36325-9
# DataSource: Registry Policy
# Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'
Microsoft_network_client_Digitally_sign_communications_always = 'Enabled'
# CceId: CCE-36269-9
# DataSource: Registry Policy
# Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'
Microsoft_network_client_Digitally_sign_communications_if_server_agrees = 'Enabled'
# CceId: CCE-37863-8
# DataSource: Registry Policy
# Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'
Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled'
# CceId: CCE-38046-9
# DataSource: Registry Policy
# Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute, but not 0'
Microsoft_network_server_Amount_of_idle_time_required_before_suspending_session = '15'
# CceId: CCE-37864-6
# DataSource: Registry Policy
# Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'
Microsoft_network_server_Digitally_sign_communications_always = 'Enabled'
# CceId: CCE-35988-5
# DataSource: Registry Policy
# Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'
Microsoft_network_server_Digitally_sign_communications_if_client_agrees = 'Enabled'
# CceId: CCE-37972-7
# DataSource: Registry Policy
# Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'
Microsoft_network_server_Disconnect_clients_when_logon_hours_expire = 'Enabled'
# CceId: CCE-36077-6
# DataSource: Registry Policy
# Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'
Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled'
# CceId: CCE-36316-8
# DataSource: Registry Policy
# Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'
Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled'
# CceId: CCE-36148-5
# DataSource: Registry Policy
# Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'
Network_access_Let_Everyone_permissions_apply_to_anonymous_users = 'Disabled'
# CceId: CCE-36021-4
# DataSource: Registry Policy
# Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'
Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled'
# CceId: CCE-37623-6
# DataSource: Registry Policy
# Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'
Network_access_Sharing_and_security_model_for_local_accounts = 'Classic - Local users authenticate as themselves'
# Control no: AZ-WIN-00142
# DataSource: Registry Policy
# Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'
# Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = 'Administrators: Remote Access: Allow'
# CceId: CCE-37035-3
# DataSource: Registry Policy
# Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'
Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled'
# CceId: CCE-38047-7
# DataSource: Registry Policy
# Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'
Network_security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities = 'Disabled'
# CceId: CCE-36326-7
# DataSource: Registry Policy
# Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'
Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled'
# CceId: CCE-36858-9
# DataSource: Registry Policy
# Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher
Network_security_LDAP_client_signing_requirements = 'Negotiate Signing'
# CceId: CCE-37553-5
# DataSource: Registry Policy
# Ensure 'Network security: Minimum session security for NTLM SSP based clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'
Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked'
# CceId: CCE-37835-6
# DataSource: Registry Policy
# Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'
Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked'
# CceId: CCE-36788-8
# DataSource: Registry Policy
# Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'
Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on = 'Disabled'
# CceId: CCE-37885-1
# DataSource: Registry Policy
# Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'
System_objects_Require_case_insensitivity_for_non_Windows_subsystems = 'Enabled'
# CceId: CCE-37644-2
# DataSource: Registry Policy
# Ensure 'System objects: Strengthen default permissions of internal system objects ' is set to 'Enabled'
System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled'
# CceId: CCE-36494-3
# DataSource: Registry Policy
# Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'
User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled'
# CceId: CCE-36863-9
# DataSource: Registry Policy
# Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'
User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop = 'Disabled'
# CceId: CCE-37029-6
# DataSource: Registry Policy
# Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'
User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop'
# CceId: CCE-36864-7
# DataSource: Registry Policy
# Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'
User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request'
# CceId: CCE-36533-8
# DataSource: Registry Policy
# Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'
User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled'
# CceId: CCE-37057-7
# DataSource: Registry Policy
# Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'
User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled'
# CceId: CCE-36869-6
# DataSource: Registry Policy
# Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'
User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled'
# CceId: CCE-36866-2
# DataSource: Registry Policy
# Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'
User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation = 'Enabled'
# CceId: CCE-37064-3
# DataSource: Registry Policy
# Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'
User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled'
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00180
# DataSource: Registry Policy
# Recovery console: Allow floppy copy and access to all drives and all folders
Recovery_console_Allow_floppy_copy_and_access_to_all_drives_and_folders = 'Disabled'
# CceId: CCE-38341-4
# DataSource: Registry Policy
# Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'
Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM = 'Enabled'
# CceId: CCE-38095-6
# DataSource: Registry Policy
# Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'
Network_access_Shares_that_can_be_accessed_anonymously = ''
# CceId: CCE-37850-5
# DataSource: Registry Policy
# Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'
Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled'
