diff --git a/DSCResources/Services/Services.psd1 b/DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.psd1
similarity index 87%
rename from DSCResources/Services/Services.psd1
rename to DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.psd1
index d483281..927d582 100644
--- a/DSCResources/Services/Services.psd1
+++ b/DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.psd1
@@ -1,124 +1,124 @@
-#
-# Module manifest for module 'Services'
-#
-# Generated by: Sinisa Sokolic
-#
-# Generated on: 7/25/2023
-#
-
-@{
-
-# Script module or binary module file associated with this manifest.
-RootModule = 'Services.schema.psm1'
-
-# Version number of this module.
-ModuleVersion = '0.0.1'
-
-# Supported PSEditions
-# CompatiblePSEditions = @()
-
-# ID used to uniquely identify this module
-GUID = '09a6295a-d863-47d9-b8ac-22fedaf9fcfc'
-
-# Author of this module
-Author = 'Sinisa Sokolic'
-
-# Company or vendor of this module
-CompanyName = 'RIS AG'
-
-# Copyright statement for this module
-Copyright = '(c) 2023 XOAP. All rights reserved.'
-
-# Description of the functionality provided by this module
-Description = 'Configure Windows Services for Azure Virtual Desktop VMs based on Windows 11.'
-
-# Minimum version of the Windows PowerShell engine required by this module
-PowerShellVersion = '5.1'
-
-# Name of the Windows PowerShell host required by this module
-# PowerShellHostName = ''
-
-# Minimum version of the Windows PowerShell host required by this module
-# PowerShellHostVersion = ''
-
-# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# DotNetFrameworkVersion = ''
-
-# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# CLRVersion = ''
-
-# Processor architecture (None, X86, Amd64) required by this module
-# ProcessorArchitecture = ''
-
-# Modules that must be imported into the global environment prior to importing this module
-# RequiredModules = @()
-
-# Assemblies that must be loaded prior to importing this module
-# RequiredAssemblies = @()
-
-# Script files (.ps1) that are run in the caller's environment prior to importing this module.
-# ScriptsToProcess = @()
-
-# Type files (.ps1xml) to be loaded when importing this module
-# TypesToProcess = @()
-
-# Format files (.ps1xml) to be loaded when importing this module
-# FormatsToProcess = @()
-
-# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
-# NestedModules = @()
-
-# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-FunctionsToExport = '*'
-
-# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport = '*'
-
-# Variables to export from this module
-VariablesToExport = '*'
-
-# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-AliasesToExport = '*'
-
-# DSC resources to export from this module
-# DscResourcesToExport = @()
-
-# List of all modules packaged with this module
-# ModuleList = @()
-
-# List of all files packaged with this module
-# FileList = @()
-
-# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-PrivateData = @{
-
- PSData = @{
-
- # Tags applied to this module. These help with module discovery in online galleries.
- # Tags = @()
-
- # A URL to the license for this module.
- # LicenseUri = ''
-
- # A URL to the main website for this project.
- # ProjectUri = ''
-
- # A URL to an icon representing this module.
- # IconUri = ''
-
- # ReleaseNotes of this module
- # ReleaseNotes = ''
-
- } # End of PSData hashtable
-
-} # End of PrivateData hashtable
-
-# HelpInfo URI of this module
-# HelpInfoURI = ''
-
-# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
-# DefaultCommandPrefix = ''
-
-}
-
-
+#
+# Module manifest for module 'DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/13/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '1933d1ea-6974-4ee2-be78-fb350e8837d7'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Resource for applying AdobeAcrobat Pro DSC STIG security settings'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.schema.psm1 b/DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.schema.psm1
new file mode 100644
index 0000000..15b73dc
--- /dev/null
+++ b/DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.schema.psm1
@@ -0,0 +1,248 @@
+configuration DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1
+{
+
+ param(
+ [bool]$DisableMaintenance = $true,
+ [bool]$bEnhancedSecurityStandalone = $true,
+ [bool]$bEnhancedSecurityInBrowser = $true,
+ [bool]$iFileAttachmentPerms = $true,
+ [bool]$bEnableFlash = $true,
+ [bool]$bDisableTrustedFolders = $true,
+ [bool]$bProtectedMode = $true,
+ [bool]$iProtectedView = $true,
+ [bool]$bDisablePDFHandlerSwitching = $true,
+ [bool]$bDisableTrustedSites = $true,
+ [bool]$bAdobeSendPluginToggle = $true,
+ [bool]$bDisableADCFileStore = $true,
+ [bool]$iUnknownURLPerms = $true,
+ [bool]$iURLPerms = $true,
+ [bool]$bTogglePrefsSync = $true,
+ [bool]$bToggleWebConnectors = $true,
+ [bool]$bDisableSharePointFeatures = $true,
+ [bool]$bDisableWebmail = $true,
+ [bool]$bShowWelcomeScreen = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($DisableMaintenance) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Adobe\Adobe Acrobat\DC\Installer\DisableMaintenance'
+ {
+ Key = '\SOFTWARE\Adobe\Adobe Acrobat\DC\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableMaintenance'
+ ValueData = 1
+ }
+ }
+
+ if ($bEnhancedSecurityStandalone) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bEnhancedSecurityStandalone'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bEnhancedSecurityStandalone'
+ ValueData = 1
+ }
+ }
+
+ if ($bEnhancedSecurityInBrowser) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bEnhancedSecurityInBrowser'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bEnhancedSecurityInBrowser'
+ ValueData = 1
+ }
+ }
+ if ($iFileAttachmentPerms) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\iFileAttachmentPerms'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iFileAttachmentPerms'
+ ValueData = 1
+ }
+ }
+
+ if ($bEnableFlash) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bEnableFlash'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bEnableFlash'
+ ValueData = 0
+ }
+ }
+
+ if ($bDisableTrustedFolders) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bDisableTrustedFolders'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisableTrustedFolders'
+ ValueData = 1
+ }
+ }
+
+ if ($bProtectedMode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bProtectedMode'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bProtectedMode'
+ ValueData = 1
+ }
+ }
+ if ($iProtectedView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\iProtectedView'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iProtectedView'
+ ValueData = 2
+ }
+ }
+
+ if ($bDisablePDFHandlerSwitching) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bDisablePDFHandlerSwitching'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisablePDFHandlerSwitching'
+ ValueData = 1
+ }
+ }
+
+ if ($bDisableTrustedSites) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bDisableTrustedSites'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisableTrustedSites'
+ ValueData = 1
+ }
+ }
+
+ if ($bAdobeSendPluginToggle) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud\bAdobeSendPluginToggle'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bAdobeSendPluginToggle'
+ ValueData = 1
+ }
+ }
+
+ if ($bDisableADCFileStore) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud\bDisableADCFileStore'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisableADCFileStore'
+ ValueData = 1
+ }
+ }
+
+ if ($iUnknownURLPerms) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms\iUnknownURLPerms'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iUnknownURLPerms'
+ ValueData = 3
+ }
+ }
+ if ($iURLPerms) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms\iURLPerms'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iURLPerms'
+ ValueData = 1
+ }
+ }
+
+ if ($bTogglePrefsSync) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices\bTogglePrefsSync'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bTogglePrefsSync'
+ ValueData = 1
+ }
+ }
+
+ if ($bToggleWebConnectors) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices\bToggleWebConnectors'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bToggleWebConnectors'
+ ValueData = 1
+ }
+ }
+
+ if ($bDisableSharePointFeatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cSharePoint\bDisableSharePointFeatures'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cSharePoint'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisableSharePointFeatures'
+ ValueData = 1
+ }
+ }
+
+ if ($bDisableWebmail) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWebmailProfiles\bDisableWebmail'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWebmailProfiles'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisableWebmail'
+ ValueData = 1
+ }
+ }
+
+ if ($bShowWelcomeScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWelcomeScreen\bShowWelcomeScreen'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWelcomeScreen'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bShowWelcomeScreen'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableMaintenance) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\DC\Installer\DisableMaintenance'
