DSCResources/SecurityBaselineConfiguration/SecurityBaselineConfiguration.schema.psm1
|
Configuration SecurityBaselineConfiguration { param( ) Import-DSCResource -ModuleName GPRegistryPolicyDsc Import-DSCResource -ModuleName AuditPolicyDSC Import-DSCResource -ModuleName SecurityPolicyDSC RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity' { ValueName = 'EnableVirtualizationBasedSecurity' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' } RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures' { ValueName = 'RequirePlatformSecurityFeatures' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' } RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity' { ValueName = 'HypervisorEnforcedCodeIntegrity' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' } RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired' { ValueName = 'HVCIMATRequired' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' } RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags' { ValueName = 'LsaCfgFlags' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' } RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch' { ValueName = 'ConfigureSystemGuardLaunch' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun' { ValueName = 'NoDriveTypeAutoRun' ValueData = 255 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun' { ValueName = 'NoAutorun' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn' { ValueName = 'DisableAutomaticRestartSignOn' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy' { ValueName = 'LocalAccountTokenFilterPolicy' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\AllowEncryptionOracle' { ValueName = 'AllowEncryptionOracle' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing' { ValueName = 'EnhancedAntiSpoofing' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Biometrics\FacialFeatures' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload' { ValueName = 'DisableEnclosureDownload' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds' { ValueName = 'AllowProtectedCreds' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize' { ValueName = 'MaxSize' ValueData = 32768 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize' { ValueName = 'MaxSize' ValueData = 196608 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize' { ValueName = 'MaxSize' ValueData = 32768 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\System' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume' { ValueName = 'NoAutoplayfornonVolume' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention' { ValueName = 'NoDataExecutionPrevention' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption' { ValueName = 'NoHeapTerminationOnCorruption' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' { ValueName = 'NoBackgroundPolicy' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' { ValueName = 'NoGPOListChanges' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated' { ValueName = 'AlwaysInstallElevated' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Installer' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl' { ValueName = 'EnableUserControl' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Installer' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Kernel DMA Protection\DeviceEnumerationPolicy' { ValueName = 'DeviceEnumerationPolicy' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Kernel DMA Protection' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' { ValueName = 'AllowInsecureGuestAuth' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\\*\SYSVOL' { ValueName = '\\*\SYSVOL' ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\\*\NETLOGON' { ValueName = '\\*\NETLOGON' ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenCamera' { ValueName = 'NoLockScreenCamera' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow' { ValueName = 'NoLockScreenSlideshow' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging' { ValueName = 'EnableScriptBlockLogging' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' } RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging' { ValueName = 'EnableScriptBlockInvocationLogging' ValueData = '' Ensure = 'Absent' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers' { ValueName = 'EnumerateLocalUsers' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen' { ValueName = 'EnableSmartScreen' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel' { ValueName = 'ShellSmartScreenLevel' ValueData = 'Block' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems' { ValueName = 'AllowIndexingEncryptedStoresOrItems' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\Windows Search' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic' { ValueName = 'AllowBasic' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic' { ValueName = 'AllowUnencryptedTraffic' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest' { ValueName = 'AllowDigest' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic' { ValueName = 'AllowBasic' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic' { ValueName = 'AllowUnencryptedTraffic' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs' { ValueName = 'DisableRunAs' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients' { ValueName = 'RestrictRemoteClients' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Rpc' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving' { ValueName = 'DisablePasswordSaving' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm' { ValueName = 'fDisableCdm' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword' { ValueName = 'fPromptForPassword' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic' { ValueName = 'fEncryptRPCTraffic' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel' { ValueName = 'MinEncryptionLevel' ValueData = 3 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PolicyVersion' { ValueName = 'PolicyVersion' ValueData = 538 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction' { ValueName = 'DefaultOutboundAction' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction' { ValueName = 'DefaultInboundAction' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall' { ValueName = 'EnableFirewall' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall' { ValueName = 'EnableFirewall' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction' { ValueName = 'DefaultInboundAction' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction' { ValueName = 'DefaultOutboundAction' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall' { ValueName = 'EnableFirewall' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction' { ValueName = 'DefaultOutboundAction' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction' { ValueName = 'DefaultInboundAction' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace\AllowWindowsInkWorkspace' { ValueName = 'AllowWindowsInkWorkspace' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft Services\AdmPwd\AdmPwdEnabled' { ValueName = 'AdmPwdEnabled' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft Services\AdmPwd' } RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential' { ValueName = 'UseLogonCredential' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' } RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation' { ValueName = 'DisableExceptionChainValidation' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel' } RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy' { ValueName = 'DriverLoadPolicy' ValueData = 3 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch' } RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1' { ValueName = 'SMB1' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' } RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start' { ValueName = 'Start' ValueData = 4 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10' } RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand' { ValueName = 'NoNameReleaseOnDemand' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters' } RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect' { ValueName = 'EnableICMPRedirect' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' } RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting' { ValueName = 'DisableIPSourceRouting' ValueData = 2 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' } RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting' { ValueName = 'DisableIPSourceRouting' ValueData = 2 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\PUAProtection' { ValueName = 'PUAProtection' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring' { ValueName = 'DisableBehaviorMonitoring' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\DisableRemovableDriveScanning' { ValueName = 'DisableRemovableDriveScanning' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Scan' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\DisableEmailScanning' { ValueName = 'DisableEmailScanning' ValueData = 0 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Scan' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent' { ValueName = 'SubmitSamplesConsent' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SpynetReporting' { ValueName = 'SpynetReporting' ValueData = 2 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ExploitGuard_ASR_Rules' { ValueName = 'ExploitGuard_ASR_Rules' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84' { ValueName = '75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3b576869-a4ec-4529-8536-b80a7769e899' { ValueName = '3b576869-a4ec-4529-8536-b80a7769e899' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d4f940ab-401b-4efc-aadc-ad5f3c50688a' { ValueName = 'd4f940ab-401b-4efc-aadc-ad5f3c50688a' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B' { ValueName = '92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5beb7efe-fd9a-4556-801d-275e5ffc04cc' { ValueName = '5beb7efe-fd9a-4556-801d-275e5ffc04cc' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d3e037e1-3eb8-44c8-a917-57927947596d' { ValueName = 'd3e037e1-3eb8-44c8-a917-57927947596d' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' { ValueName = 'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' { ValueName = '9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4' { ValueName = 'b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869' { ValueName = '26190899-1602-49e8-8b27-eb1d0a1ce869' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' { ValueName = '7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' ValueData = '1' ValueType = 'String' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' } RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection\EnableNetworkProtection' { ValueName = 'EnableNetworkProtection' ValueData = 1 ValueType = 'Dword' TargetType = 'ComputerConfiguration' Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection' } AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion' { Name = 'Credential Validation' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion' { Name = 'Credential Validation' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion' { Name = 'Security Group Management' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion' { Name = 'Security Group Management' Ensure = 'Absent' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion' { Name = 'User Account Management' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion' { Name = 'User Account Management' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion' { Name = 'Plug and Play Events' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion' { Name = 'Plug and Play Events' Ensure = 'Absent' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion' { Name = 'Process Creation' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion' { Name = 'Process Creation' Ensure = 'Absent' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion' { Name = 'Account Lockout' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion' { Name = 'Account Lockout' Ensure = 'Absent' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion' { Name = 'Group Membership' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion' { Name = 'Group Membership' Ensure = 'Absent' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Logon (Success) - Inclusion' { Name = 'Logon' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion' { Name = 'Logon' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Success) - Inclusion' { Name = 'Other Logon/Logoff Events' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Failure) - Inclusion' { Name = 'Other Logon/Logoff Events' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion' { Name = 'Special Logon' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion' { Name = 'Special Logon' Ensure = 'Absent' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Detailed File Share (Failure) - Inclusion' { Name = 'Detailed File Share' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Detailed File Share (Success) - Inclusion' { Name = 'Detailed File Share' Ensure = 'Absent' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit File Share (Success) - Inclusion' { Name = 'File Share' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit File Share (Failure) - Inclusion' { Name = 'File Share' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion' { Name = 'Other Object Access Events' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion' { Name = 'Other Object Access Events' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion' { Name = 'Removable Storage' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion' { Name = 'Removable Storage' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion' { Name = 'Audit Policy Change' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion' { Name = 'Audit Policy Change' Ensure = 'Absent' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion' { Name = 'Authentication Policy Change' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion' { Name = 'Authentication Policy Change' Ensure = 'Absent' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Success) - Inclusion' { Name = 'MPSSVC Rule-Level Policy Change' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Failure) - Inclusion' { Name = 'MPSSVC Rule-Level Policy Change' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Other Policy Change Events (Failure) - Inclusion' { Name = 'Other Policy Change Events' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Other Policy Change Events (Success) - Inclusion' { Name = 'Other Policy Change Events' Ensure = 'Absent' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion' { Name = 'Sensitive Privilege Use' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion' { Name = 'Sensitive Privilege Use' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion' { Name = 'Other System Events' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion' { Name = 'Other System Events' Ensure = 'Present' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion' { Name = 'Security State Change' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion' { Name = 'Security State Change' Ensure = 'Absent' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion' { Name = 'Security System Extension' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion' { Name = 'Security System Extension' Ensure = 'Absent' AuditFlag = 'Failure' } AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion' { Name = 'System Integrity' Ensure = 'Present' AuditFlag = 'Success' } AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion' { Name = 'System Integrity' Ensure = 'Present' AuditFlag = 'Failure' } AccountPolicy 'SecuritySetting(INF): ResetLockoutCount' { Reset_account_lockout_counter_after = 15 Name = 'Reset_account_lockout_counter_after' } AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge' { Minimum_Password_Age = 1 Name = 'Minimum_Password_Age' } AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge' { Name = 'Maximum_Password_Age' Maximum_Password_Age = 60 } AccountPolicy 'SecuritySetting(INF): LockoutBadCount' { Name = 'Account_lockout_threshold' Account_lockout_threshold = 10 } AccountPolicy 'SecuritySetting(INF): PasswordComplexity' { Name = 'Password_must_meet_complexity_requirements' Password_must_meet_complexity_requirements = 'Enabled' } AccountPolicy 'SecuritySetting(INF): LockoutDuration' { Name = 'Account_lockout_duration' Account_lockout_duration = 15 } AccountPolicy 'SecuritySetting(INF): PasswordHistorySize' { Name = 'Enforce_password_history' Enforce_password_history = 24 } AccountPolicy 'SecuritySetting(INF): ClearTextPassword' { Name = 'Store_passwords_using_reversible_encryption' Store_passwords_using_reversible_encryption = 'Disabled' } AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength' { Name = 'Minimum_Password_Length' Minimum_Password_Length = 14 } UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs' { Policy = 'Debug_programs' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system' { Policy = 'Force_shutdown_from_a_remote_system' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services' { Ensure = 'Absent' Policy = 'Deny_log_on_through_Remote_Desktop_Services' Force = $True Identity = @('*S-1-5-113') } UserRightsAssignment 'UserRightsAssignmet(INF): Allow_log_on_through_Remote_Desktop_Services' { Policy = 'Allow_log_on_through_Remote_Desktop_Services' Force = $True Identity = @("mfx_admin", "mfx_its", "mfx_dev") } UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory' { Policy = 'Lock_pages_in_memory' Force = $True Identity = @('') } UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects' { Policy = 'Take_ownership_of_files_or_other_objects' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller' { Policy = 'Access_Credential_Manager_as_a_trusted_caller' Force = $True Identity = @('') } UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories' { Policy = 'Back_up_files_and_directories' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers' { Policy = 'Load_and_unload_device_drivers' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication' { Policy = 'Impersonate_a_client_after_authentication' Force = $True Identity = @('*S-1-5-32-544', '*S-1-5-6', '*S-1-5-19', '*S-1-5-20') } UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile' { Policy = 'Create_a_pagefile' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values' { Policy = 'Modify_firmware_environment_values' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log' { Policy = 'Manage_auditing_and_security_log' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network' { Ensure = "Absent" Policy = 'Deny_access_to_this_computer_from_the_network' Force = $True Identity = @('*S-1-5-114') } UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process' { Policy = 'Profile_single_process' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects' { Policy = 'Create_global_objects' Force = $True Identity = @('*S-1-5-32-544', '*S-1-5-6', '*S-1-5-19', '*S-1-5-20') } UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system' { Policy = 'Act_as_part_of_the_operating_system' Force = $True Identity = @('') } UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories' { Policy = 'Restore_files_and_directories' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network' { Policy = 'Access_this_computer_from_the_network' Force = $True Identity = @('*S-1-5-32-544', '*S-1-5-11') } UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation' { Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation' Force = $True Identity = @('') } UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object' { Policy = 'Create_a_token_object' Force = $True Identity = @('') } UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects' { Policy = 'Create_permanent_shared_objects' Force = $True Identity = @('') } UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally' { Policy = 'Allow_log_on_locally' Force = $True Identity = @('*S-1-5-32-544') } UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks' { Policy = 'Perform_volume_maintenance_tasks' Force = $True Identity = @('*S-1-5-32-544') } SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup' { Name = 'Network_access_Allow_anonymous_SID_Name_translation' Network_access_Allow_anonymous_SID_Name_translation = 'Disabled' } SecurityOption 'SecuritySetting(INF): EnableGuestAccount' { Accounts_Guest_account_status = 'Disabled' Name = 'Accounts_Guest_account_status' } SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' { Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled' } SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' { Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled' } SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior' { Name = 'Interactive_logon_Smart_card_removal_behavior' Interactive_logon_Smart_card_removal_behavior = 'Lock workstation' } SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation' { User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled' Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation' } SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes' { Name = 'Domain_member_Disable_machine_account_password_changes' Domain_member_Disable_machine_account_password_changes = 'Disabled' } SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' { System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled' Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' } SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' { User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled' Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' } SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' { Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled' } SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' { Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked' Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' } SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' { Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request' } SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' { Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled' Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' } SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always' { Microsoft_network_client_Digitally_sign_communications_always = 'Enabled' Name = 'Microsoft_network_client_Digitally_sign_communications_always' } SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback' { Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback' Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled' } SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' { Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled' Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' } SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level' { Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM' Name = 'Network_security_LAN_Manager_authentication_level' } SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' { Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked' Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' } SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' { Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled' } SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' { Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop' } SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always' { Name = 'Microsoft_network_server_Digitally_sign_communications_always' Microsoft_network_server_Digitally_sign_communications_always = 'Enabled' } SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key' { Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key' Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled' } SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' { Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled' } SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible' { Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible' Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled' } SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements' { Name = 'Network_security_LDAP_client_signing_requirements' Network_security_LDAP_client_signing_requirements = 'Negotiate Signing' } SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age' { Name = 'Domain_member_Maximum_machine_account_password_age' Domain_member_Maximum_machine_account_password_age = '30' } SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' { Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled' } SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' { Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled' } SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' { Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' } SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' { Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled' } SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible' { Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled' Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible' } SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit' { Interactive_logon_Machine_inactivity_limit = '900' Name = 'Interactive_logon_Machine_inactivity_limit' } RefreshRegistryPolicy 'ActivateClientSideExtension' { IsSingleInstance = 'Yes' } } |