# CceId: CCE-37755-6
# DataSource: Registry Policy
# Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'
Network_security_Configure_encryption_types_allowed_for_Kerberos = 'RC4_HMAC_MD5','AES128_HMAC_SHA1','AES256_HMAC_SHA1','FUTURE'
# CceId: CCE-37194-8
# DataSource: Registry Policy
# Configure 'Network access: Remotely accessible registry paths'
# BUG - https://github.com/PowerShell/SecurityPolicyDsc/issues/83
# Network_access_Remotely_accessible_registry_paths = 'System\CurrentControlSet\Control\ProductOptions, System\CurrentControlSet\Control\Server Applications, SOFTWARE\Microsoft\Windows NT\CurrentVersion'
# CceId: CCE-36173-3
# DataSource: Registry Policy
# Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'
Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM'
# CceId: CCE-37701-0
# DataSource: Registry Policy
# Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators'
Devices_Allowed_to_format_and_eject_removable_media = 'Administrators'
# CceId: CCE-36347-3
# DataSource: Registry Policy
# Configure 'Network access: Remotely accessible registry paths and sub-paths'
# BUG - https://github.com/PowerShell/SecurityPolicyDsc/issues/83
#Network_access_Remotely_accessible_registry_paths_and_subpaths = 'System\CurrentControlSet\Control\Print\Printers, System\CurrentControlSet\Services\Eventlog, Software\Microsoft\OLAP Server, Software\Microsoft\Windows NT\CurrentVersion\Print, Software\Microsoft\Windows NT\CurrentVersion\Windows, System\CurrentControlSet\Control\ContentIndex, System\CurrentControlSet\Control\Terminal Server, System\CurrentControlSet\Control\Terminal Server\UserConfig, System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration, Software\Microsoft\Windows NT\CurrentVersion\Perflib, System\CurrentControlSet\Services\SysmonLog'
# CceId: CCE-37432-2
# DataSource: Security Policy
# Ensure 'Accounts: Guest account status' is set to 'Disabled'
Accounts_Guest_account_status = 'Disabled'
}
# CceId: CCE-38329-9
# DataSource: Audit Policy
# Ensure 'Audit Application Group Management' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit Application Group Management (Success)'
{
Name = 'Application Group Management'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Application Group Management (Failure)'
{
Name = 'Application Group Management'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# CceId: CCE-38004-8
# DataSource: Audit Policy
# Ensure 'Audit Computer Account Management' is set to 'Success'
AuditPolicySubcategory 'Audit Computer Account Management (Success)'
{
Name = 'Computer Account Management'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Computer Account Management (Failure)'
{
Name = 'Computer Account Management'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# CceId: CCE-37741-6
# DataSource: Audit Policy
# Ensure 'Audit Credential Validation' is set to 'Success and Failure'
AuditPolicySubcategory "Audit Credential Validation (Success)"
{
Name = 'Credential Validation'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Credential Validation (Failure)'
{
Name = 'Credential Validation'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# CceId: CCE-36265-7
# DataSource: Audit Policy
# Ensure 'Audit Distribution Group Management' is set to 'No Auditing'
AuditPolicySubcategory 'Audit Distribution Group Management (Success)'
{
Name = 'Distribution Group Management'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Distribution Group Management (Failure)'
{
Name = 'Distribution Group Management'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# CceId: CCE-38237-4
# DataSource: Audit Policy
# Ensure 'Audit Logoff' is set to 'Success'
AuditPolicySubcategory 'Audit Logoff (Success)'
{
Name = 'Logoff'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Logoff (Failure)'
{
Name = 'Logoff'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# CceId: CCE-38036-0
# DataSource: Audit Policy
# Ensure 'Audit Logon' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit Logon (Success)'
{
Name = 'Logon'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Logon (Failure)'
{
Name = 'Logon'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# CceId: CCE-37855-4
# DataSource: Audit Policy
# Ensure 'Audit Other Account Management Events' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit Other Account Management Events (Success)'
{
Name = 'Other Account Management Events'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Other Account Management Events (Failure)'
{
Name = 'Other Account Management Events'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00182
# DataSource: Audit Policy
# Ensure 'Audit PNP Activity' is set to 'Success'
AuditPolicySubcategory 'Audit PNP Activity (Success)' {
Name = 'Plug and Play Events'
Ensure = 'Present'
AuditFlag = 'Success'
}
AuditPolicySubcategory 'Audit PNP Activity (Failure)' {
Name = 'Plug and Play Events'
Ensure = 'Absent'
AuditFlag = 'Failure'
}
# CceId: CCE-36059-4
# DataSource: Audit Policy
# Ensure 'Audit Process Creation' is set to 'Success'
AuditPolicySubcategory 'Audit Process Creation (Success)'
{
Name = 'Process Creation'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Process Creation (Failure)'
{
Name = 'Process Creation'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# CceId: CCE-37617-8
# DataSource: Audit Policy
# Ensure 'Audit Removable Storage' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit Removable Storage (Success)' {
Name = 'Removable Storage'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Removable Storage (Failure)' {
Name = 'Removable Storage'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# CceId: CCE-38034-5
# DataSource: Audit Policy
# Ensure 'Audit Security Group Management' is set to 'Success'
AuditPolicySubcategory 'Audit Security Group Management (Success)'
{
Name = 'Security Group Management'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Security Group Management (Failure)'
{
Name = 'Security Group Management'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# CceId: CCE-36266-5
# DataSource: Audit Policy
# Ensure 'Audit Special Logon' is set to 'Success'
AuditPolicySubcategory 'Audit Special Logon (Success)'
{
Name = 'Special Logon'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Special Logon (Failure)'
{
Name = 'Special Logon'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# CceId: CCE-37856-2
# DataSource: Audit Policy
# Ensure 'Audit User Account Management' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit User Account Management (Success)'
{
