Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecurityOption: SendConfigurationApply non-terminating errors Test-TargetResourouce, could not infer cim type #171

Open
229Lane opened this issue Oct 14, 2021 · 3 comments
Open

SecurityOption: SendConfigurationApply non-terminating errors Test-TargetResourouce, could not infer cim type #171

229Lane opened this issue Oct 14, 2021 · 3 comments

Comments

@229Lane
Copy link

229Lane commented Oct 14, 2021
edited
Loading

Details of the scenario you tried and the problem that is occurring

Config file has a single SecurityOption enabled, all the rest are commented out for testing.
Mof processes fine if the below SecurityOption is commented out, when enabled it (uncomment) the below errors occur and the mof fails to be applied.

SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
{
    Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
    Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled'
}

Verbose logs showing the problem

[ Name] Microsoft-Windows-DSC
[ Guid] {50df9e12-a8c4-4939-b281-47e1325ba63e}
EventID 4097
Version 0
Level 2
Task 1
Opcode 0
Keywords 0x4000000000000000

  • TimeCreated
    [ SystemTime] 2021-10-14T17:23:52.740566800Z
    EventRecordID 958503
  • Correlation
    [ ActivityID] {c012ff54-c05d-0003-861b-6bc05dc0d701}
  • Execution
    [ ProcessID] 4480
    [ ThreadID] 6708
    Channel Microsoft-Windows-DSC/Operational

JobId {DE8DF40C-2D11-11EC-A5B6-00155D180B00}
ComponentName LCM
ErrorId 0x1
ErrorDetail The SendConfigurationApply function did not succeed.
ResourceId [SecurityOption]SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers::[Ws2019DomainControllerSecurityCompliance1_0]Ws2019DcSecurityCompliance::[name]GroupPolicyConfiguration
SourceInfo C:\source\src\Modules\CedisDscModule\DscResources\CedisGroupPolicy\Ws2019DomainControllerSecurityCompliance1_0.ps1::1949::5::SecurityOption
ErrorMessage The PowerShell DSC resource '[SecurityOption]SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers::[Ws2019DomainControllerSecurityCompliance1_0]Ws2019DcSecurityCompliance::[CedisGroupPolicy]GroupPolicyConfiguration' with SourceInfo 'C:\source\src\Modules\CedisDscModule\DscResources\CedisGroupPolicy\Ws2019DomainControllerSecurityCompliance1_0.ps1::1949::5::SecurityOption' threw one or more non-terminating errors while running the Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.

error log message

JobId {AA442DEE-2D18-11EC-A5B7-00155D180B00}
MIResult 1
ErrorMessage The PowerShell DSC resource '[SecurityOption]SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers::[Ws2019DomainControllerSecurityCompliance1_0]Ws2019DcSecurityCompliance::[CedisGroupPolicy]GroupPolicyConfiguration' with SourceInfo 'C:\source\src\Modules\CedisDscModule\DscResources\CedisGroupPolicy\Ws2019DomainControllerSecurityCompliance1_0.ps1::1949::5::SecurityOption' threw one or more non-terminating errors while running the Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
MessageID NonTerminatingErrorFromProvider
ErrorCategory 7
ErrorCode 1
ErrorType MI

error log message

ErrorDetail The SendConfigurationApply function did not succeed.
ResourceId [SecurityOption]SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers::[Ws2019DomainControllerSecurityCompliance1_0]Ws2019DcSecurityCompliance::[CedisGroupPolicy]GroupPolicyConfiguration
SourceInfo C:\source\src\Modules\CedisDscModule\DscResources\CedisGroupPolicy\Ws2019DomainControllerSecurityCompliance1_0.ps1::1949::5::SecurityOption
ErrorMessage The PowerShell DSC resource '[SecurityOption]SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers::[Ws2019DomainControllerSecurityCompliance1_0]Ws2019DcSecurityCompliance::[CedisGroupPolicy]GroupPolicyConfiguration' with SourceInfo 'C:\source\src\Modules\CedisDscModule\DscResources\CedisGroupPolicy\Ws2019DomainControllerSecurityCompliance1_0.ps1::1949::5::SecurityOption' threw one or more non-terminating errors while running the Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.

Error message

JobId {CF8B7DCA-2D31-11EC-A5B7-00155D180B00}
ComponentName DSCEngine
OperationCmd Test-TargetResource
ProviderName MSFT_SecurityOption
FullyQualifiedErrorId New-CimInstance,Microsoft.Management.Infrastructure.CimCmdlets.NewCimInstanceCommand
ErrorMessage Could not infer CimType from the provided .NET object.