+ {
+ Key = '\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\DC\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableMaintenance'
+ ValueData = 1
+ }
+ }
+
+}
+
diff --git a/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.psd1 b/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.psd1
new file mode 100644
index 0000000..709c2b5
--- /dev/null
+++ b/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/13/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '15ff2ee9-3bc2-4529-8082-49edfef3477a'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'DSC Ressource to apply STIG Adobe Acrobat Reader Settings'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.schema.psm1 b/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.schema.psm1
new file mode 100644
index 0000000..8932413
--- /dev/null
+++ b/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.schema.psm1
@@ -0,0 +1,285 @@
+configuration DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1
+{
+
+ param(
+ [bool]$DisableMaintenance = $true,
+ [bool]$bEnhancedSecurityStandalone = $true,
+ [bool]$bProtectedMode = $true,
+ [bool]$iProtectedView = $true,
+ [bool]$iFileAttachmentPerms = $true,
+ [bool]$bEnableFlash = $true,
+ [bool]$bDisablePDFHandlerSwitching = $true,
+ [bool]$bAcroSuppressUpsell = $true,
+ [bool]$bEnhancedSecurityInBrowser = $true,
+ [bool]$bDisableTrustedFolders = $true,
+ [bool]$bDisableTrustedSites = $true,
+ [bool]$bAdobeSendPluginToggle = $true,
+ [bool]$iURLPerms = $true,
+ [bool]$iUnknownURLPerms = $true,
+ [bool]$bToggleAdobeDocumentServices = $true,
+ [bool]$bTogglePrefsSync = $true,
+ [bool]$bToggleWebConnectors = $true,
+ [bool]$bToggleAdobeSign = $true,
+ [bool]$bUpdater = $true,
+ [bool]$bDisableSharePointFeatures = $true,
+ [bool]$bDisableWebmail = $true,
+ [bool]$bShowWelcomeScreen = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($DisableMaintenance) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Adobe\Acrobat Reader\DC\Installer\DisableMaintenance'
+ {
+ Key = '\SOFTWARE\Adobe\Acrobat Reader\DC\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableMaintenance'
+ ValueData = 1
+ }
+ }
+
+ if ($bEnhancedSecurityStandalone) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bEnhancedSecurityStandalone'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bEnhancedSecurityStandalone'
+ ValueData = 1
+ }
+ }
+
+ if ($bProtectedMode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bProtectedMode'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bProtectedMode'
+ ValueData = 1
+ }
+ }
+
+ if ($iProtectedView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\iProtectedView'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iProtectedView'
+ ValueData = 2
+ }
+ }
+
+ if ($iFileAttachmentPerms) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\iFileAttachmentPerms'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iFileAttachmentPerms'
+ ValueData = 1
+ }
+ }
+
+ if ($bEnableFlash) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bEnableFlash'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bEnableFlash'
+ ValueData = 0
+ }
+ }
+
+ if ($bDisablePDFHandlerSwitching) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bDisablePDFHandlerSwitching'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisablePDFHandlerSwitching'
+ ValueData = 1
+ }
+ }
+
+ if ($bAcroSuppressUpsell) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bAcroSuppressUpsell'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bAcroSuppressUpsell'
+ ValueData = 1
+ }
+ }
+
+ if ($bEnhancedSecurityInBrowser) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bEnhancedSecurityInBrowser'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bEnhancedSecurityInBrowser'
+ ValueData = 1
+ }
+ }
+
+ if ($bDisableTrustedFolders) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bDisableTrustedFolders'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisableTrustedFolders'
+ ValueData = 1
+ }
+ }
+
+ if ($bDisableTrustedSites) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bDisableTrustedSites'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisableTrustedSites'
+ ValueData = 1
+ }
+ }
+
+ if ($bAdobeSendPluginToggle) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cCloud\bAdobeSendPluginToggle'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cCloud'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bAdobeSendPluginToggle'
+ ValueData = 1
+ }
+ }
+
+ if ($iURLPerms) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms\iURLPerms'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iURLPerms'
+ ValueData = 1
+ }
+ }
+
+ if ($iUnknownURLPerms) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms\iUnknownURLPerms'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iUnknownURLPerms'
+ ValueData = 3
+ }
+ }
+
+ if ($bToggleAdobeDocumentServices) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bToggleAdobeDocumentServices'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bToggleAdobeDocumentServices'
+ ValueData = 1
+ }
+ }
+
+ if ($bTogglePrefsSync) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bTogglePrefsSync'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bTogglePrefsSync'
+ ValueData = 1
+ }
+ }
+ if ($bToggleWebConnectors) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bToggleWebConnectors'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bToggleWebConnectors'
+ ValueData = 1
+ }
+ }
+
+ if ($bToggleAdobeSign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bToggleAdobeSign'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bToggleAdobeSign'
+ ValueData = 1
+ }
+ }
+
+ if ($bUpdater) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bUpdater'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bUpdater'
+ ValueData = 0
+ }
+ }
+
+ if ($bDisableSharePointFeatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cSharePoint\bDisableSharePointFeatures'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cSharePoint'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisableSharePointFeatures'
+ ValueData = 1
+ }
+ }
+
+ if ($bDisableWebmail) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWebmailProfiles\bDisableWebmail'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWebmailProfiles'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bDisableWebmail'
+ ValueData = 1
+ }
+ }
+
+ if ($bShowWelcomeScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWelcomeScreen\bShowWelcomeScreen'
+ {
+ Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWelcomeScreen'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'bShowWelcomeScreen'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableMaintenance) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\DC\Installer\DisableMaintenance'
+ {
+ Key = '\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\DC\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableMaintenance'
+ ValueData = 1
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.psd1 b/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.psd1
new file mode 100644
index 0000000..61529c0
--- /dev/null
+++ b/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Google_Chrome_v2r10'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/13/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Google_Chrome_v2r10.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = 'a0c7384c-165a-4d1e-ba07-ef43a9fbe0ed'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'DSC resource for applying Google Chrome STIG Settings'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.schema.psm1 b/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.schema.psm1
new file mode 100644
index 0000000..ab4d7cd
--- /dev/null
+++ b/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.schema.psm1
@@ -0,0 +1,499 @@
+configuration DoD_Google_Chrome_v2r10
+{
+ param(
+ [bool]$RemoteAccessHostFirewallTraversal = $true,
+ [bool]$DefaultPopupsSetting = $true,
+ [bool]$DefaultGeolocationSetting = $true,
+ [bool]$DefaultSearchProviderName = $true,
+ [bool]$DefaultSearchProviderEnabled = $true,
+ [bool]$PasswordManagerEnabled = $true,
+ [bool]$BackgroundModeEnabled = $true,
+ [bool]$SyncDisabled = $true,
+ [bool]$CloudPrintProxyEnabled = $true,
+ [bool]$MetricsReportingEnabled = $true,
+ [bool]$SearchSuggestEnabled = $true,
+ [bool]$ImportSavedPasswords = $true,
+ [bool]$IncognitoModeAvailability = $true,
+ [bool]$SavingBrowserHistoryDisabled = $true,
+ [bool]$AllowDeletingBrowserHistory = $true,
+ [bool]$PromptForDownloadLocation = $true,
+ [bool]$AutoplayAllowed = $true,
+ [bool]$SafeBrowsingExtendedReportingEnabled = $true,
+ [bool]$DefaultWebUsbGuardSetting = $true,
+ [bool]$EnableMediaRouter = $true,
+ [bool]$UrlKeyedAnonymizedDataCollectionEnabled = $true,
+ [bool]$WebRtcEventLogCollectionAllowed = $true,
+ [bool]$NetworkPredictionOptions = $true,
+ [bool]$DeveloperToolsAvailability = $true,
+ [bool]$BrowserGuestModeEnabled = $true,
+ [bool]$AutofillCreditCardEnabled = $true,
+ [bool]$AutofillAddressEnabled = $true,
