MyModule20231001.psm1
|
# hidden [string] $DocumentId = '093A0A40-31EE-40C6-867B-98A4456662B6' # hidden [string] $DocumentContext = 'device' # hidden [string] $DocumentSchemaVersion = '1.0' # # hidden [string] $ScenarioName = 'SecuredCore' # hidden [string] $ScenarioSchemaVersion = '1.0' class SecuredCore { [nullable[int]]$EnableVirtualizationBasedSecurity [nullable[int]]$HypervisorEnforcedCodeIntegrity [nullable[int]]$ConfigureSystemGuardLaunch } class WindowsServer2025SecurityBaseline_InteractiveLogon { [nullable[int]]$DoNotRequireCTRLALTDEL [nullable[int]]$DoNotDisplayLastSignedIn [nullable[int]]$RequireDomainControllerAuthenticationToUnlock } class WindowsServer2025SecurityBaseline_DomainMember { [nullable[int]]$DigitallyEncryptOrSignSecureChannelDataAlways [nullable[int]]$DigitallyEncryptSecureChannelDataWhenPossible [nullable[int]]$DigitallySignSecureChannelDataWhenPossible [nullable[int]]$RequireStrongSessionKey } class WindowsServer2025SecurityBaseline { [WindowsServer2025SecurityBaseline_InteractiveLogon]$InteractiveLogon [WindowsServer2025SecurityBaseline_DomainMember]$DomainMember } $SecuredCoreCache = [SecuredCore]::new() $WindowsServer2025SecurityBaselineCache = [WindowsServer2025SecurityBaseline]::new() $WindowsServer2025SecurityBaselineCache.InteractiveLogon = [WindowsServer2025SecurityBaseline_InteractiveLogon]::new() $WindowsServer2025SecurityBaselineCache.DomainMember = [WindowsServer2025SecurityBaseline_DomainMember]::new() function Get-OSConfigSetting { param( [Parameter(Mandatory)] [ValidateSet('SecuredCore','SecurityBaseline/WindowsServer2025','SecurityBaseline/AzureStackHCI')] [string]$Scenario, [Parameter(Mandatory)] [ArgumentCompleter( { param($Command, $Parameter, $WordToComplete, $CommandAst, $FakeBoundParams) $Next = $False foreach ($CommandElement in $CommandAst.CommandElements) { if ($Next) { if ($CommandElement.ToString() -eq "SecuredCore") { echo 'EnableVirtualizationBasedSecurity' echo 'HypervisorEnforcedCodeIntegrity' echo 'ConfigureSystemGuardLaunch' } elseif (($CommandElement.ToString() -eq "SecurityBaseline/WindowsServer2025") -or ($CommandElement.ToString() -eq "SecurityBaseline/AzureStackHCI")) { echo 'InteractiveLogon/DoNotRequireCTRLALTDEL' echo 'InteractiveLogon/DoNotDisplayLastSignedIn' echo 'InteractiveLogon/RequireDomainControllerAuthenticationToUnlock' echo 'DomainMember/DigitallyEncryptOrSignSecureChannelDataAlways' echo 'DomainMember/DigitallyEncryptSecureChannelDataWhenPossible' echo 'DomainMember/DigitallySignSecureChannelDataWhenPossible' echo 'DomainMember/RequireStrongSessionKey' } break } if ($CommandElement.ToString() -eq "-Scenario") { $Next = $True continue } } } )] [string]$Name ) if ($Scenario -eq "SecuredCore") { $Cache = $SecuredCoreCache } elseif ($Scenario -eq "SecurityBaseline/WindowsServer2025") { $Cache = $WindowsServer2025SecurityBaselineCache } elseif ($Scenario -eq "SecurityBaseline/AzureStackHCI") { $Cache = $WindowsServer2025SecurityBaselineCache } $Children = $Name.Split("/") foreach ($Child in $Children) { $Cache = $Cache.