Suggested solution to the issue

N/A

The DSC configuration that is used to reproduce the issue (as detailed as possible)

configuration Ws2019DomainControllerSecurityCompliance1_0 {

    Import-DSCResource -Name 'Registry'
    Import-DSCResource -ModuleName 'AuditPolicyDSC'
    Import-DSCResource -ModuleName 'SecurityPolicyDSC'

    Registry 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun'
    {
        ValueName = 'NoDriveTypeAutoRun'
        ValueData = 255
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
    }

    Registry 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun'
    {
        ValueName = 'NoAutorun'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
    }

    Registry 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn'
    {
        ValueName = 'DisableAutomaticRestartSignOn'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'
    }

    Registry 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\AllowEncryptionOracle'
    {
        ValueName = 'AllowEncryptionOracle'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters'
    }

    Registry 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters\EnableCbacAndArmor'
    {
        ValueName = 'EnableCbacAndArmor'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters'
    }

    Registry 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters\CbacAndArmorLevel'
    {
        ValueName = 'CbacAndArmorLevel'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters'
    }

    Registry 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters\EnableTicketSizeThreshold'
    {
        ValueName = 'EnableTicketSizeThreshold'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters'
    }

    Registry 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters\TicketSizeThreshold'
    {
        ValueName = 'TicketSizeThreshold'
        ValueData = 47999
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters'
    }

    Registry 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters\PKINITFreshness'
    {
        ValueName = 'PKINITFreshness'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing'
    {
        ValueName = 'EnhancedAntiSpoofing'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Biometrics\FacialFeatures'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload'
    {
        ValueName = 'DisableEnclosureDownload'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds'
    {
        ValueName = 'AllowProtectedCreds'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols'
    {
        ValueName = 'SecureProtocols'
        ValueData = 2048
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize'
    {
        ValueName = 'MaxSize'
        ValueData = 32768
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize'
    {
        ValueName = 'MaxSize'
        ValueData = 196608
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize'
    {
        ValueName = 'MaxSize'
        ValueData = 32768
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume'
    {
        ValueName = 'NoAutoplayfornonVolume'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention'
    {
        ValueName = 'NoDataExecutionPrevention'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption'
    {
        ValueName = 'NoHeapTerminationOnCorruption'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy'
    {
        ValueName = 'NoBackgroundPolicy'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges'
    {
        ValueName = 'NoGPOListChanges'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated'
    {
        ValueName = 'AlwaysInstallElevated'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl'
    {
        ValueName = 'EnableUserControl'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Kernel DMA Protection\DeviceEnumerationPolicy'
    {
        ValueName = 'DeviceEnumerationPolicy'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Kernel DMA Protection'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth'
    {
        ValueName = 'AllowInsecureGuestAuth'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LanmanWorkstation'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\\*\NETLOGON'
    {
        ValueName = '\\*\NETLOGON'
        ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\\*\SYSVOL'
    {
        ValueName = '\\*\SYSVOL'
        ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenCamera'
    {
        ValueName = 'NoLockScreenCamera'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow'
    {
        ValueName = 'NoLockScreenSlideshow'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\EnableModuleLogging'
    {
        ValueName = 'EnableModuleLogging'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging'
    }

    <#Registry 'DELVALS_\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames'
    {
        ValueName = ''
        ValueData = ''
        Ensure = 'Present'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames'
    }#>

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames\*'
    {
        ValueName = '*'
        ValueData = '*'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging'
    {
        ValueName = 'EnableScriptBlockLogging'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
    }