Name = 'User Account Management'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit User Account Management (Failure)'
{
Name = 'User Account Management'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# CceId: NOT_ASSIGNED
# DataSource: Audit Policy
# Audit Non Sensitive Privilege Use
AuditPolicySubcategory 'Audit Non Sensitive Privilege Use (Success)'
{
Name = 'Non Sensitive Privilege Use'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Non Sensitive Privilege Use (Failure)'
{
Name = 'Non Sensitive Privilege Use'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# CceId: CCE-38327-3
# DataSource: Audit Policy
# Ensure 'Audit Authentication Policy Change' is set to 'Success'
AuditPolicySubcategory 'Audit Authentication Policy Change (Success)' {
Name = 'Authentication Policy Change'
Ensure = 'Present'
AuditFlag = 'Success'
}
AuditPolicySubcategory 'Audit Authentication Policy Change (Failure)' {
Name = 'Authentication Policy Change'
Ensure = 'Absent'
AuditFlag = 'Failure'
}
# CceId: CCE-38114-5
# DataSource: Audit Policy
# Ensure 'Audit Security State Change' is set to 'Success'
AuditPolicySubcategory 'Audit Security State Change (Success)' {
Name = 'Security State Change'
Ensure = 'Present'
AuditFlag = 'Success'
}
AuditPolicySubcategory 'Audit Security State Change (Failure)' {
Name = 'Security State Change'
Ensure = 'Absent'
AuditFlag = 'Failure'
}
# CceId: CCE-38028-7
# DataSource: Audit Policy
# Ensure 'Audit Policy Change' is set to 'Success'
AuditPolicySubcategory 'Audit Policy Change (Success)'
{
Name = 'Audit Policy Change'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Policy Change (Failure)'
{
Name = 'Audit Policy Change'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# CceId: CCE-37853-9
# DataSource: Audit Policy
# Ensure 'Audit IPsec Driver' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit IPsec Driver (Failure)' {
Name = 'IPsec Driver'
Ensure = 'Present'
AuditFlag = 'Failure'
}
AuditPolicySubcategory 'Audit IPsec Driver (Success)' {
Name = 'IPsec Driver'
Ensure = 'Present'
AuditFlag = 'Success'
}
# CceId: CCE-38030-3
# DataSource: Audit Policy
# Ensure 'Audit Other System Events' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit Other System Events (Failure)'
{
Name = 'Other System Events'
AuditFlag = 'Failure'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Other System Events (Success)'
{
Name = 'Other System Events'
AuditFlag = 'Success'
Ensure = 'Present'
}
# CceId: CCE-36322-6
# DataSource: Audit Policy
# Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Failure)' {
Name = 'Other Logon/Logoff Events'
Ensure = 'Present'
AuditFlag = 'Failure'
}
AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Success)' {
Name = 'Other Logon/Logoff Events'
Ensure = 'Present'
AuditFlag = 'Success'
}
# CceId: CCE-36144-4
# DataSource: Audit Policy
# Ensure 'Audit Security System Extension' is set to 'Success'
AuditPolicySubcategory 'Audit Security System Extension (Success)'
{
Name = 'Security System Extension'
AuditFlag = 'Success'
Ensure = 'Present'
}
# CceId: CCE-37133-6
# DataSource: Audit Policy
# Ensure 'Audit Account Lockout' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit Account Lockout (Success)' {
Name = 'Account Lockout'
Ensure = 'Present'
AuditFlag = 'Success'
}
AuditPolicySubcategory 'Audit Account Lockout (Failure)' {
Name = 'Account Lockout'
Ensure = 'Present'
AuditFlag = 'Failure'
}
# CceId: CCE-36320-0
# DataSource: Audit Policy
# Ensure 'Audit Authorization Policy Change' is set to 'Success'
AuditPolicySubcategory 'Audit Authorization Policy Change (Success)' {
Name = 'Authorization Policy Change'
Ensure = 'Present'
AuditFlag = 'Success'
}
AuditPolicySubcategory 'Audit Authorization Policy Change (Failure)' {
Name = 'Authorization Policy Change'
Ensure = 'Absent'
AuditFlag = 'Failure'
}
# CceId: CCE-37132-8
# DataSource: Audit Policy
# Ensure 'Audit System Integrity' is set to 'Success'
AuditPolicySubcategory 'Audit System Integrity (Failure)'
{
Name = 'System Integrity'
AuditFlag = 'Failure'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit System Integrity (Success)'
{
Name = 'System Integrity'
AuditFlag = 'Success'
Ensure = 'Present'
}
# CceId: CCE-36267-3
# DataSource: Audit Policy
# Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'
AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure)' {
Name = 'Sensitive Privilege Use'
Ensure = 'Present'
AuditFlag = 'Failure'
}
AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success)' {
Name = 'Sensitive Privilege Use'
Ensure = 'Present'
AuditFlag = 'Success'
}
# Control no: AZ-WIN-00108
# DataSource: Audit Policy
# Audit IPsec Extended Mode
AuditPolicySubcategory 'Audit IPsec Extended Mode (Success)'
{
Name = 'IPsec Extended Mode'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit IPsec Extended Mode (Failure)'
{
Name = 'IPsec Extended Mode'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00100
# DataSource: Audit Policy
# Audit Detailed File Share
AuditPolicySubcategory 'Audit Detailed File Share (Success)'
{
Name = 'Detailed File Share'
AuditFlag = 'Success'
Ensure = 'Present'
}
# Control no: AZ-WIN-00105
# DataSource: Audit Policy
# Audit Filtering Platform Packet Drop
AuditPolicySubcategory 'Audit Filtering Platform Packet Drop (Success)'
{
Name = 'Filtering Platform Packet Drop'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Filtering Platform Packet Drop (Failure)'
{
Name = 'Filtering Platform Packet Drop'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00111
# DataSource: Audit Policy
# Audit MPSSVC Rule-Level Policy Change
AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Success)'
{
Name = 'MPSSVC Rule-Level Policy Change'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Failure)'
{
Name = 'MPSSVC Rule-Level Policy Change'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# Control no: AZ-WIN-00110
# DataSource: Audit Policy
# Audit Kernel Object
AuditPolicySubcategory 'Audit Kernel Object (Success)'
{
Name = 'Kernel Object'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Kernel Object (Failure)'
{
Name = 'Kernel Object'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# Control no: AZ-WIN-00003
# DataSource: Audit Policy
# Audit IPsec Main Mode
AuditPolicySubcategory 'Audit IPsec Main Mode (Success)'
{
Name = 'IPsec Main Mode'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit IPsec Main Mode (Failure)'
{
