Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update PowerSTIG to successfully parse/apply Microsoft Windows Server 2019 STIG - Ver 2, Rel 2 #895

Merged
merged 3 commits into from
May 27, 2021
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

## [Unreleased]

* Update PowerSTIG to successfully parse/apply Microsoft Windows Server 2019 STIG - Ver 2, Rel 2: [#893](https://github.com/microsoft/PowerStig/issues/893)
* Update PowerSTIG to remove old rule Ids in Hard Coded Framework: [#864](https://github.com/microsoft/PowerStig/issues/864)
* Fixed: PowerShell v7 Fix: AccessControlDsc/RegistryAccessEntry & NTFSAccessEntry "AccessControlList" should be an Array
* Update PowerSTIG to Parse/Apply Google Chrome Ver 2, Rel 2: [#876](https://github.com/microsoft/PowerStig/issues/876)
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
V-205664::*::''
V-205739::*::''
V-205740::NT AUTHORITY\Authenticated Users:(RX)::C:\Windows\SYSVOL
V-205740::NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(GR,GE)::Type - "Allow" for all
V-205740::BUILTIN\Server Operators:(RX)::Inherited from - "None" for all
V-205740::BUILTIN\Server Operators:(OI)(CI)(IO)(GR,GE)::Principal - Access - Applies to
V-205740::BUILTIN\Administrators:(M,WDAC,WO)::Authenticated Users - Read & execute - This folder, subfolder, and files
V-205740::BUILTIN\Administrators:(OI)(CI)(IO)(F)::Server Operators - Read & execute - This folder, subfolder, and files
V-205740::NT AUTHORITY\SYSTEM:(F)::Administrators - all selected except Full control - This folder only
V-205740::NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)::CREATOR OWNER - Full control - Subfolders and files only
V-205740::CREATOR OWNER:(OI)(CI)(IO)(F)::Administrators - Full control - Subfolders and files only
V-205740::(RX) - Read & execute::SYSTEM - Full control - This folder, subfolders, and files
V-205756::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.
V-205639::\SOFTWARE\ Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\::\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\
V-205820::*::HardCodedRule(SecurityOptionRule)@{DscResource = 'SecurityOption'; OptionName = 'Domain_controller_LDAP_server_signing_requirements'; OptionValue = 'Require Signing'}
V-205850::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
V-205869::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
V-205870::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
V-205871::0x00000000 (0) (or if the Value Name does not exist)::0
V-205872::0x00000000 (0) (or if the Value Name does not exist)::0
V-205874::0x00000000 (0) (or if the Value Name does not exist)::0
V-205924::0x00000002 (2) (or if the Value Name does not exist)::2
V-205693::0x00000000 (0) (or if the Value Name does not exist)::0
V-205662::*::HardCodedRule(AccountPolicyRule)@{DscResource = 'AccountPolicy'; PolicyName = 'Minimum password length'; PolicyValue = $null; OrganizationValueTestString = "'{0}' -ge '14'"}
V-205717::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
V-205830::0x00000000 (0) (or if the Value Name does not exist)::0
V-214936::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
V-205632::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
Loading