    Registry 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging'
    {
        ValueName = 'EnableScriptBlockInvocationLogging'
        ValueData = ''
        Ensure = 'Absent'
        ValueType = 'String'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Safer\'
    {
        ValueName = ''
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Appx\EnforcementMode'
    {
        ValueName = 'EnforcementMode'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Appx'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba\Value'
    {
        ValueName = 'Value'
        ValueData = '<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule>'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Dll\'
    {
        ValueName = ''
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Dll'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Exe\EnforcementMode'
    {
        ValueName = 'EnforcementMode'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Exe\5e3ec135-b5af-4961-ae4d-cde98710afc9\Value'
    {
        ValueName = 'Value'
        ValueData = '<FilePublisherRule Id="5e3ec135-b5af-4961-ae4d-cde98710afc9" Name="Block Google Chrome" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="CHROME.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule>'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe\5e3ec135-b5af-4961-ae4d-cde98710afc9'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Exe\6db6c8f3-cf7c-4754-a438-94c95345bb53\Value'
    {
        ValueName = 'Value'
        ValueData = '<FilePublisherRule Id="6db6c8f3-cf7c-4754-a438-94c95345bb53" Name="Block Mozilla Firefox" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CA, C=US" ProductName="FIREFOX" BinaryName="FIREFOX.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule>'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe\6db6c8f3-cf7c-4754-a438-94c95345bb53'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Exe\881d54fe-3848-4d6a-95fd-42d48ebe60b8\Value'
    {
        ValueName = 'Value'
        ValueData = '<FilePublisherRule Id="881d54fe-3848-4d6a-95fd-42d48ebe60b8" Name="Block Internet Explorer" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule>'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe\881d54fe-3848-4d6a-95fd-42d48ebe60b8'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Exe\921cc481-6e17-4653-8f75-050b80acca20\Value'
    {
        ValueName = 'Value'
        ValueData = '<FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule>'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe\921cc481-6e17-4653-8f75-050b80acca20'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Exe\a61c8b2c-a319-4cd0-9690-d2177cad7b51\Value'
    {
        ValueName = 'Value'
        ValueData = '<FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions></FilePathRule>'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe\a61c8b2c-a319-4cd0-9690-d2177cad7b51'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Exe\fd686d83-a829-4351-8ff4-27c7de5755d2\Value'
    {
        ValueName = 'Value'
        ValueData = '<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule>'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe\fd686d83-a829-4351-8ff4-27c7de5755d2'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Msi\'
    {
        ValueName = ''
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Msi'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\SrpV2\Script\'
    {
        ValueName = ''
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Script'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen'
    {
        ValueName = 'EnableSmartScreen'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel'
    {
        ValueName = 'ShellSmartScreenLevel'
        ValueData = 'Block'
        ValueType = 'String'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems'
    {
        ValueName = 'AllowIndexingEncryptedStoresOrItems'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Search'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic'
    {
        ValueName = 'AllowBasic'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic'
    {
        ValueName = 'AllowUnencryptedTraffic'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest'
    {
        ValueName = 'AllowDigest'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic'
    {
        ValueName = 'AllowBasic'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic'
    {
        ValueName = 'AllowUnencryptedTraffic'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs'
    {
        ValueName = 'DisableRunAs'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast'
    {
        ValueName = 'EnableMulticast'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving'
    {
        ValueName = 'DisablePasswordSaving'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword'
    {
        ValueName = 'fPromptForPassword'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic'
    {
        ValueName = 'fEncryptRPCTraffic'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel'
    {
        ValueName = 'MinEncryptionLevel'
        ValueData = 3
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm'
    {
        ValueName = 'fDisableCdm'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\UserAuthentication'
    {
        ValueName = 'UserAuthentication'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PolicyVersion'
    {
        ValueName = 'PolicyVersion'
        ValueData = 538
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction'
    {
        ValueName = 'DefaultOutboundAction'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction'
    {
        ValueName = 'DefaultInboundAction'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall'
    {
        ValueName = 'EnableFirewall'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall'
    {
        ValueName = 'EnableFirewall'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction'
    {
        ValueName = 'DefaultInboundAction'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction'
    {
        ValueName = 'DefaultOutboundAction'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall'
    {
        ValueName = 'EnableFirewall'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction'
    {
        ValueName = 'DefaultOutboundAction'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction'
    {
        ValueName = 'DefaultInboundAction'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile'
    }

    Registry 'HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace\AllowWindowsInkWorkspace'
    {
        ValueName = 'AllowWindowsInkWorkspace'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsInkWorkspace'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\EnableMaxTokenSize'
    {
        ValueName = 'EnableMaxTokenSize'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize'
    {
        ValueName = 'MaxTokenSize'
        ValueData = 48000
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential'
    {
        ValueName = 'UseLogonCredential'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation'
    {
        ValueName = 'DisableExceptionChainValidation'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy'
    {
        ValueName = 'DriverLoadPolicy'
        ValueData = 3
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1'
    {
        ValueName = 'SMB1'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start'
    {
        ValueName = 'Start'
        ValueData = 4
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MrxSmb10'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand'
    {
        ValueName = 'NoNameReleaseOnDemand'
        ValueData = 1
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LdapEnforceChannelBinding'
    {
        ValueName = 'LdapEnforceChannelBinding'
        ValueData = 2
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect'
    {
        ValueName = 'EnableICMPRedirect'
        ValueData = 0
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting'
    {
        ValueName = 'DisableIPSourceRouting'
        ValueData = 2
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
    }

    Registry 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting'
    {
        ValueName = 'DisableIPSourceRouting'
        ValueData = 2
        ValueType = 'Dword'
        Ensure = 'Present'
        Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters'
    }

    AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion'
    {
        Name = 'Credential Validation'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion'
    {
        Name = 'Credential Validation'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Kerberos Authentication Service (Success) - Inclusion'
    {
        Name = 'Kerberos Authentication Service'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Kerberos Authentication Service (Failure) - Inclusion'
    {
        Name = 'Kerberos Authentication Service'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Kerberos Service Ticket Operations (Success) - Inclusion'
    {
        Name = 'Kerberos Service Ticket Operations'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Kerberos Service Ticket Operations (Failure) - Inclusion'
    {
        Name = 'Kerberos Service Ticket Operations'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Other Account Logon Events (Success) - Inclusion'
    {
        Name = 'Other Account Logon Events'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Other Account Logon Events (Failure) - Inclusion'
    {
        Name = 'Other Account Logon Events'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Application Group Management (Success) - Inclusion'
    {
        Name = 'Application Group Management'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Application Group Management (Failure) - Inclusion'
    {
        Name = 'Application Group Management'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Computer Account Management (Success) - Inclusion'
    {
        Name = 'Computer Account Management'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Computer Account Management (Failure) - Inclusion'
    {
        Name = 'Computer Account Management'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Other Account Management Events (Success) - Inclusion'
    {
        Name = 'Other Account Management Events'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Other Account Management Events (Failure) - Inclusion'
    {
        Name = 'Other Account Management Events'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion'
    {
        Name = 'Security Group Management'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion'
    {
        Name = 'Security Group Management'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion'
    {
        Name = 'User Account Management'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion'
    {
        Name = 'User Account Management'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit DPAPI Activity (Success) - Inclusion'
    {
        Name = 'DPAPI Activity'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit DPAPI Activity (Failure) - Inclusion'
    {
        Name = 'DPAPI Activity'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion'
    {
        Name = 'Plug and Play Events'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion'
    {
        Name = 'Plug and Play Events'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion'
    {
        Name = 'Process Creation'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion'
    {
        Name = 'Process Creation'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Process Termination (Success) - Inclusion'
    {
        Name = 'Process Termination'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Process Termination (Failure) - Inclusion'
    {
        Name = 'Process Termination'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit RPC Events (Success) - Inclusion'
    {
        Name = 'RPC Events'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit RPC Events (Failure) - Inclusion'
    {
        Name = 'RPC Events'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Detailed Directory Service Replication (Success) - Inclusion'
    {
        Name = 'Detailed Directory Service Replication'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Detailed Directory Service Replication (Failure) - Inclusion'
    {
        Name = 'Detailed Directory Service Replication'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Directory Service Access (Failure) - Inclusion'
    {
        Name = 'Directory Service Access'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Directory Service Access (Success) - Inclusion'
    {
        Name = 'Directory Service Access'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Directory Service Changes (Success) - Inclusion'
    {
        Name = 'Directory Service Changes'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Directory Service Changes (Failure) - Inclusion'
    {
        Name = 'Directory Service Changes'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Directory Service Replication (Success) - Inclusion'
    {
        Name = 'Directory Service Replication'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Directory Service Replication (Failure) - Inclusion'
    {
        Name = 'Directory Service Replication'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion'
    {
        Name = 'Account Lockout'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion'
    {
        Name = 'Account Lockout'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit User / Device Claims (Success) - Inclusion'
    {
        Name = 'User / Device Claims'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit User / Device Claims (Failure) - Inclusion'
    {
        Name = 'User / Device Claims'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion'
    {
        Name = 'Group Membership'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion'
    {
        Name = 'Group Membership'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit IPsec Extended Mode (Success) - Inclusion'
    {
        Name = 'IPsec Extended Mode'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit IPsec Extended Mode (Failure) - Inclusion'
    {
        Name = 'IPsec Extended Mode'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit IPsec Main Mode (Success) - Inclusion'
    {
        Name = 'IPsec Main Mode'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit IPsec Main Mode (Failure) - Inclusion'
    {
        Name = 'IPsec Main Mode'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit IPsec Quick Mode (Success) - Inclusion'
    {
        Name = 'IPsec Quick Mode'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit IPsec Quick Mode (Failure) - Inclusion'
    {
        Name = 'IPsec Quick Mode'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion'
    {
        Name = 'Logoff'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion'
    {
        Name = 'Logoff'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Logon (Success) - Inclusion'
    {
        Name = 'Logon'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion'
    {
        Name = 'Logon'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Network Policy Server (Success) - Inclusion'
    {
        Name = 'Network Policy Server'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Network Policy Server (Failure) - Inclusion'
    {