+ [bool]$ImportAutofillFormData = $true,
+ [bool]$SafeBrowsingProtectionLevel = $true,
+ [bool]$DefaultSearchProviderSearchURL = $true,
+ [bool]$DownloadRestrictions = $true,
+ [bool]$DefaultWebBluetoothGuardSetting = $true,
+ [bool]$QuicAllowed = $true,
+ [bool]$EnableOnlineRevocationChecks = $true,
+ [bool]$DefaultCookiesSetting = $true,
+ [bool]$AutoplayAllowlist1 = $true,
+ [bool]$AutoplayAllowlist2 = $true,
+ [bool]$ExtensionInstallAllowlist1 = $true,
+ [bool]$ExtensionInstallAllowlist2 = $true,
+ [bool]$ExtensionInstallBlocklist1 = $true,
+ [bool]$URLBlocklist1 = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($RemoteAccessHostFirewallTraversal) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\RemoteAccessHostFirewallTraversal'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RemoteAccessHostFirewallTraversal'
+ ValueData = 0
+ }
+ }
+
+ if ($DefaultPopupsSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultPopupsSetting'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultPopupsSetting'
+ ValueData = 2
+ }
+ }
+
+ if ($DefaultGeolocationSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultGeolocationSetting'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultGeolocationSetting'
+ ValueData = 2
+ }
+ }
+
+ if ($DefaultSearchProviderName) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultSearchProviderName'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultSearchProviderName'
+ ValueData = 'Google Encrypted'
+ }
+ }
+
+ if ($DefaultSearchProviderEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultSearchProviderEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultSearchProviderEnabled'
+ ValueData = 1
+ }
+ }
+
+ if ($PasswordManagerEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\PasswordManagerEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordManagerEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($BackgroundModeEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\BackgroundModeEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'BackgroundModeEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($SyncDisabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SyncDisabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SyncDisabled'
+ ValueData = 1
+ }
+ }
+
+ if ($CloudPrintProxyEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\CloudPrintProxyEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'CloudPrintProxyEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($MetricsReportingEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\MetricsReportingEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MetricsReportingEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($SearchSuggestEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SearchSuggestEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SearchSuggestEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportSavedPasswords) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ImportSavedPasswords'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportSavedPasswords'
+ ValueData = 0
+ }
+ }
+
+ if ($IncognitoModeAvailability) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\IncognitoModeAvailability'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'IncognitoModeAvailability'
+ ValueData = 1
+ }
+ }
+
+ if ($SavingBrowserHistoryDisabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SavingBrowserHistoryDisabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SavingBrowserHistoryDisabled'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowDeletingBrowserHistory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AllowDeletingBrowserHistory'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDeletingBrowserHistory'
+ ValueData = 0
+ }
+ }
+
+ if ($PromptForDownloadLocation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\PromptForDownloadLocation'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PromptForDownloadLocation'
+ ValueData = 1
+ }
+ }
+
+ if ($AutoplayAllowed) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutoplayAllowed'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AutoplayAllowed'
+ ValueData = 0
+ }
+ }
+
+ if ($SafeBrowsingExtendedReportingEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SafeBrowsingExtendedReportingEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SafeBrowsingExtendedReportingEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($DefaultWebUsbGuardSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultWebUsbGuardSetting'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultWebUsbGuardSetting'
+ ValueData = 2
+ }
+ }
+
+ if ($EnableMediaRouter) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\EnableMediaRouter'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableMediaRouter'
+ ValueData = 0
+ }
+ }
+
+ if ($UrlKeyedAnonymizedDataCollectionEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\UrlKeyedAnonymizedDataCollectionEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UrlKeyedAnonymizedDataCollectionEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($WebRtcEventLogCollectionAllowed) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\WebRtcEventLogCollectionAllowed'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'WebRtcEventLogCollectionAllowed'
+ ValueData = 0
+ }
+ }
+ if ($NetworkPredictionOptions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\NetworkPredictionOptions'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NetworkPredictionOptions'
+ ValueData = 2
+ }
+ }
+
+ if ($DeveloperToolsAvailability) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DeveloperToolsAvailability'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DeveloperToolsAvailability'
+ ValueData = 2
+ }
+ }
+
+ if ($BrowserGuestModeEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\BrowserGuestModeEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'BrowserGuestModeEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($AutofillCreditCardEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutofillCreditCardEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AutofillCreditCardEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($AutofillAddressEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutofillAddressEnabled'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AutofillAddressEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportAutofillFormData) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ImportAutofillFormData'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportAutofillFormData'
+ ValueData = 0
+ }
+ }
+
+ if ($SafeBrowsingProtectionLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SafeBrowsingProtectionLevel'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SafeBrowsingProtectionLevel'
+ ValueData = 1
+ }
+ }
+
+ if ($DefaultSearchProviderSearchURL) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultSearchProviderSearchURL'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultSearchProviderSearchURL'
+ ValueData = 'https://www.google.com/search?q={searchTerms}'
+ }
+ }
+
+ if ($DownloadRestrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DownloadRestrictions'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DownloadRestrictions'
+ ValueData = 1
+ }
+ }
+
+ if ($DefaultWebBluetoothGuardSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultWebBluetoothGuardSetting'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultWebBluetoothGuardSetting'
+ ValueData = 2
+ }
+ }
+
+ if ($QuicAllowed) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\QuicAllowed'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'QuicAllowed'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableOnlineRevocationChecks) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\EnableOnlineRevocationChecks'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableOnlineRevocationChecks'
+ ValueData = 1
+ }
+ }
+
+ if ($DefaultCookiesSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultCookiesSetting'
+ {
+ Key = '\Software\Policies\Google\Chrome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultCookiesSetting'
+ ValueData = 4
+ }
+ }
+ if ($AutoplayAllowlist1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutoplayAllowlist\1'
+ {
+ Key = '\Software\Policies\Google\Chrome\AutoplayAllowlist'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1'
+ ValueData = '[*.]mil'
+ }
+ }
+
+ if ($AutoplayAllowlist2) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutoplayAllowlist\2'
+ {
+ Key = '\Software\Policies\Google\Chrome\AutoplayAllowlist'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2'
+ ValueData = '[*.]gov'
+ }
+ }
+
+ if ($ExtensionInstallAllowlist1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ExtensionInstallAllowlist\1'
+ {
+ Key = '\Software\Policies\Google\Chrome\ExtensionInstallAllowlist'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1'
+ ValueData = 'oiigbmnaadbkfbmpbfijlflahbdbdgdf'
+ }
+ }
+
+ if ($ExtensionInstallAllowlist2) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ExtensionInstallAllowlist\2'
+ {