Name = 'IPsec Main Mode'
AuditFlag = 'Failure'
}
# Control no: AZ-WIN-00102
# DataSource: Audit Policy
# Audit File Share
AuditPolicySubcategory 'Audit File Share (Success)'
{
Name = 'File Share'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit File Share (Failure)'
{
Name = 'File Share'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# Control no: AZ-WIN-00102
# DataSource: Audit Policy
# Audit Other Object Access Events
AuditPolicySubcategory 'Audit Other Object Access Events (Success)'
{
Name = 'Other Object Access Events'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Other Object Access Events (Failure)'
{
Name = 'Other Object Access Events'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# Control no: AZ-WIN-00109
# DataSource: Audit Policy
# Audit IPsec Quick Mode
AuditPolicySubcategory 'Audit IPsec Quick Mode (Success)'
{
Name = 'IPsec Quick Mode'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit IPsec Quick Mode (Failure)'
{
Name = 'IPsec Quick Mode'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00106
# DataSource: Audit Policy
# Audit Filtering Platform Policy Change
AuditPolicySubcategory 'Audit Filtering Platform Policy Change (Success)'
{
Name = 'Filtering Platform Policy Change'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Filtering Platform Policy Change (Failure)'
{
Name = 'Filtering Platform Policy Change'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00107
# DataSource: Audit Policy
# Audit Handle Manipulation
AuditPolicySubcategory 'Audit Handle Manipulation (Success)'
{
Name = 'Handle Manipulation'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Handle Manipulation (Failure)'
{
Name = 'Handle Manipulation'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00096
# DataSource: Audit Policy
# Audit Network Policy Server
AuditPolicySubcategory 'Audit Network Policy Server (Success)'
{
Name = 'Network Policy Server'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Network Policy Server (Failure)'
{
Name = 'Network Policy Server'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00006
# DataSource: Audit Policy
# Audit Other Account Logon Events
AuditPolicySubcategory "Audit Other Account Logon Events (Success)"
{
Name = 'Other Account Logon Events'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Other Account Logon Events (Failure)'
{
Name = 'Other Account Logon Events'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# Control no: AZ-WIN-00104
# DataSource: Audit Policy
# Audit Filtering Platform Connection
AuditPolicySubcategory 'Audit Filtering Platform Connection (Success)'
{
Name = 'Filtering Platform Connection'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Filtering Platform Connection (Failure)'
{
Name = 'Filtering Platform Connection'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00099
# DataSource: Audit Policy
# Audit Application Generated
AuditPolicySubcategory 'Audit Application Generated (Success)'
{
Name = 'Application Generated'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Application Generated (Failure)'
{
Name = 'Application Generated'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# Control no: AZ-WIN-00101
# DataSource: Audit Policy
# Audit DPAPI Activity
AuditPolicySubcategory 'Audit DPAPI Activity (Success)'
{
Name = 'DPAPI Activity'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit DPAPI Activity (Failure)'
{
Name = 'DPAPI Activity'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00103
# DataSource: Audit Policy
# Audit File System
AuditPolicySubcategory 'Audit File System (Success)'
{
Name = 'File System'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit File System (Failure)'
{
Name = 'File System'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# Control no: AZ-WIN-00009
# DataSource: Audit Policy
# Audit Process Termination
AuditPolicySubcategory 'Audit Process Termination (Success)'
{
Name = 'Process Termination'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit Process Termination (Failure)'
{
Name = 'Process Termination'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# Control no: AZ-WIN-00117
# DataSource: Audit Policy
# Audit SAM
AuditPolicySubcategory 'Audit SAM (Success)'
{
Name = 'SAM'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit SAM (Failure)'
{
Name = 'SAM'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00115
# DataSource: Audit Policy
# Audit Registry
AuditPolicySubcategory 'Audit Registry (Success)'
{
Name = 'Registry'
AuditFlag = 'Success'
Ensure = 'Present'
}
# Control no: AZ-WIN-00114
# DataSource: Audit Policy
# Audit Other Policy Change Events
AuditPolicySubcategory 'Audit Other Policy Change Events (Success)'
{
Name = 'Other Policy Change Events'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Other Policy Change Events (Failure)'
{
Name = 'Other Policy Change Events'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00097
# DataSource: Audit Policy
# Audit Other Privilege Use Events
AuditPolicySubcategory 'Audit Other Privilege Use Events (Success)'
{
Name = 'Other Privilege Use Events'
AuditFlag = 'Success'
Ensure = 'Absent'
}
AuditPolicySubcategory 'Audit Other Privilege Use Events (Failure)'
{
Name = 'Other Privilege Use Events'
AuditFlag = 'Failure'
Ensure = 'Absent'
}
# Control no: AZ-WIN-00116
# DataSource: Audit Policy
# Audit RPC Events
AuditPolicySubcategory 'Audit RPC Events (Success)'
{
Name = 'RPC Events'
AuditFlag = 'Success'
Ensure = 'Present'
}
AuditPolicySubcategory 'Audit RPC Events (Failure)'
{
Name = 'RPC Events'
AuditFlag = 'Failure'
Ensure = 'Present'
}
# Control no: AZ-WIN-00026
# DataSource: Audit Policy
# Ensure 'Audit Group Membership' is set to 'Success'
AuditPolicySubcategory 'Audit Group Membership (Success)'
{
Name = 'Group Membership'
AuditFlag = 'Success'
Ensure = 'Present'
}
# Control no: AZ-WIN-00168
# DataSource: Registry Policy
# Ensure 'Allow Input Personalization' is set to 'Disabled'
Registry 'AllowInputPersonalization' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\InputPersonalization'
ValueName = 'AllowInputPersonalization'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00175
# DataSource: Registry Policy
# Disable SMB v1 server
Registry 'SMB1' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters'
ValueName = 'SMB1'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00176
# DataSource: Registry Policy
# Disable Windows Search Service
Registry 'Start' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wsearch'
