master:
dev:
PowerStigDsc is a Windows PowerShell Desired State Configuration (DSC) composite resource to manage the configurable items of the DISA STIG's. This is accomplished by using OSS DSC Resources that are specialized to a specific area of the STIG from the PowerShell gallery. PowerStigDsc depends on an external module PowerStig for the STIG data and multiple DSC resources to apply the setting. All of the required dependencies are defined in the module manifest so they are automatically downloaded if you install PowerStigDsc from the PowerShell Gallery.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Please check out common DSC Resources contributing guidelines.
-
Browser: Provides a mechanism to manage Browser STIG settings.
-
WindowsDnsServer: Provides a mechanism to manage Windows DNS Server STIG settings.
-
WindowsFirewall: Provides a mechanism to manage the Windows Firewall STIG settings.
-
WindowsServer: Provides a mechanism to manage the Windows Server STIG settings.
Provides a mechanism to manage Browser STIG settings.
None
- [String] BrowserName (Mandatory): The version of the Browser that the configuration is applying to.
- [String] BrowserVersion (Optional): The Browser version of the STIG you want to apply. If no value is provided, the most recent version of the STIG is applied.
- [Hashtable] Exception (Optional): A hash table of the exceptions that should be applied to the server. The hashtable must be in the format StigId = Exception.
- [Xml] OrgSetting (Optional): An XML document that contains the values for settings that contain a range of possible values.
Provides a mechanism to manage Windows Dns Server STIG settings.
None
- [String] OsVersion (Mandatory): The version of the server OS that the configuration is applying to.
- [String] StigVersion (Optional): The version of the STIG you want to apply. If no value is provided, the most recent version of the STIG is applied.
- [String] ForestName (Optional): The FQDN of the forest the configuration is being applied to. If a domain name is not applied, the domain of the computer used to generate the configuration is used.
- [String] DomainName (Optional): The FQDN of the domain the configuration is being applied to. If a domain name is not applied, the domain of the computer used to generate the configuration is used.
- [Hashtable] Exception (Optional): A hash table of the exceptions to be applied to the server. The hashtable must be in the format StigId = Exception.
- [Xml] OrgSetting (Optional): This is an XML file that overrides the default settings of allowable ranges in the STIG.
- [PSObject] SkipRule (Optional): Rule Id/s that you do not want to be applied to the server.
- [PSObject] SkipRuleType (Optional): Rule type/s that you do not want to be applied to the server.
- Apply the Windows DNS Server STIG to a node
- Apply the Windows DNS Server STIG to a node, but override the value of V-1000
- Apply the Windows DNS Server STIG to a node, but skip the V-1000 setting
- Apply the Windows DNS Server STIG to a node, but skip the AuditPolicyRules
Provides a mechanism to manage the Windows Firewall STIG settings.
None
- [String] StigVersion (Optional): The version of the STIG you want to apply. If no value is provided, the most recent version of the STIG is applied.
- [Hashtable] Exception (Optional): A hash table of the exceptions to be applied to the server. The hashtable must be in the format StigId = Exception.
- [Xml] OrgSetting (Optional): This is an XML file that overrides the default settings of allowable ranges in the STIG.
- [PSObject] SkipRule (Optional): Rule Id/s that you do not want to be applied to the server.
- [PSObject] SkipRuleType (Optional): Rule type/s that you do not want to be applied to the server.
- Apply the Windows Firewall STIG to a node
- Apply the Windows Firewall STIG to a node, but override the value of V-1000
- Apply the Windows Firewall STIG to a node, but skip the V-1000 setting
- Apply the Windows Firewall STIG to a node, but skip the AuditPolicyRules
Provides a mechanism to manage the Windows Server STIG settings.
None
- [String] OsVersion (Mandatory): The version of the server OS that the configuration is applying to.
- [String] OsRole (Mandatory): The role of the computer the configuration applies to.
- [String] StigVersion (Optional): The version of the STIG you want to apply. If no value is provided, the most recent version of the STIG is applied.
- [String] ForestName (Optional): The FQDN of the forest the configuration is being applied to. If a domain name is not applied, the domain of the computer used to generate the configuration is used.
- [String] DomainName (Optional): The FQDN of the domain the configuration is being applied to. If a domain name is not applied, the domain of the computer used to generate the configuration is used.
- [Hashtable] Exception (Optional): A hash table of the exceptions to be applied to the server. The hashtable must be in the format StigId = Exception.
- [Xml] OrgSetting (Optional): This is an XML file that overrides the default settings of allowable ranges in the STIG.
- [PSObject] SkipRule (Optional): Rule Id/s that you do not want to be applied to the server.
- [PSObject] SkipRuleType (Optional): Rule type/s that you do not want to be applied to the server.
- Apply the latest Windows Server STIG to a node
- Apply a specific Windows Server STIG version to a node
- Apply the Windows Server STIG to a node, but override the default organizational settings with a local file
- Apply the Windows Server STIG to a node, but override the value of V-1000
- Apply the Windows Server STIG to a node, but skip the V-1000 setting
- Apply the Windows Server STIG to a node, but skip the AuditPolicyRules
- Added ModuleVersion parameter to each Import-DscResource for all composite resources
- Browser Composite
- Windows DNS Server Composite
- Windows Firewall Composite
- Windows Server Composite