+ Key = '\Software\Policies\Google\Chrome\ExtensionInstallAllowlist'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2'
+ ValueData = 'maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/SmimeCrxUpdate.ashx'
+ }
+ }
+ if ($ExtensionInstallBlocklist1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ExtensionInstallBlocklist\1'
+ {
+ Key = '\Software\Policies\Google\Chrome\ExtensionInstallBlocklist'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1'
+ ValueData = '*'
+ }
+ }
+
+ if ($URLBlocklist1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\URLBlocklist\1'
+ {
+ Key = '\Software\Policies\Google\Chrome\URLBlocklist'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1'
+ ValueData = 'javascript://*'
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.psd1 b/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.psd1
new file mode 100644
index 0000000..ef2b2af
--- /dev/null
+++ b/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Internet_Explorer_11_v2r4'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/13/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Internet_Explorer_11_v2r4.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '209b5092-e5f8-42aa-88eb-614b72c65906'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'DSC Ressource for applying STIG Internet Explorer Settings'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.schema.psm1 b/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.schema.psm1
new file mode 100644
index 0000000..df1e2f6
--- /dev/null
+++ b/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.schema.psm1
@@ -0,0 +1,1559 @@
+configuration DoD_Internet_Explorer_11_v2r4
+{
+ param(
+ [bool]$RunThisTimeEnabled = $true,
+ [bool]$VersionCheckEnabled = $true,
+ [bool]$History = $true,
+ [bool]$RunInvalidSignatures = $true,
+ [bool]$CheckExeSignatures = $true,
+ [bool]$Disabled = $true,
+ [bool]$DisableEPMCompat = $true,
+ [bool]$Isolation64Bit = $true,
+ [bool]$Isolation = $true,
+ [bool]$NotifyDisableIEOptions = $true,
+ [bool]$FeatureControlReserved = $true,
+ [bool]$FeatureControlExplorerExe = $true,
+ [bool]$FeatureDisableMKProtocolIExploreExe = $true,
+ [bool]$FeatureMimeHandlingReserved = $true,
+ [bool]$FeatureMimeHandlingExplorerExe = $true,
+ [bool]$FeatureMimeHandlingIExploreExe = $true,
+ [bool]$FeatureMimeSniffingReserved = $true,
+ [bool]$FeatureMIME_SniffingExplorerExe = $true,
+ [bool]$FeatureMIME_SniffingIExploreExe = $true,
+ [bool]$FeatureRestrictActiveXInstallReserved = $true,
+ [bool]$FeatureRestrictActiveXInstallExplorerExe = $true,
+ [bool]$FeatureRestrictActiveXInstallIExploreExe = $true,
+ [bool]$FeatureRestrictFileDownloadReserved = $true,
+ [bool]$FeatureRestrictFileDownloadExplorerExe = $true,
+ [bool]$FeatureRestrictFileDownloadIExploreExe = $true,
+ [bool]$FeatureSecurityBandReserved = $true,
+ [bool]$FeatureSecurityBandExplorerExe = $true,
+ [bool]$FeatureSecurityBandIExploreExe = $true,
+ [bool]$FeatureWindowRestrictionsReserved = $true,
+ [bool]$FeatureWindowRestrictionsExplorerExe = $true,
+ [bool]$FeatureWindowRestrictionsIExploreExe = $true,
+ [bool]$FeatureZoneElevationReserved = $true,
+ [bool]$FeatureZoneElevationExplorerExe = $true,
+ [bool]$FeatureZoneElevationIExploreExe = $true,
+ [bool]$PreventOverride = $true,
+ [bool]$PreventOverrideAppRepUnknown = $true,
+ [bool]$EnabledV9 = $true,
+ [bool]$ClearBrowsingHistoryOnExit = $true,
+ [bool]$CleanHistory = $true,
+ [bool]$EnableInPrivateBrowsing = $true,
+ [bool]$NoCrashDetection = $true,
+ [bool]$DisableSecuritySettingsCheck = $true,
+ [bool]$BlockNonAdminActiveXInstall = $true,
+ [bool]$SecurityZonesMapEdit = $true,
+ [bool]$SecurityOptionsEdit = $true,
+ [bool]$SecurityHKLMOnly = $true,
+ [bool]$LockdownZones1_1C00 = $true,
+ [bool]$LockdownZones2_1C00 = $true,
+ [bool]$LockdownZones4_1C00 = $true,
+ [bool]$DaysToKeep = $true,
+ [bool]$UNCAsIntranet = $true,
+ [bool]$Zones0_270C = $true,
+ [bool]$Zones0_1C00 = $true,
+ [bool]$Zones1_270C = $true,
+ [bool]$Zones1_1201 = $true,
+ [bool]$Zones1_1C00 = $true,
+ [bool]$Zones2_270C = $true,
+ [bool]$Zones2_1201 = $true,
+ [bool]$Zones2_1C00 = $true,
+ [bool]$Zones3_1406 = $true,
+ [bool]$Zones3_1407 = $true,
+ [bool]$Zones3_1802 = $true,
+ [bool]$Zones3_2402 = $true,
+ [bool]$Zones3_120b = $true,
+ [bool]$Zones3_120c = $true,
+ [bool]$Zones3_1206 = $true,
+ [bool]$Zones3_2102 = $true,
+ [bool]$Zones3_1209 = $true,
+ [bool]$Zones3_2103 = $true,
+ [bool]$Zones3_2200 = $true,
+ [bool]$Zones3_270C = $true,
+ [bool]$Zones3_1001 = $true,
+ [bool]$Zones3_1004 = $true,
+ [bool]$Zones3_2709 = $true,
+ [bool]$Zones3_2708 = $true,
+ [bool]$Zones3_160A = $true,
+ [bool]$Zones3_1201 = $true,
+ [bool]$Zones3_1C00 = $true,
+ [bool]$Zones3_1804 = $true,
+ [bool]$Zones3_1A00 = $true,
+ [bool]$Zones3_1607 = $true,
+ [bool]$Zones3_2004 = $true,
+ [bool]$Zones3_2001 = $true,
+ [bool]$Zones3_1806 = $true,
+ [bool]$Zones3_1409 = $true,
+ [bool]$Zones3_2500 = $true,
+ [bool]$Zones3_2301 = $true,
+ [bool]$Zones3_1809 = $true,
+ [bool]$Zones3_1606 = $true,
+ [bool]$Zones3_2101 = $true,
+ [bool]$Zones3_140C = $true,
+ [bool]$Zones4_1406 = $true,
+ [bool]$Zones4_1400 = $true,
+ [bool]$Zones4_2000 = $true,
+ [bool]$Zones4_1407 = $true,
+ [bool]$Zones4_1802 = $true,
+ [bool]$Zones4_1803 = $true,
+ [bool]$Zones4_2402 = $true,
+ [bool]$Zones4_1608 = $true,
+ [bool]$Zones4_120b = $true,
+ [bool]$Zones4_120c = $true,
+ [bool]$Zones4_1206 = $true,
+ [bool]$Zones4_2102 = $true,
+ [bool]$Zones4_1209 = $true,
+ [bool]$Zones4_2103 = $true,
+ [bool]$Zones4_2200 = $true,
+ [bool]$Zones4_270C = $true,
+ [bool]$Zones4_1001 = $true,
+ [bool]$Zones4_1004 = $true,
+ [bool]$Zones4_2709 = $true,
+ [bool]$Zones4_2708 = $true,
+ [bool]$Zones4_160A = $true,
+ [bool]$Zones4_1201 = $true,
+ [bool]$Zones4_1C00 = $true,
+ [bool]$Zones4_1804 = $true,
+ [bool]$Zones4_1A00 = $true,
+ [bool]$Zones4_1607 = $true,
+ [bool]$Zones4_2004 = $true,
+ [bool]$Zones4_1200 = $true,
+ [bool]$Zones4_1405 = $true,
+ [bool]$Zones4_1402 = $true,
+ [bool]$Zones4_1806 = $true,
+ [bool]$Zones4_1409 = $true,
+ [bool]$Zones4_2500 = $true,
+ [bool]$Zones4_2301 = $true,
+ [bool]$Zones4_1809 = $true,
+ [bool]$Zones4_1606 = $true,
+ [bool]$Zones4_2101 = $true,
+ [bool]$Zones4_2001 = $true,
+ [bool]$Zones4_140C = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($RunThisTimeEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\RunThisTimeEnabled'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Ext'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RunThisTimeEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($VersionCheckEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\VersionCheckEnabled'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Ext'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'VersionCheckEnabled'
+ ValueData = 1
+ }
+ }
+
+ if ($History) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Control Panel\History'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Control Panel'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'History'
+ ValueData = 1
+ }
+ }
+
+ if ($RunInvalidSignatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatures'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Download'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RunInvalidSignatures'
+ ValueData = 0
+ }
+ }
+
+ if ($CheckExeSignatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Download\CheckExeSignatures'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Download'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'CheckExeSignatures'
+ ValueData = 'yes'
+ }
+ }
+
+ if ($Disabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Disabled'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\IEDevTools'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Disabled'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableEPMCompat) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\DisableEPMCompat'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableEPMCompat'
+ ValueData = 1
+ }
+ }
+
+ if ($Isolation64Bit) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\Isolation64Bit'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Isolation64Bit'
+ ValueData = 1
+ }
+ }
+
+ if ($Isolation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\Isolation'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Isolation'
+ ValueData = 'PMEM'
+ }
+ }
+