$Child } $Cache } function Set-OSConfigSetting { param( [Parameter(Mandatory)] [ValidateSet('SecuredCore','SecurityBaseline/WindowsServer2025','SecurityBaseline/AzureStackHCI')] [string]$Scenario, [Parameter(Mandatory)] [ArgumentCompleter( { param($Command, $Parameter, $WordToComplete, $CommandAst, $FakeBoundParams) $Next = $False foreach ($CommandElement in $CommandAst.CommandElements) { if ($Next) { if ($CommandElement.ToString() -eq "SecuredCore") { echo 'EnableVirtualizationBasedSecurity' echo 'HypervisorEnforcedCodeIntegrity' echo 'ConfigureSystemGuardLaunch' } elseif (($CommandElement.ToString() -eq "SecurityBaseline/WindowsServer2025") -or ($CommandElement.ToString() -eq "SecurityBaseline/AzureStackHCI")) { echo 'InteractiveLogon/DoNotRequireCTRLALTDEL' echo 'InteractiveLogon/DoNotDisplayLastSignedIn' echo 'InteractiveLogon/RequireDomainControllerAuthenticationToUnlock' echo 'DomainMember/DigitallyEncryptOrSignSecureChannelDataAlways' echo 'DomainMember/DigitallyEncryptSecureChannelDataWhenPossible' echo 'DomainMember/DigitallySignSecureChannelDataWhenPossible' echo 'DomainMember/RequireStrongSessionKey' } break } if ($CommandElement.ToString() -eq "-Scenario") { $Next = $True continue } } } )] [string]$Name, [Parameter(Mandatory)] [string]$Value ) if ($Scenario -eq "SecuredCore") { $Cache = $SecuredCoreCache } elseif ($Scenario -eq "SecurityBaseline/WindowsServer2025") { $Cache = $WindowsServer2025SecurityBaselineCache } elseif ($Scenario -eq "SecurityBaseline/AzureStackHCI") { $Cache = $WindowsServer2025SecurityBaselineCache } $Children = $Name.Split("/") foreach ($Child in $Children | Select-Object -SkipLast 1) { $Cache = $Cache.$Child } $Name = $Children | Select-Object -Last 1 $Cache.$Name = $Value } function Remove-OSConfigSetting { param( [Parameter(Mandatory)] [ValidateSet('SecuredCore','SecurityBaseline/WindowsServer2025','SecurityBaseline/AzureStackHCI')] [string]$Scenario, [Parameter(Mandatory)] [ArgumentCompleter( { param($Command, $Parameter, $WordToComplete, $CommandAst, $FakeBoundParams) $Next = $False foreach ($CommandElement in $CommandAst.CommandElements) { if ($Next) { if ($CommandElement.ToString() -eq "SecuredCore") { echo 'EnableVirtualizationBasedSecurity' echo 'HypervisorEnforcedCodeIntegrity' echo 'ConfigureSystemGuardLaunch' } elseif (($CommandElement.ToString() -eq "SecurityBaseline/WindowsServer2025") -or ($CommandElement.ToString() -eq "SecurityBaseline/AzureStackHCI")) { echo 'InteractiveLogon/DoNotRequireCTRLALTDEL' echo 'InteractiveLogon/DoNotDisplayLastSignedIn' echo 'InteractiveLogon/RequireDomainControllerAuthenticationToUnlock' echo 'DomainMember/DigitallyEncryptOrSignSecureChannelDataAlways' echo 'DomainMember/DigitallyEncryptSecureChannelDataWhenPossible' echo 'DomainMember/DigitallySignSecureChannelDataWhenPossible' echo 'DomainMember/RequireStrongSessionKey' } break } if ($CommandElement.ToString() -eq "-Scenario") { $Next = $True continue } } } )] [string]$Name ) if ($Scenario -eq "SecuredCore") { $Cache = $SecuredCoreCache } elseif ($Scenario -eq "SecurityBaseline/WindowsServer2025") { $Cache = $WindowsServer2025SecurityBaselineCache } elseif ($Scenario -eq "SecurityBaseline/AzureStackHCI") { $Cache = $WindowsServer2025SecurityBaselineCache } $Children = $Name.Split("/") foreach ($Child in $Children | Select-Object -SkipLast 1) { $Cache = $Cache.$Child } $Name = $Children | Select-Object -Last 1 $Cache.$Name = $null } # $manifest = @{ # Path = '.\MyModule20231001.psd1' # RootModule = 'MyModule20231001.psm1' # Author = 'Simon Jäger' # } |