Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 R2 MS STIG - Ver 3, Rel 2

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## [Unreleased]
 
+* Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 R2 MS STIG - Ver 3, Rel 2 [#900](https://github.com/microsoft/PowerStig/issues/900)
 * Update PowerSTIG to remove old rule Ids in Hard Coded Framework: [#864](https://github.com/microsoft/PowerStig/issues/864)
 * Fixed: PowerShell v7 Fix: AccessControlDsc/RegistryAccessEntry & NTFSAccessEntry "AccessControlList" should be an Array
 * Update PowerSTIG to Parse/Apply Google Chrome Ver 2, Rel 2: [#876](https://github.com/microsoft/PowerStig/issues/876)

source/StigData/Archive/Windows.Server.2012R2/U_MS_Windows_2012_and_2012_R2_MS_STIG_V3R2_Manual-xccdf.log

@@ -0,0 +1,13 @@
+V-225274::"Store password using reversible encryption"::"Store passwords using reversible encryption"
+V-225272::"Minimum password length,"::"Minimum password length"
+V-225427::*::HardCodedRule(AuditSettingRule)@{DscResource = 'AuditSetting'; DesiredValue = $true; Operator = '-eq'; Property = 'PasswordExpires'; Query = "SELECT * FROM Win32_UserAccount WHERE Disabled=$false AND LocalAccount=$true"}
+V-225426::*::HardCodedRule(AuditSettingRule)@{DscResource = 'AuditSetting'; DesiredValue = $true; Operator = '-eq'; Property = 'PasswordRequired'; Query = "SELECT * FROM Win32_UserAccount WHERE Disabled=$false AND LocalAccount=$true"}
+V-225374::Value: 0x00000001 (1) ::Value: 1 Or 2
+V-225436::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Certificate Revocation Checking service information'}
+V-225416::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-225263::*::HardCodedRule(AuditSettingRule)@{DscResource = 'AuditSetting'; DesiredValue = '6.3.9600.17415'; Operator = '-ge'; Property = 'Version'; Query = "SELECT * FROM CIM_Datafile WHERE FileName='powershell' AND Path LIKE '%\\Windows\\System32\\WindowsPowerShell\\v1.0\\%' AND Extension='exe'"}
+V-225264::Registry Path: \SOFTWARE\ Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\::Registry Path: \SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\
+V-225259::*::HardCodedRule(WindowsFeatureRule)@{DscResource = 'WindowsFeature'; Ensure = 'Absent'; Name = 'SMB1Protocol'}
+V-225516::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'ConsentPromptBehaviorAdmin'; ValueType = 'Dword'; ValueData = $null; OrganizationValueTestString = "'{0}' -le '4'"}
+V-225466::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-225465::assistants.  Such communications and work product are private and confidential.  See::assistants. Such communications and work product are private and confidential. See

source/StigData/Processed/WindowsServer-2012R2-MS-3.2.org.default.xml

@@ -0,0 +1,85 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="3.2">
+  <!-- Ensure ''V-225266'' -ge '15' -or ''V-225266'' -eq '0'-->
+  <OrganizationalSetting id="V-225266" PolicyValue="15" />
+  <!-- Ensure ''V-225267'' -le '3' -and ''V-225267'' -ne '0'-->
+  <OrganizationalSetting id="V-225267" PolicyValue="3" />
+  <!-- Ensure ''V-225268'' -ge '15'-->
+  <OrganizationalSetting id="V-225268" PolicyValue="15" />
+  <!-- Ensure ''V-225269'' -ge '24'-->
+  <OrganizationalSetting id="V-225269" PolicyValue="24" />
+  <!-- Ensure ''V-225270'' -le '60' -and ''V-225270'' -ne '0'-->
+  <OrganizationalSetting id="V-225270" PolicyValue="60" />
+  <!-- Ensure ''V-225271'' -ne '0'-->
+  <OrganizationalSetting id="V-225271" PolicyValue="1" />
+  <!-- Ensure ''V-225272'' -ge '14'-->
+  <OrganizationalSetting id="V-225272" PolicyValue="14" />
+  <!-- Ensure ''V-225370'' -ge '32768'-->
+  <OrganizationalSetting id="V-225370" ValueData="32768" />
+  <!-- Ensure ''V-225371'' -ge '196608'-->
+  <OrganizationalSetting id="V-225371" ValueData="196608" />
+  <!-- Ensure ''V-225372'' -ge '32768'-->
+  <OrganizationalSetting id="V-225372" ValueData="32768" />
+  <!-- Ensure ''V-225373'' -ge '32768'-->
+  <OrganizationalSetting id="V-225373" ValueData="32768" />
+  <!-- Ensure ''V-225374'' -match '1|2'-->
+  <OrganizationalSetting id="V-225374" ValueData="1" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-225416" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Certificate Revocation Checking service information-->
+  <OrganizationalSetting id="V-225436" ServiceName="" StartupType="" />
+  <!-- Ensure location for DoD Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-225441.a" Location="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-225441.b" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-225441.c" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-225441.d" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-225442.a" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 1 certificate is present-->
+  <OrganizationalSetting id="V-225442.b" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-225443" Location="" />
+  <!-- Ensure ''V-225450'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-225450" OptionValue="" />
+  <!-- Ensure ''V-225451'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-225451" OptionValue="" />
+  <!-- Ensure ''V-225460'' -le '30' -and ''V-225460'' -gt '0'-->
+  <OrganizationalSetting id="V-225460" ValueData="30" />
+  <!-- Ensure ''V-225464'' -le '900' -and ''V-225464'' -gt '0'-->
+  <OrganizationalSetting id="V-225464" ValueData="900" />
+  <!-- Ensure ''V-225466'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-225466" ValueData="DoD Notice and Consent Banner" />
+  <!-- Ensure ''V-225467'' -le '4'-->
+  <OrganizationalSetting id="V-225467" ValueData="4" />
+  <!-- Ensure ''V-225468'' -ge '14'-->
+  <OrganizationalSetting id="V-225468" ValueData="14" />
+  <!-- Ensure ''V-225469'' -match '1|2'-->
+  <OrganizationalSetting id="V-225469" ValueData="1" />
+  <!-- Ensure ''V-225473'' -le '15'-->
+  <OrganizationalSetting id="V-225473" ValueData="15" />
+  <!-- Ensure ''V-225482'' -le '300000'-->
+  <OrganizationalSetting id="V-225482" ValueData="300000" />
+  <!-- Ensure ''V-225487'' -le '5'-->
+  <OrganizationalSetting id="V-225487" ValueData="5" />
+  <!-- Ensure ''V-225488'' -le '3'-->
+  <OrganizationalSetting id="V-225488" ValueData="3" />
+  <!-- Ensure ''V-225489'' -le '3'-->
+  <OrganizationalSetting id="V-225489" ValueData="3" />
+  <!-- Ensure ''V-225490'' -le '90'-->
+  <OrganizationalSetting id="V-225490" ValueData="90" />
+  <!-- Ensure ''V-225516'' -le '4'-->
+  <OrganizationalSetting id="V-225516" ValueData="4" />
+  <!-- Ensure ''V-225555'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-225555" Identity="Administrators" />
+  <!-- Ensure ''V-225557'' -match 'Enterprise Admins,Domain Admins,(Local account and member of Administrators group|Local account),Guests'-->
+  <OrganizationalSetting id="V-225557" Identity="Enterprise Admins,Domain Admins,Local account and member of Administrators group,Guests" />
+</OrganizationalSettings>