+ if ($NotifyDisableIEOptions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\NotifyDisableIEOptions'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NotifyDisableIEOptions'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControlReserved) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved)'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '(Reserved)'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureControlExplorerExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'explorer.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureDisableMKProtocolIExploreExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\iexplore.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iexplore.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureMimeHandlingReserved) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Reserved)'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '(Reserved)'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureMimeHandlingExplorerExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'explorer.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureMimeHandlingIExploreExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iexplore.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureMimeSniffingReserved) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\(Reserved)'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '(Reserved)'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureMIME_SniffingExplorerExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\explorer.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'explorer.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureMIME_SniffingIExploreExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iexplore.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureRestrictActiveXInstallReserved) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\(Reserved)'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '(Reserved)'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureRestrictActiveXInstallExplorerExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\explorer.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'explorer.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureRestrictActiveXInstallIExploreExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\iexplore.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iexplore.exe'
+ ValueData = '1'
+ }
+ }
+ if ($FeatureRestrictFileDownloadReserved) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved)'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '(Reserved)'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureRestrictFileDownloadExplorerExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'explorer.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureRestrictFileDownloadIExploreExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iexplore.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureSecurityBandReserved) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\(Reserved)'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '(Reserved)'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureSecurityBandExplorerExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\explorer.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'explorer.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureSecurityBandIExploreExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\iexplore.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iexplore.exe'
+ ValueData = '1'
+ }
+ }
+ if ($FeatureWindowRestrictionsReserved) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\(Reserved)'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '(Reserved)'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureWindowRestrictionsExplorerExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\explorer.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'explorer.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureWindowRestrictionsIExploreExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\iexplore.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iexplore.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureZoneElevationReserved) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved)'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '(Reserved)'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureZoneElevationExplorerExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'explorer.exe'
+ ValueData = '1'
+ }
+ }
+
+ if ($FeatureZoneElevationIExploreExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'iexplore.exe'
+ ValueData = '1'
+ }
+ }
+ if ($PreventOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverride'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\PhishingFilter'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventOverride'
+ ValueData = 1
+ }
+ }
+
+ if ($PreventOverrideAppRepUnknown) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverrideAppRepUnknown'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\PhishingFilter'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventOverrideAppRepUnknown'
+ ValueData = 1
+ }
+ }
+
+ if ($EnabledV9) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV9'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\PhishingFilter'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnabledV9'
+ ValueData = 1
+ }
+ }
+
+ if ($ClearBrowsingHistoryOnExit) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Privacy\ClearBrowsingHistoryOnExit'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Privacy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ClearBrowsingHistoryOnExit'
+ ValueData = 0
+ }
+ }
+
+ if ($CleanHistory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Privacy\CleanHistory'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Privacy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'CleanHistory'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableInPrivateBrowsing) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Privacy\EnableInPrivateBrowsing'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Privacy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableInPrivateBrowsing'
+ ValueData = 0
+ }
+ }
+
+ if ($NoCrashDetection) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetection'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoCrashDetection'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableSecuritySettingsCheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Security'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableSecuritySettingsCheck'
+ ValueData = 0
+ }
+ }
+
+ if ($BlockNonAdminActiveXInstall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX\BlockNonAdminActiveXInstall'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'BlockNonAdminActiveXInstall'
+ ValueData = 1
+ }
+ }
+
+ if ($SecurityZonesMapEdit) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_edit'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Security_zones_map_edit'
+ ValueData = 1
+ }
+ }
+
+ if ($SecurityOptionsEdit) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Security_options_edit'
+ ValueData = 1
+ }
+ }
+
+ if ($SecurityHKLMOnly) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Security_HKLM_only'
+ ValueData = 1
+ }
+ }
+
+ if ($LockdownZones1_1C00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1C00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1C00'
+ ValueData = 0
+ }
+ }
+
+ if ($LockdownZones2_1C00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1C00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1C00'
+ ValueData = 0
+ }
+ }
+
+ if ($LockdownZones4_1C00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1C00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1C00'
+ ValueData = 0
+ }
+ }
+
+ if ($DaysToKeep) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DaysToKeep'
+ ValueData = 40
+ }
+ }
+
+ if ($UNCAsIntranet) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UNCAsIntranet'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones0_270C) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\270C'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '270C'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones0_1C00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1C00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1C00'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones1_270C) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\270C'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '270C'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones1_1201) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1201'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1201'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones1_1C00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1C00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1C00'
+ ValueData = 65536
+ }
+ }
+
+ if ($Zones2_270C) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\270C'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '270C'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones2_1201) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1201'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1201'
+ ValueData = 3
+ }
+ }
+ if ($Zones2_1C00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1C00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1C00'
+ ValueData = 65536
+ }
+ }
+
+ if ($Zones3_1406) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1406'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_1407) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1407'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1407'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_1802) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1802'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1802'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_2402) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2402'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2402'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_120b) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120b'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '120b'