ValueName = 'Start'
ValueType = 'DWord'
ValueData = '4'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00171
# DataSource: Registry Policy
# Ensure 'Enable insecure guest logons' is set to 'Disabled'
Registry 'AllowInsecureGuestAuth' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation'
ValueName = 'AllowInsecureGuestAuth'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-38002-2
# DataSource: Registry Policy
# Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'
Registry 'NC_AllowNetBridge_NLA' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections'
ValueName = 'NC_AllowNetBridge_NLA'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00172
# DataSource: Registry Policy
# Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
Registry 'NC_PersonalFirewallConfig' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections'
ValueName = 'NC_PersonalFirewallConfig'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36169-1
# DataSource: Registry Policy
# Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'
Registry 'NoBackgroundPolicy' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GroupPolicy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
ValueName = 'NoBackgroundPolicy'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36169-1
# DataSource: Registry Policy
# Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'
Registry 'NoGPOListChanges' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GroupPolicy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
ValueName = 'NoGPOListChanges'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00170
# DataSource: Registry Policy
# Ensure 'Continue experiences on this device' is set to 'Disabled'
Registry 'EnableCdp' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System'
ValueName = 'EnableCdp'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# DataSource: Registry Policy
# Enable Windows Error Reporting
Registry 'Disabled2' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting'
ValueName = 'Disabled'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-37528-7
# DataSource: Registry Policy
# Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'
Registry 'AllowDomainPINLogon' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System'
ValueName = 'AllowDomainPINLogon'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36388-7
# DataSource: Registry Policy
# Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'
Registry 'fAllowUnsolicited' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
ValueName = 'fAllowUnsolicited'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-37281-3
# DataSource: Registry Policy
# Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'
Registry 'fAllowToGetHelp' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
ValueName = 'fAllowToGetHelp'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-37838-0
# DataSource: Registry Policy
# Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'
Registry 'DontEnumerateConnectedUsers' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System'
ValueName = 'DontEnumerateConnectedUsers'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-35894-5
# DataSource: Registry Policy
# Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'
Registry 'EnumerateLocalUsers' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System'
ValueName = 'EnumerateLocalUsers'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00181
# DataSource: Registry Policy
# Shutdown: Clear virtual memory pagefile
Registry 'ClearPageFileAtShutdown' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management'
ValueName = 'ClearPageFileAtShutdown'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36512-2
# DataSource: Registry Policy
# Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'
Registry 'EnumerateAdministrators' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI'
ValueName = 'EnumerateAdministrators'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00169
# DataSource: Registry Policy
# Ensure 'Allow Telemetry' is set to 'Enabled: 0 - Security [Enterprise Only]'
Registry 'AllowTelemetry' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection'
ValueName = 'AllowTelemetry'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-37809-1
# DataSource: Registry Policy
# Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'
Registry 'NoDataExecutionPrevention' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer'
ValueName = 'NoDataExecutionPrevention'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36660-9
# DataSource: Registry Policy
# Ensure 'Turn off heap termination on corruption' is set to 'Disabled'
Registry 'NoHeapTerminationOnCorruption' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer'
ValueName = 'NoHeapTerminationOnCorruption'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36809-2
# DataSource: Registry Policy
# Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'
Registry 'PreXPSP2ShellProtocolBehavior' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
ValueName = 'PreXPSP2ShellProtocolBehavior'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-38277-0
# DataSource: Registry Policy
# Ensure 'Allow indexing of encrypted files' is set to 'Disabled'
Registry 'AllowIndexingEncryptedStoresOrItems' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsSearch'
ValueName = 'AllowIndexingEncryptedStoresOrItems'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00173
# DataSource: Registry Policy
# Disable 'Configure local setting override for reporting to Microsoft MAPS'
Registry 'LocalSettingOverrideSpynetReporting' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\SpyNet'
ValueName = 'LocalSettingOverrideSpynetReporting'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00178
# DataSource: Registry Policy
# Enable 'Turn on behavior monitoring'
Registry 'DisableBehaviorMonitoring' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection'
ValueName = 'DisableBehaviorMonitoring'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: NOT_ASSIGNED
# Control no: AZ-WIN-00177
# DataSource: Registry Policy
# Enable 'Scan removable drives' by setting DisableRemovableDriveScanning to 0
Registry 'DisableRemovableDriveScanning' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Scan'
ValueName = 'DisableRemovableDriveScanning'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36400-0