        Name = 'Network Policy Server'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Success) - Inclusion'
    {
        Name = 'Other Logon/Logoff Events'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Failure) - Inclusion'
    {
        Name = 'Other Logon/Logoff Events'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion'
    {
        Name = 'Special Logon'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion'
    {
        Name = 'Special Logon'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Application Generated (Success) - Inclusion'
    {
        Name = 'Application Generated'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Application Generated (Failure) - Inclusion'
    {
        Name = 'Application Generated'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Certification Services (Success) - Inclusion'
    {
        Name = 'Certification Services'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Certification Services (Failure) - Inclusion'
    {
        Name = 'Certification Services'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Detailed File Share (Failure) - Inclusion'
    {
        Name = 'Detailed File Share'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Detailed File Share (Success) - Inclusion'
    {
        Name = 'Detailed File Share'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit File Share (Success) - Inclusion'
    {
        Name = 'File Share'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit File Share (Failure) - Inclusion'
    {
        Name = 'File Share'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Filtering Platform Connection (Failure) - Inclusion'
    {
        Name = 'Filtering Platform Connection'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Filtering Platform Connection (Success) - Inclusion'
    {
        Name = 'Filtering Platform Connection'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Filtering Platform Packet Drop (Success) - Inclusion'
    {
        Name = 'Filtering Platform Packet Drop'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Filtering Platform Packet Drop (Failure) - Inclusion'
    {
        Name = 'Filtering Platform Packet Drop'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Handle Manipulation (Success) - Inclusion'
    {
        Name = 'Handle Manipulation'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Handle Manipulation (Failure) - Inclusion'
    {
        Name = 'Handle Manipulation'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Kernel Object (Success) - Inclusion'
    {
        Name = 'Kernel Object'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Kernel Object (Failure) - Inclusion'
    {
        Name = 'Kernel Object'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion'
    {
        Name = 'Other Object Access Events'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion'
    {
        Name = 'Other Object Access Events'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Registry (Success) - Inclusion'
    {
        Name = 'Registry'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Registry (Failure) - Inclusion'
    {
        Name = 'Registry'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion'
    {
        Name = 'Removable Storage'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion'
    {
        Name = 'Removable Storage'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit SAM (Success) - Inclusion'
    {
        Name = 'SAM'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit SAM (Failure) - Inclusion'
    {
        Name = 'SAM'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Central Access Policy Staging (Success) - Inclusion'
    {
        Name = 'Central Policy Staging'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Central Access Policy Staging (Failure) - Inclusion'
    {
        Name = 'Central Policy Staging'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion'
    {
        Name = 'Audit Policy Change'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion'
    {
        Name = 'Audit Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion'
    {
        Name = 'Authentication Policy Change'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion'
    {
        Name = 'Authentication Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion'
    {
        Name = 'Authorization Policy Change'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion'
    {
        Name = 'Authorization Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Filtering Platform Policy Change (Success) - Inclusion'
    {
        Name = 'Filtering Platform Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Filtering Platform Policy Change (Failure) - Inclusion'
    {
        Name = 'Filtering Platform Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Success) - Inclusion'
    {
        Name = 'MPSSVC Rule-Level Policy Change'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Failure) - Inclusion'
    {
        Name = 'MPSSVC Rule-Level Policy Change'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Other Policy Change Events (Failure) - Inclusion'
    {
        Name = 'Other Policy Change Events'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Other Policy Change Events (Success) - Inclusion'
    {
        Name = 'Other Policy Change Events'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Non Sensitive Privilege Use (Success) - Inclusion'
    {
        Name = 'Non Sensitive Privilege Use'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Non Sensitive Privilege Use (Failure) - Inclusion'
    {
        Name = 'Non Sensitive Privilege Use'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Other Privilege Use Events (Success) - Inclusion'
    {
        Name = 'Other Privilege Use Events'
        Ensure = 'Absent'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Other Privilege Use Events (Failure) - Inclusion'
    {
        Name = 'Other Privilege Use Events'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion'
    {
        Name = 'Sensitive Privilege Use'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion'
    {
        Name = 'Sensitive Privilege Use'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion'
    {
        Name = 'IPsec Driver'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion'
    {
        Name = 'IPsec Driver'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion'
    {
        Name = 'Other System Events'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion'
    {
        Name = 'Other System Events'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion'
    {
        Name = 'Security State Change'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion'
    {
        Name = 'Security State Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion'
    {
        Name = 'Security System Extension'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion'
    {
        Name = 'Security System Extension'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion'
    {
        Name = 'System Integrity'
        Ensure = 'Present'
        AuditFlag = 'Success'
    }

    AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion'
    {
        Name = 'System Integrity'
        Ensure = 'Present'
        AuditFlag = 'Failure'
    }

    {
        Name = 'AppIDSvc'
    }#>

    {
        Name = 'Spooler'
    }#>

    UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs'
    {
        Policy = 'Debug_programs'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system'
    {
        Policy = 'Force_shutdown_from_a_remote_system'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory'
    {
        Policy = 'Lock_pages_in_memory'
        Force = $True
        Identity = @('')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller'
    {
        Policy = 'Access_Credential_Manager_as_a_trusted_caller'
        Force = $True
        Identity = @('')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories'
    {
        Policy = 'Back_up_files_and_directories'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers'
    {
        Policy = 'Load_and_unload_device_drivers'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication'
    {
        Policy = 'Impersonate_a_client_after_authentication'
        Force = $True
        Identity = @('*S-1-5-32-544', '*S-1-5-6', '*S-1-5-19', '*S-1-5-20')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile'
    {
        Policy = 'Create_a_pagefile'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_through_Remote_Desktop_Services'
    {
        Policy = 'Allow_log_on_through_Remote_Desktop_Services'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log'
    {
        Policy = 'Manage_auditing_and_security_log'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Add_workstations_to_domain'
    {
        Policy = 'Add_workstations_to_domain'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects'
    {
        Policy = 'Take_ownership_of_files_or_other_objects'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process'
    {
        Policy = 'Profile_single_process'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects'
    {
        Policy = 'Create_global_objects'
        Force = $True
        Identity = @('*S-1-5-32-544', '*S-1-5-6', '*S-1-5-19', '*S-1-5-20')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system'
    {
        Policy = 'Act_as_part_of_the_operating_system'
        Force = $True
        Identity = @('')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories'
    {
        Policy = 'Restore_files_and_directories'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network'
    {
        Policy = 'Access_this_computer_from_the_network'
        Force = $True
        Identity = @('*S-1-5-32-544', '*S-1-5-11', '*S-1-5-9')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
    {
        Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object'
    {
        Policy = 'Create_a_token_object'
        Force = $True
        Identity = @('')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects'
    {
        Policy = 'Create_permanent_shared_objects'
        Force = $True
        Identity = @('')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally'
    {
        Policy = 'Allow_log_on_locally'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks'
    {
        Policy = 'Perform_volume_maintenance_tasks'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values'
    {
        Policy = 'Modify_firmware_environment_values'
        Force = $True
        Identity = @('*S-1-5-32-544')
    }

    AuditPolicySubcategory 'EventAuditing(INF): File System: Success'
    {
        AuditFlag = 'Success'
        Name = 'File System'
    }

    AuditPolicySubcategory 'EventAuditing(INF): File System: Failure'
    {
        Name = 'File System'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }

    <#AuditPolicySubcategory 'EventAuditing(INF): Registry: Success'
    {
        AuditFlag = 'Success'
        Name = 'Registry'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Registry: Failure'
    {
        Name = 'Registry'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Kernel Object: Success'
    {
        AuditFlag = 'Success'
        Name = 'Kernel Object'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Kernel Object: Failure'
    {
        Name = 'Kernel Object'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): SAM: Success'
    {
        AuditFlag = 'Success'
        Name = 'SAM'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): SAM: Failure'
    {
        Name = 'SAM'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Certification Services: Success'
    {
        AuditFlag = 'Success'
        Name = 'Certification Services'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Certification Services: Failure'
    {
        Name = 'Certification Services'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Application Generated: Success'
    {
        AuditFlag = 'Success'
        Name = 'Application Generated'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Application Generated: Failure'
    {
        Name = 'Application Generated'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Handle Manipulation: Success'
    {
        AuditFlag = 'Success'
        Name = 'Handle Manipulation'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Handle Manipulation: Failure'
    {
        Name = 'Handle Manipulation'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): File Share: Success'
    {
        AuditFlag = 'Success'
        Name = 'File Share'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): File Share: Failure'
    {
        Name = 'File Share'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Filtering Platform Packet Drop: Success'
    {
        AuditFlag = 'Success'
        Name = 'Filtering Platform Packet Drop'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Filtering Platform Packet Drop: Failure'
    {
        Name = 'Filtering Platform Packet Drop'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Filtering Platform Connection: Success'
    {
        AuditFlag = 'Success'
        Name = 'Filtering Platform Connection'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Filtering Platform Connection: Failure'
    {
        Name = 'Filtering Platform Connection'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Other Object Access Events: Success'
    {
        AuditFlag = 'Success'
        Name = 'Other Object Access Events'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Other Object Access Events: Failure'
    {
        Name = 'Other Object Access Events'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Audit Policy Change: Success'
    {
        AuditFlag = 'Success'
        Name = 'Audit Policy Change'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Audit Policy Change: Failure'
    {
        Name = 'Audit Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Authentication Policy Change: Success'
    {
        AuditFlag = 'Success'
        Name = 'Authentication Policy Change'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Authentication Policy Change: Failure'
    {
        Name = 'Authentication Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Authorization Policy Change: Success'
    {
        AuditFlag = 'Success'
        Name = 'Authorization Policy Change'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Authorization Policy Change: Failure'
    {
        Name = 'Authorization Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): MPSSVC Rule-Level Policy Change: Success'
    {
        AuditFlag = 'Success'
        Name = 'MPSSVC Rule-Level Policy Change'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): MPSSVC Rule-Level Policy Change: Failure'
    {
        Name = 'MPSSVC Rule-Level Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Filtering Platform Policy Change: Success'
    {
        AuditFlag = 'Success'
        Name = 'Filtering Platform Policy Change'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Filtering Platform Policy Change: Failure'
    {
        Name = 'Filtering Platform Policy Change'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Other Policy Change Events: Success'
    {
        AuditFlag = 'Success'
        Name = 'Other Policy Change Events'
    }#>

