-
Notifications
You must be signed in to change notification settings - Fork 116
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update PowerSTIG to successfully parse/apply Microsoft Windows Server…
… 2019 STIG - Ver 2, Rel 2 (#895) * added Windows 2019 DC / MS V2R2 * removed old processed 2019 STIGs
- Loading branch information
Showing
15 changed files
with
34,453 additions
and
32,432 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 0 additions & 20 deletions
20
...igData/Archive/Windows.Server.2019/U_MS_Windows_Server_2019_DC_STIG_V1R5_Manual-xccdf.log
This file was deleted.
Oops, something went wrong.
28 changes: 28 additions & 0 deletions
28
...igData/Archive/Windows.Server.2019/U_MS_Windows_Server_2019_DC_STIG_V2R2_Manual-xccdf.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
V-205664::*::'' | ||
V-205739::*::'' | ||
V-205740::NT AUTHORITY\Authenticated Users:(RX)::C:\Windows\SYSVOL | ||
V-205740::NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(GR,GE)::Type - "Allow" for all | ||
V-205740::BUILTIN\Server Operators:(RX)::Inherited from - "None" for all | ||
V-205740::BUILTIN\Server Operators:(OI)(CI)(IO)(GR,GE)::Principal - Access - Applies to | ||
V-205740::BUILTIN\Administrators:(M,WDAC,WO)::Authenticated Users - Read & execute - This folder, subfolder, and files | ||
V-205740::BUILTIN\Administrators:(OI)(CI)(IO)(F)::Server Operators - Read & execute - This folder, subfolder, and files | ||
V-205740::NT AUTHORITY\SYSTEM:(F)::Administrators - all selected except Full control - This folder only | ||
V-205740::NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)::CREATOR OWNER - Full control - Subfolders and files only | ||
V-205740::CREATOR OWNER:(OI)(CI)(IO)(F)::Administrators - Full control - Subfolders and files only | ||
V-205740::(RX) - Read & execute::SYSTEM - Full control - This folder, subfolders, and files | ||
V-205756::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding. | ||
V-205639::\SOFTWARE\ Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\::\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\ | ||
V-205820::*::HardCodedRule(SecurityOptionRule)@{DscResource = 'SecurityOption'; OptionName = 'Domain_controller_LDAP_server_signing_requirements'; OptionValue = 'Require Signing'} | ||
V-205850::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'} | ||
V-205869::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1 | ||
V-205870::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100 | ||
V-205871::0x00000000 (0) (or if the Value Name does not exist)::0 | ||
V-205872::0x00000000 (0) (or if the Value Name does not exist)::0 | ||
V-205874::0x00000000 (0) (or if the Value Name does not exist)::0 | ||
V-205924::0x00000002 (2) (or if the Value Name does not exist)::2 | ||
V-205693::0x00000000 (0) (or if the Value Name does not exist)::0 | ||
V-205662::*::HardCodedRule(AccountPolicyRule)@{DscResource = 'AccountPolicy'; PolicyName = 'Minimum password length'; PolicyValue = $null; OrganizationValueTestString = "'{0}' -ge '14'"} | ||
V-205717::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2 | ||
V-205830::0x00000000 (0) (or if the Value Name does not exist)::0 | ||
V-214936::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'} | ||
V-205632::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"} |
Oops, something went wrong.