# DataSource: Registry Policy
# Ensure 'Allow user control over installs' is set to 'Disabled'
Registry 'EnableUserControl' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer'
ValueName = 'EnableUserControl'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36977-7
# DataSource: Registry Policy
# Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'
Registry 'DisableAutomaticRestartSignOn' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
ValueName = 'DisableAutomaticRestartSignOn'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-36254-1
# DataSource: Registry Policy
# Ensure 'Allow Basic authentication' is set to 'Disabled'
Registry 'AllowBasic' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client'
ValueName = 'AllowBasic'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-38223-4
# DataSource: Registry Policy
# Ensure 'Allow unencrypted traffic' is set to 'Disabled'
Registry 'AllowUnencryptedTraffic' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client'
ValueName = 'AllowUnencryptedTraffic'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-38318-2
# DataSource: Registry Policy
# Ensure 'Disallow Digest authentication' is set to 'Enabled'
Registry 'AllowDigest' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client'
ValueName = 'AllowDigest'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-37490-0
# DataSource: Registry Policy
# Ensure 'Always install with elevated privileges' is set to 'Disabled'
Registry 'AlwaysInstallElevated' {
Ensure = 'Present'
Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer'
ValueName = 'AlwaysInstallElevated'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-38354-7
# DataSource: Registry Policy
# Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'
Registry 'MSAOptional' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
ValueName = 'MSAOptional'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-38353-9
# DataSource: Registry Policy
# Ensure 'Do not display network selection UI' is set to 'Enabled'
Registry 'DontDisplayNetworkSelectionUI' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System'
ValueName = 'DontDisplayNetworkSelectionUI'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-38347-1
# DataSource: Registry Policy
# Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'
Registry 'NoLockScreenCamera' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization'
ValueName = 'NoLockScreenCamera'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-35893-7
# DataSource: Registry Policy
# Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'
Registry 'DisableLockScreenAppNotifications' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System'
ValueName = 'DisableLockScreenAppNotifications'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-38348-9
# DataSource: Registry Policy
# Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'
Registry 'NoLockScreenSlideshow' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization'
ValueName = 'NoLockScreenSlideshow'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-38338-0
# DataSource: Registry Policy
# Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'
Registry 'fMinimizeConnections' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy'
ValueName = 'fMinimizeConnections'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-38276-2
# DataSource: Registry Policy
# Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'
Registry 'RetentionSetupLog' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup'
ValueName = 'Retention'
ValueType = 'String'
ValueData = '0'
}
# CceId: CCE-38217-6
# DataSource: Registry Policy
# Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'
Registry 'NoAutorun' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'
ValueName = 'NoAutorun'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-38180-6
# DataSource: Registry Policy
# Ensure 'Do not use temporary folders per session' is set to 'Disabled'
Registry 'PerSessionTempDir' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
ValueName = 'PerSessionTempDir'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-37946-1
# DataSource: Registry Policy
# Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'
Registry 'DeleteTempDirsOnExit' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
ValueName = 'DeleteTempDirsOnExit'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-37929-7
# DataSource: Registry Policy
# Ensure 'Always prompt for password upon connection' is set to 'Enabled'
Registry 'fPromptForPassword' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
ValueName = 'fPromptForPassword'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-37912-3
# DataSource: Registry Policy
# Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'
Registry 'DriverLoadPolicy' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch'
ValueName = 'DriverLoadPolicy'
ValueType = 'DWord'
ValueData = '3'
}
# CceId: CCE-37775-4
# DataSource: Registry Policy
# Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'
Registry 'RetentionApplicationLog' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application'
ValueName = 'Retention'
ValueType = 'String'
ValueData = '0'
}
# CceId: CCE-36925-6
# DataSource: Registry Policy
# Ensure 'Include command line in process creation events' is set to 'Disabled'
Registry 'ProcessCreationIncludeCmdLine_Enabled' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit'
ValueName = 'ProcessCreationIncludeCmdLine_Enabled'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-37636-8
# DataSource: Registry Policy
# Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'
Registry 'NoAutoplayfornonVolume' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer'
ValueName = 'NoAutoplayfornonVolume'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-36000-8
# DataSource: Registry Policy
# Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'
Registry 'DisableRunAs' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service'
ValueName = 'DisableRunAs'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-35859-8
# DataSource: Registry Policy
# Ensure 'Configure Windows SmartScreen' is set to 'Enabled'
Registry 'EnableSmartScreen' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System'
ValueName = 'EnableSmartScreen'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-36254-1
# DataSource: Registry Policy
# Ensure 'Allow Basic authentication' is set to 'Disabled'
Registry 'AllowBasic1' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service'