+ ValueData = 3
+ }
+ }
+ if ($Zones3_120c) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120c'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '120c'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_1206) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1206'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_2102) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2102'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2102'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_1209) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1209'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_2103) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2103'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_2200) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2200'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_270C) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\270C'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '270C'
+ ValueData = 0
+ }
+ }
+ if ($Zones3_1001) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1001'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_1004) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1004'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_2709) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2709'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2709'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_2708) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2708'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2708'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_160A) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\160A'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '160A'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_1201) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1201'
+ ValueData = 3
+ }
+ }
+ if ($Zones3_1C00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1C00'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones3_1804) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1804'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1804'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_1A00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1A00'
+ ValueData = 65536
+ }
+ }
+
+ if ($Zones3_1607) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1607'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1607'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_2004) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2004'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2004'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_2001) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2001'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2001'
+ ValueData = 3
+ }
+ }
+ if ($Zones3_1806) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1806'
+ ValueData = 1
+ }
+ }
+
+ if ($Zones3_1409) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1409'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones3_2500) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2500'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones3_2301) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2301'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones3_1809) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1809'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1809'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones3_1606) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1606'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1606'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_2101) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2101'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones3_140C) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\140C'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '140C'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1406) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1406'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1400) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1400'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1400'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2000) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2000'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2000'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1407) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1407'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1407'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1802) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1802'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1802'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1803) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1803'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1803'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2402) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2402'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2402'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1608) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1608'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1608'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_120b) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120b'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '120b'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_120c) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120c'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '120c'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1206) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1206'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1206'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2102) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2102'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2102'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1209) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1209'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1209'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2103) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2103'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2103'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2200) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2200'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2200'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_270C) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\270C'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '270C'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones4_1001) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1001'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1001'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1004) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1004'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1004'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2709) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2709'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2709'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2708) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2708'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2708'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_160A) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\160A'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '160A'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1201) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1201'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1201'
+ ValueData = 3
+ }
+ }
+ if ($Zones4_1C00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1C00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1C00'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones4_1804) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1804'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1804'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1A00) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A00'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1A00'
+ ValueData = 196608
+ }
+ }
+
+ if ($Zones4_1607) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1607'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1607'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2004) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2004'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2004'
+ ValueData = 3
+ }
+ }
+ if ($Zones4_1200) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1200'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1200'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1405) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1405'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1405'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1402) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1402'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1402'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_1806) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1806'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1806'
