DSCResources/ooRegistry/ooRegistry.schema.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
Configuration ooRegistry {
    # Stop Windows from caching "not found" DNS requests (defaults at 15 minutes) because it slows down DSC WaitForX
    Registry 'DisableNegativeCacheTtl' {
        Ensure    = 'Present'
        Key       = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters'
        ValueName = 'MaxNegativeCacheTtl'
        ValueData = '0'
        ValueType = 'DWord'
    }

    # Stop Windows from cycling machine passwors in a domain that prevent snapshots > 30 days old from booting
    Registry 'DisableMachineAccountPasswordChange' {
        Ensure    = 'Present'
        Key       = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters'
        ValueName = 'DisablePasswordChange'
        ValueData = '1'
        ValueType = 'DWord'
    }

    # This makes it so Internet Explorer is usable
    Registry 'DisableInternetExplorerEnhancedSecurityConfigurationAdmin' {
        Ensure    = 'Present'
        Key       = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}'
        ValueName = 'IsInstalled'
        ValueData = '0'
        ValueType = 'DWord'
    }

    Registry 'DisableInternetExplorerEnhancedSecurityConfigurationUser' {
        Ensure    = 'Present'
        Key       = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}'
        ValueName = 'IsInstalled'
        ValueData = '0'
        ValueType = 'DWord'
    }

    Registry 'DisableInternetExplorerFirstRun' {
        Ensure    = 'Present'
        Key       = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main'
        ValueName = 'DisableFirstRunCustomize'
        ValueData = '1'
        ValueType = 'DWord'
    }

    Registry 'DisableInactivityTimeout' {
        Ensure    = 'Present'
        Key       = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'
        ValueName = 'InactivityTimeoutSecs'
        ValueData = '0'
        ValueType = 'DWord'
    }
}