ValueName = 'AllowBasic'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-37126-0
# DataSource: Registry Policy
# Ensure 'Prevent downloading of enclosures' is set to 'Enabled'
Registry 'DisableEnclosureDownload' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds'
ValueName = 'DisableEnclosureDownload'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-37534-5
# DataSource: Registry Policy
# Ensure 'Do not display the password reveal button' is set to 'Enabled'
Registry 'DisablePasswordReveal' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredUI'
ValueName = 'DisablePasswordReveal'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-36223-6
# DataSource: Registry Policy
# Ensure 'Do not allow passwords to be saved' is set to 'Enabled'
Registry 'DisablePasswordSaving' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
ValueName = 'DisablePasswordSaving'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-37567-5
# DataSource: Registry Policy
# Ensure 'Require secure RPC communication' is set to 'Enabled'
Registry 'fEncryptRPCTraffic' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
ValueName = 'fEncryptRPCTraffic'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-36625-2
# DataSource: Registry Policy
# Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'
Registry 'DisableWebPnPDownload' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\Printers'
ValueName = 'DisableWebPnPDownload'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36160-0
# DataSource: Registry Policy
# Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'
Registry 'RetentionSystemLog' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System'
ValueName = 'Retention'
ValueType = 'String'
ValueData = '0'
}
# CceId: CCE-36627-8
# DataSource: Registry Policy
# Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'
Registry 'MinEncryptionLevel' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
ValueName = 'MinEncryptionLevel'
ValueType = 'DWord'
ValueData = '3'
}
# CceId: CCE-37695-4
# DataSource: Registry Policy
# Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'
Registry 'MaxSizeSecurityLog' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security'
ValueName = 'MaxSize'
ValueType = 'DWord'
ValueData = '196608'
}
# CceId: CCE-37621-0
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'
Registry 'DisableNotificationsPrivate' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile'
ValueName = 'DisableNotifications'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-36092-5
# DataSource: Registry Policy
# Ensure 'System Minimum session security for NTLM SSP based (including secure RPC) clients: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'
Registry 'MaxSizeSystemLog' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System'
ValueName = 'MaxSize'
ValueType = 'DWord'
ValueData = '32768'
}
# CceId: CCE-37526-1
# DataSource: Registry Policy
# Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'
Registry 'MaxSizeSetupLog' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup'
ValueName = 'MaxSize'
ValueType = 'DWord'
ValueData = '32768'
}
# CceId: CCE-37145-0
# DataSource: Registry Policy
# Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'
Registry 'RetentionSecurityLog' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security'
ValueName = 'Retention'
ValueType = 'String'
ValueData = '0'
}
# CceId: CCE-36875-3
# DataSource: Registry Policy
# Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'
Registry 'NoDriveTypeAutoRun' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'
ValueName = 'NoDriveTypeAutoRun'
ValueType = 'DWord'
ValueData = '255'
}
# CceId: CCE-37346-4
# DataSource: Registry Policy
# Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' (MS only)
Registry 'EnableAuthEpResolution' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc'
ValueName = 'EnableAuthEpResolution'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00152
# DataSource: Registry Policy
# Specify the interval to check for definition updates
Registry 'SignatureUpdateInterval' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates'
ValueName = 'SignatureUpdateInterval'
ValueType = 'DWord'
ValueData = '8'
}
# Control no: AZ-WIN-00133
# DataSource: Registry Policy
# Ensure 'Allow search and Cortana to use location' is set to 'Disabled'
Registry 'AllowSearchToUseLocation' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search'
ValueName = 'AllowSearchToUseLocation'
ValueType = 'DWord'
ValueData = '0'
}
# Control no: AZ-WIN-00130
# DataSource: Registry Policy
# Ensure 'Allow Cortana above lock screen' is set to 'Disabled'
Registry 'AllowCortanaAboveLock' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search'
ValueName = 'AllowCortanaAboveLock'
ValueType = 'DWord'
ValueData = '0'
}
# Control no: AZ-WIN-00131
# DataSource: Registry Policy
# Ensure 'Allow Cortana' is set to 'Disabled'
Registry 'AllowCortana' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search'
ValueName = 'AllowCortana'
ValueType = 'DWord'
ValueData = '0'
}
# Control no: AZ-WIN-00140
# DataSource: Registry Policy
# Ensure 'Do not show feedback notifications' is set to 'Enabled'
Registry 'DoNotShowFeedbackNotifications' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection'
ValueName = 'DoNotShowFeedbackNotifications'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-37843-0
# DataSource: Registry Policy
# Ensure 'Enable Windows NTP Client' is set to 'Enabled'
Registry 'NTPClientEnabled' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient'
ValueName = 'Enabled'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00126
# DataSource: Registry Policy
# Enable 'Send file samples when further analysis is required' for 'Send Safe Samples'
Registry 'SubmitSamplesConsent' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet'
ValueName = 'SubmitSamplesConsent'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00138
# DataSource: Registry Policy
# Ensure 'Block user from showing account details on sign-in' is set to 'Enabled'
Registry 'BlockUserFromShowingAccountDetailsOnSignin' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System'
ValueName = 'BlockUserFromShowingAccountDetailsOnSignin'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00120
# DataSource: Registry Policy
# Devices: Allow undock without having to log on
Registry 'UndockWithoutLogon' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'
ValueName = 'UndockWithoutLogon'