+ ValueData = 3
+ }
+ }
+ if ($Zones4_1409) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1409'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1409'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones4_2500) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2500'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones4_2301) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2301'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2301'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones4_1809) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1809'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1809'
+ ValueData = 0
+ }
+ }
+
+ if ($Zones4_1606) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1606'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1606'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2101) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2101'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2101'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_2001) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2001'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2001'
+ ValueData = 3
+ }
+ }
+
+ if ($Zones4_140C) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\140C'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '140C'
+ ValueData = 3
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.psd1 b/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.psd1
new file mode 100644
index 0000000..cc1b00a
--- /dev/null
+++ b/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Microsoft_Defender_Antivirus_STIG_v2r4'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/13/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Microsoft_Defender_Antivirus_STIG_v2r4.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '2aa2d73c-1d03-46fb-a56d-22bbe329fc10'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG Settings for MS Defender'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.schema.psm1 b/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.schema.psm1
new file mode 100644
index 0000000..0176621
--- /dev/null
+++ b/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.schema.psm1
@@ -0,0 +1,308 @@
+configuration DoD_Microsoft_Defender_Antivirus_STIG_v2r4
+{
+ param(
+ [bool]$PUAProtection = $true,
+ [bool]$DisableAutoExclusions = $true,
+ [bool]$DisableRemovableDriveScanning = $true,
+ [bool]$DisableEmailScanning = $true,
+ [bool]$ScheduleDay = $true,
+ [bool]$ASSignatureDue = $true,
+ [bool]$DisableBlockAtFirstSeen = $true,
+ [bool]$SpynetReporting = $true,
+ [bool]$SubmitSamplesConsent = $true,
+ [bool]$ThreatsThreatSeverityDefaultAction = $true,
+ [bool]$ThreatSeverityDefaultAction5 = $true,
+ [bool]$ThreatSeverityDefaultAction4 = $true,
+ [bool]$ThreatSeverityDefaultAction2 = $true,
+ [bool]$ThreatSeverityDefaultAction1 = $true,
+ [bool]$ExploitGuardASRRules = $true,
+ [bool]$ExploitGuardASRRuleBE9BA2D9 = $true,
+ [bool]$ASRRuleD4F940AB = $true,
+ [bool]$ASRRule3B576869 = $true,
+ [bool]$ASRRule75668C1F = $true,
+ [bool]$ASRRuleD3E037E1 = $true,
+ [bool]$ASRRule5BEB7EFE = $true,
+ [bool]$ASRRule92E97FA1 = $true,
+ [bool]$EnableNetworkProtection = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($PUAProtection) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\PUAProtection'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PUAProtection'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableAutoExclusions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Exclusions\DisableAutoExclusions'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Exclusions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableAutoExclusions'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableRemovableDriveScanning) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\DisableRemovableDriveScanning'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Scan'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableRemovableDriveScanning'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableEmailScanning) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\DisableEmailScanning'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Scan'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableEmailScanning'
+ ValueData = 0
+ }
+ }
+
+ if ($ScheduleDay) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\ScheduleDay'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Scan'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ScheduleDay'
+ ValueData = 0
+ }
+ }
+
+ if ($ASSignatureDue) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Signature Updates\ASSignatureDue'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Signature Updates'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ASSignatureDue'
+ ValueData = 7
+ }
+ }
+
+ if ($AVSignatureDue) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Signature Updates\AVSignatureDue'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Signature Updates'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AVSignatureDue'
+ ValueData = 7
+ }
+ }
+
+ if ($ScheduleDay) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Signature Updates\ScheduleDay'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Signature Updates'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ScheduleDay'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableBlockAtFirstSeen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\DisableBlockAtFirstSeen'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Spynet'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableBlockAtFirstSeen'
+ ValueData = 0
+ }
+ }
+
+ if ($SpynetReporting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SpynetReporting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Spynet'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SpynetReporting'
+ ValueData = 2
+ }
+ }
+
+ if ($SubmitSamplesConsent) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Spynet'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SubmitSamplesConsent'
+ ValueData = 1
+ }
+ }
+
+ if ($ThreatsThreatSeverityDefaultAction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\Threats_ThreatSeverityDefaultAction'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Threats'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Threats_ThreatSeverityDefaultAction'
+ ValueData = 1
+ }
+ }
+
+ if ($ThreatSeverityDefaultAction5) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\5'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '5'
+ ValueData = '2'
+ }
+ }
+
+ if ($ThreatSeverityDefaultAction4) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\4'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '4'
+ ValueData = '2'
+ }
+ }
+
+ if ($ThreatSeverityDefaultAction2) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\2'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2'
+ ValueData = '2'
+ }
+ }
+
+ if ($ThreatSeverityDefaultAction1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\1'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1'
+ ValueData = '2'
+ }
+ }
+
+ if ($ExploitGuardASRRules) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ExploitGuard_ASR_Rules'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ExploitGuard_ASR_Rules'
+ ValueData = 1
+ }
+ }
+
+ if ($ExploitGuardASRRuleBE9BA2D9) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550'
+ ValueData = '1'
+ }
+ }
+
+ if ($ASRRuleD4F940AB) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'D4F940AB-401B-4EFC-AADC-AD5F3C50688A'
+ ValueData = '1'
+ }
+ }
+
+ if ($ASRRule3B576869) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '3B576869-A4EC-4529-8536-B80A7769E899'
+ ValueData = '1'
+ }
+ }
+
+ if ($ASRRule75668C1F) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84'
+ ValueData = '1'
+ }
+ }
+
+ if ($ASRRuleD3E037E1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'D3E037E1-3EB8-44C8-A917-57927947596D'
+ ValueData = '1'
+ }
+ }
+
+ if ($ASRRule5BEB7EFE) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '5BEB7EFE-FD9A-4556-801D-275E5FFC04CC'
+ ValueData = '1'
+ }
+ }
+
+ if ($ASRRule92E97FA1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B'
+ ValueData = '1'
+ }
+ }
+
+ if ($EnableNetworkProtection) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection\EnableNetworkProtection'
+ {
+ Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableNetworkProtection'
+ ValueData = 1
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.psd1 b/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.psd1
new file mode 100644
index 0000000..0152243
--- /dev/null
+++ b/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Microsoft_Edge_v2r2'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/13/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Microsoft_Edge_v2r2.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '58d9d62e-4f39-433b-b0d0-c75b415bd0d1'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG Settings for MS Edge'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.schema.psm1 b/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.schema.psm1