    <#AuditPolicySubcategory 'EventAuditing(INF): Other Policy Change Events: Failure'
    {
        Name = 'Other Policy Change Events'
        Ensure = 'Absent'
        AuditFlag = 'Failure'
    }#>

    SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
    {
        Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
        Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled'
    }
    
    <#
    [LS] Test - blocking out all SecurityOption to see if VDCs will process MOF
    SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior'
    {
        Name = 'Interactive_logon_Smart_card_removal_behavior'
        Interactive_logon_Smart_card_removal_behavior = 'Lock workstation'
    }

    SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
    {
        User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled'
        Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
    }

    SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes'
    {
        Name = 'Domain_member_Disable_machine_account_password_changes'
        Domain_member_Disable_machine_account_password_changes = 'Disabled'
    }

    SecurityOption 'SecurityRegistry(INF): Network_Security_Restrict_NTLM_Outgoing_NTLM_traffic_to_remote_servers'
    {
        Name = 'Network_Security_Restrict_NTLM_Outgoing_NTLM_traffic_to_remote_servers'
        Network_Security_Restrict_NTLM_Outgoing_NTLM_traffic_to_remote_servers = 'Audit all'
    }

    SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
    {
        System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled'
        Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
    }

    SecurityOption 'SecurityRegistry(INF): Domain_controller_LDAP_server_signing_requirements'
    {
        Domain_controller_LDAP_server_signing_requirements = 'Require Signing'
        Name = 'Domain_controller_LDAP_server_signing_requirements'
    }

    SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
    {
        User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled'
        Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
    }

    SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
    {
        Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
        Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
    {
        Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked'
        Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
    }

    SecurityOption 'SecurityRegistry(INF): Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain'
    {
        Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain = 'Enable all'
        Name = 'Network_Security_Restrict_NTLM_Audit_NTLM_authentication_in_this_domain'
    }

    SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
    {
        Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
        User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request'
    }

    SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
    {
        Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled'
        Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
    }

    SecurityOption 'SecurityRegistry(INF): Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic'
    {
        Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic = 'Enable auditing for all accounts'
        Name = 'Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic'
    }

    SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on'
    {
        Name = 'Interactive_logon_Message_title_for_users_attempting_to_log_on'
        Interactive_logon_Message_title_for_users_attempting_to_log_on = 'WARNING'
    }

    SecurityOption 'SecurityRegistry(INF): Network_Security_Restrict_NTLM_NTLM_authentication_in_this_domain'
    {
        Name = 'Network_Security_Restrict_NTLM_NTLM_authentication_in_this_domain'
        Network_Security_Restrict_NTLM_NTLM_authentication_in_this_domain = 'Disable'
    }

    SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
    {
        Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled'
        Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
    }

    SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level'
    {
        Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM'
        Name = 'Network_security_LAN_Manager_authentication_level'
    }

    SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
    {
        Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
        Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
    {
        Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked'
        Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
    }

    SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
    {
        Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
        Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always'
    {
        Name = 'Microsoft_network_server_Digitally_sign_communications_always'
        Microsoft_network_server_Digitally_sign_communications_always = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age'
    {
        Name = 'Domain_member_Maximum_machine_account_password_age'
        Domain_member_Maximum_machine_account_password_age = '30'
    }

    SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always'
    {
        Microsoft_network_client_Digitally_sign_communications_always = 'Enabled'
        Name = 'Microsoft_network_client_Digitally_sign_communications_always'
    }

    SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
    {
        Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
        Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
    {
        Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
        Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): Domain_controller_Refuse_machine_account_password_changes'
    {
        Name = 'Domain_controller_Refuse_machine_account_password_changes'
        Domain_controller_Refuse_machine_account_password_changes = 'Disabled'
    }

    SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key'
    {
        Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key'
        Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements'
    {
        Name = 'Network_security_LDAP_client_signing_requirements'
        Network_security_LDAP_client_signing_requirements = 'Negotiate Signing'
    }

    SecurityOption 'SecurityRegistry(INF): Network_Security_Restrict_NTLM_Incoming_NTLM_Traffic'
    {
        Name = 'Network_Security_Restrict_NTLM_Incoming_NTLM_Traffic'
        Network_Security_Restrict_NTLM_Incoming_NTLM_Traffic = 'Allow all'
    }

    SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
    {
        Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
        User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
    {
        Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
        User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
    {
        Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled'
        Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
    }

    SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
    {
        Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
        User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled'
    }

    SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
    {
        Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
        User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop'
    }

    SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on'
    {
        Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on'
        Interactive_logon_Message_text_for_users_attempting_to_log_on = 'You are accessing an information system that may provide services to the U.S. Government. The system may transmit or contain U.S. Government data. System usage may be monitored"," recorded"," and subject to audit. Unauthorized use of the system is prohibited and may be subject to criminal and civil penalties.Use of the system indicates consent to monitoring and recording.'
    }

    SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback'
    {
        Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback'
        Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled'
    }

    SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible'
    {
        Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled'
        Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible'
    }

    SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit'
    {
        Interactive_logon_Machine_inactivity_limit = '900'
        Name = 'Interactive_logon_Machine_inactivity_limit'
    }

    SecurityOption 'SecuritySetting(INF): NewGuestName'
    {
        Accounts_Rename_guest_account = 'MSGuest'
        Name = 'Accounts_Rename_guest_account'
    }

    SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup'
    {
        Name = 'Network_access_Allow_anonymous_SID_Name_translation'
        Network_access_Allow_anonymous_SID_Name_translation = 'Disabled'
    }

    SecurityOption 'SecuritySetting(INF): NewAdministratorName'
    {
        Accounts_Rename_administrator_account = 'MSAdmin'
        Name = 'Accounts_Rename_administrator_account'
    }

    SecurityOption 'SecuritySetting(INF): EnableGuestAccount'
    {
        Accounts_Guest_account_status = 'Disabled'
        Name = 'Accounts_Guest_account_status'
    }#>
}

The operating system the target node is running

OsName : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsVersion : 1809
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage : en-US
OsMuiLanguages : {en-US}

Version and build of PowerShell the target node is running

Name Value

PSVersion 5.1.17763.2183
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.2183
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Version of the DSC module that was used

ModuleType Version Name ExportedCommands

Manifest 2.10.0.0 SecurityPolicyDsc
@229Lane
Copy link
Author

229Lane commented Oct 14, 2021

Sorry about the long configuration, any help is much appreciated.

@229Lane 229Lane changed the title SecurityOption: SendConfigurationApply thre one or more non-terminating erros Test-TargetResourouce SecurityOption: SendConfigurationApply there are one or more non-terminating errors Test-TargetResourouce Oct 14, 2021
@229Lane 229Lane changed the title SecurityOption: SendConfigurationApply there are one or more non-terminating errors Test-TargetResourouce SecurityOption: SendConfigurationApply non-terminating errors Test-TargetResourouce, could not infer cim type Oct 14, 2021
@229Lane
Copy link
Author

229Lane commented Oct 26, 2021

When running Get-DscConfiguration the error can be repro'd. If you add -verbose the below error shows a SDDL value.

VERBOSE: []: [[SecurityOption]SecurityRegistry(INF):
Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers::[Ws2019DomainControllerSecurityComplianc
e1_0]Ws2019DcSecurityCompliance::[CedisGroupPolicy]GroupPolicyConfiguration] Options: System.Collections.Hashtable
VERBOSE: [DM2XGMEVDC11]: [[SecurityOption]SecurityRegistry(INF):
Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers::[Ws2019DomainControllerSecurityComplianc
e1_0]Ws2019DcSecurityCompliance::[CedisGroupPolicy]GroupPolicyConfiguration] Raw current value:
1,"O:BAG:BAD:(A;;RC;;;BA)(A;;RC;;;AU)"
Get-DscConfiguration : Could not infer CimType from the provided .NET object.
At line:1 char:32

  • Stop-DscConfiguration -force; Get-DscConfiguration -verbose | Out-Fi ...
  •                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (Microsoft.Manag...InstanceCommand:root/Microsoft/...gurationManager)
      [Get-DscConfiguration], CimException
    • FullyQualifiedErrorId : New-CimInstance,Microsoft.Management.Infrastructure.CimCmdlets.NewCimInstanceCommand,Get
      -DscConfiguration

@229Lane
Copy link
Author

229Lane commented Oct 29, 2021

Confirmed fixed in version 3.0.0 preview06

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@229Lane