ValueType = 'DWord'
ValueData = '0'
}
# Control no: AZ-WIN-00156
# DataSource: Registry Policy
# Detect change from default RDP port
Registry 'PortNumber' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'
ValueName = 'PortNumber'
ValueType = 'DWord'
ValueData = '3389'
}
# CceId: CCE-37860-4
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes (default)'
Registry 'AllowLocalPolicyMergeDomain' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile'
ValueName = 'AllowLocalPolicyMerge'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-37438-9
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes (default)'
Registry 'AllowLocalPolicyMergePrivate' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile'
ValueName = 'AllowLocalPolicyMerge'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00090
# DataSource: Registry Policy
# Windows Firewall: Public: Allow unicast response
Registry 'DisableUnicastResponsesToMulticastBroadcastPublic' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile'
ValueName = 'DisableUnicastResponsesToMulticastBroadcast'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00144
# DataSource: Registry Policy
# Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'
Registry 'DisableWindowsConsumerFeatures' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent'
ValueName = 'DisableWindowsConsumerFeatures'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-37163-3
# DataSource: Registry Policy
# Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'
Registry 'ExitOnMSICW' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard'
ValueName = 'ExitOnMSICW'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00149
# DataSource: Registry Policy
# Require user authentication for remote connections by using Network Level Authentication
Registry 'UserAuthentication' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
ValueName = 'UserAuthentication'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00155
# DataSource: Registry Policy
# System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies
Registry 'AuthenticodeEnabled' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers'
ValueName = 'AuthenticodeEnabled'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-38043-6
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes'
Registry 'DisableNotificationsPublic' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile'
ValueName = 'DisableNotifications'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-38041-0
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'
Registry 'DisableNotificationsDomain' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile'
ValueName = 'DisableNotifications'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-36062-8
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'
Registry 'EnableFirewallDomain' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile'
ValueName = 'EnableFirewall'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-36146-9
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'
Registry 'DefaultOutboundActionDomain' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile'
ValueName = 'DefaultOutboundAction'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-38040-2
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes (default)'
Registry 'AllowLocalIPsecPolicyMergeDomain' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile'
ValueName = 'AllowLocalIPsecPolicyMerge'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00088
# DataSource: Registry Policy
# Windows Firewall: Domain: Allow unicast response
Registry 'DisableUnicastResponsesToMulticastBroadcastDomain' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile'
ValueName = 'DisableUnicastResponsesToMulticastBroadcast'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-38332-3
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'
Registry 'DefaultOutboundActionPrivate' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile'
ValueName = 'DefaultOutboundAction'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-38239-0
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'
Registry 'EnableFirewallPrivate' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile'
ValueName = 'EnableFirewall'
ValueType = 'DWord'
ValueData = '1'
}
# CceId: CCE-36063-6
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes (default)'
Registry 'AllowLocalIPsecPolicyMergePrivate' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile'
ValueName = 'AllowLocalIPsecPolicyMerge'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: AZ-WIN-00089
# DataSource: Registry Policy
# Windows Firewall: Private: Allow unicast response
Registry 'DisableUnicastResponsesToMulticastBroadcastPrivate' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile'
ValueName = 'DisableUnicastResponsesToMulticastBroadcast'
ValueType = 'DWord'
ValueData = '0'
}
<# CceId: CCE-37861-2
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'
Registry 'AllowLocalPolicyMerge' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'
ValueName = 'AllowLocalPolicyMerge'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-36268-1
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'
Registry 'AllowLocalIPsecPolicyMerge' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'
ValueName = 'AllowLocalIPsecPolicyMerge'
ValueType = 'DWord'
ValueData = '0'
}
# CceId: CCE-37434-8
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)'
Registry 'DefaultOutboundActionPublic' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'
ValueName = 'DefaultOutboundAction'
ValueType = 'DWord'
ValueData = '0'
}#>
# CceId: CCE-37862-0
# DataSource: Registry Policy
# Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'
Registry 'EnableFirewallPublic' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'
ValueName = 'EnableFirewall'
ValueType = 'DWord'
ValueData = '1'
}
# Control no: CCE-37948-7
# DataSource: Registry Policy
# Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'
Registry 'MaxSizeApplication' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application'
ValueName = 'MaxSize'
ValueType = 'DWord'
ValueData = '32768'
}
# Control no: AZ-WIN-00145
# DataSource: Registry Policy
# Ensure 'Turn off multicast name resolution' is set to 'Disabled'
Registry 'EnableMulticast' {
Ensure = 'Present'
Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient'
ValueName = 'EnableMulticast'
ValueType = 'DWord'
ValueData = '1'
}
}
}
HT-WindowsServer2016