ACSC rule is checking the wrong baseline for Windows Update

[flobroeder]

Please review ACSC rules for Windows update - these rules seem to check the wrong place in registry or there are more configuration places?

Windows system reality

AuditTAP:

[SteffenWinternheimer]

If setting is set throughout the GUI, it seems like it cannot get checked throughout the registry path. Currently we have no workaround for that.
If this setting is set via registry, then it can also be checked via registry.

Will be set back to a later release.

[TuemmlerKelch]

Please refer to this article for improved checks

[SteffenWinternheimer]

I am not sure, which AuditRules should be replaced with the ones, provided in the link. Also i took a look again at the benchmark from ACSC, here are the rules provided by them:

This is the link to the admx.help page
https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsUpdate::AutoUpdateCfg

Let's discuss about this ticket again @TuemmlerKelch

[TuemmlerKelch]

As discussed, the focus lies on the one setting we refer to as High-049 D. Implementation is described in the article in my above comment.
Due to the fact that the configuration is different for manual setting and setting via group policy, we need more complex approach.
manual setting:
(
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services]
"DefaultService"="7971f918-a847-4430-9279-4a52d1efe18d"
AND
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971F918-A847-4430-9279-4A52D1EFE18D]
"RegisteredWithAU"=dword:00000001
)
OR
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AllowMUUpdateService"=dword:00000001
"NoAutoUpdate"=dword:00000000

Please make sure to check other benchmarks, too.

[SteffenWinternheimer]

TODO: Update logic, add try catch

[SteffenWinternheimer]

try-catch added, waiting for approval of pull request