new file mode 100644
index 0000000..35a81b7
--- /dev/null
+++ b/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.schema.psm1
@@ -0,0 +1,716 @@
+configuration DoD_Microsoft_Edge_v2r2
+{
+
+ param(
+ [bool]$SyncDisabled = $true,
+ [bool]$ImportBrowserSettings = $true,
+ [bool]$DeveloperToolsAvailability = $true,
+ [bool]$PromptForDownloadLocation = $true,
+ [bool]$PreventSmartScreenPromptOverride = $true,
+ [bool]$PreventSmartScreenPromptOverrideForFiles = $true,
+ [bool]$InPrivateModeAvailability = $true,
+ [bool]$AllowDeletingBrowserHistory = $true,
+ [bool]$BackgroundModeEnabled = $true,
+ [bool]$DefaultPopupsSetting = $true,
+ [bool]$NetworkPredictionOptions = $true,
+ [bool]$SearchSuggestEnabled = $true,
+ [bool]$ImportAutofillFormData = $true,
+ [bool]$ImportCookies = $true,
+ [bool]$ImportExtensions = $true,
+ [bool]$ImportHistory = $true,
+ [bool]$ImportHomepage = $true,
+ [bool]$ImportOpenTabs = $true,
+ [bool]$ImportPaymentInfo = $true,
+ [bool]$ImportSavedPasswords = $true,
+ [bool]$ImportSearchEngine = $true,
+ [bool]$ImportShortcuts = $true,
+ [bool]$AutoplayAllowed = $true,
+ [bool]$EnableMediaRouter = $true,
+ [bool]$AutofillCreditCardEnabled = $true,
+ [bool]$AutofillAddressEnabled = $true,
+ [bool]$PersonalizationReportingEnabled = $true,
+ [bool]$DefaultGeolocationSetting = $true,
+ [bool]$PasswordManagerEnabled = $true,
+ [bool]$IsolateOrigins = $true,
+ [bool]$SmartScreenEnabled = $true,
+ [bool]$SmartScreenPuaEnabled = $true,
+ [bool]$PaymentMethodQueryEnabled = $true,
+ [bool]$AlternateErrorPagesEnabled = $true,
+ [bool]$UserFeedbackAllowed = $true,
+ [bool]$EdgeCollectionsEnabled = $true,
+ [bool]$ConfigureShare = $true,
+ [bool]$BrowserGuestModeEnabled = $true,
+ [bool]$BuiltInDnsClientEnabled = $true,
+ [bool]$SitePerProcess = $true,
+ [bool]$ManagedSearchEngines = $true,
+ [bool]$AuthSchemes = $true,
+ [bool]$DefaultWebUsbGuardSetting = $true,
+ [bool]$DefaultWebBluetoothGuardSetting = $true,
+ [bool]$TrackingPrevention = $true,
+ [bool]$RelaunchNotification = $true,
+ [bool]$ProxySettings = $true,
+ [bool]$EnableOnlineRevocationChecks = $true,
+ [bool]$QuicAllowed = $true,
+ [bool]$DownloadRestrictions = $true,
+ [bool]$VisualSearchEnabled = $true,
+ [bool]$HubsSidebarEnabled = $true,
+ [bool]$DefaultCookiesSetting = $true,
+ [bool]$ConfigureFriendlyURLFormat = $true,
+ [bool]$AutoplayAllowlist1 = $true,
+ [bool]$AutoplayAllowlist2 = $true,
+ [bool]$ExtensionInstallBlocklist1 = $true,
+ [bool]$PopupsAllowedForUrls1 = $true,
+ [bool]$PopupsAllowedForUrls2 = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($SyncDisabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SyncDisabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SyncDisabled'
+ ValueData = 1
+ }
+ }
+
+ if ($ImportBrowserSettings) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportBrowserSettings'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportBrowserSettings'
+ ValueData = 0
+ }
+ }
+
+ if ($DeveloperToolsAvailability) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DeveloperToolsAvailability'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DeveloperToolsAvailability'
+ ValueData = 2
+ }
+ }
+
+ if ($PromptForDownloadLocation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PromptForDownloadLocation'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PromptForDownloadLocation'
+ ValueData = 1
+ }
+ }
+
+ if ($PreventSmartScreenPromptOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PreventSmartScreenPromptOverride'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventSmartScreenPromptOverride'
+ ValueData = 1
+ }
+ }
+
+ if ($PreventSmartScreenPromptOverrideForFiles) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PreventSmartScreenPromptOverrideForFiles'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventSmartScreenPromptOverrideForFiles'
+ ValueData = 1
+ }
+ }
+ if ($InPrivateModeAvailability) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\InPrivateModeAvailability'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'InPrivateModeAvailability'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowDeletingBrowserHistory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AllowDeletingBrowserHistory'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDeletingBrowserHistory'
+ ValueData = 0
+ }
+ }
+
+ if ($BackgroundModeEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\BackgroundModeEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'BackgroundModeEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($DefaultPopupsSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultPopupsSetting'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultPopupsSetting'
+ ValueData = 2
+ }
+ }
+
+ if ($NetworkPredictionOptions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\NetworkPredictionOptions'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NetworkPredictionOptions'
+ ValueData = 2
+ }
+ }
+
+ if ($SearchSuggestEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SearchSuggestEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SearchSuggestEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportAutofillFormData) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportAutofillFormData'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportAutofillFormData'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportCookies) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportCookies'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportCookies'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportExtensions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportExtensions'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportExtensions'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportHistory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportHistory'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportHistory'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportHomepage) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportHomepage'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportHomepage'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportOpenTabs) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportOpenTabs'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportOpenTabs'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportPaymentInfo) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportPaymentInfo'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportPaymentInfo'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportSavedPasswords) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportSavedPasswords'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportSavedPasswords'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportSearchEngine) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportSearchEngine'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportSearchEngine'
+ ValueData = 0
+ }
+ }
+
+ if ($ImportShortcuts) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportShortcuts'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportShortcuts'
+ ValueData = 0
+ }
+ }
+
+ if ($AutoplayAllowed) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutoplayAllowed'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AutoplayAllowed'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableMediaRouter) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\EnableMediaRouter'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableMediaRouter'
+ ValueData = 0
+ }
+ }
+ if ($AutofillCreditCardEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutofillCreditCardEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AutofillCreditCardEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($AutofillAddressEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutofillAddressEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AutofillAddressEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($PersonalizationReportingEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PersonalizationReportingEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PersonalizationReportingEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($DefaultGeolocationSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultGeolocationSetting'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultGeolocationSetting'
+ ValueData = 2
+ }
+ }
+
+ if ($PasswordManagerEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PasswordManagerEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordManagerEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($IsolateOrigins) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\IsolateOrigins'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'IsolateOrigins'
+ ValueData = $null
+ }
+ }
+
+ if ($SmartScreenEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SmartScreenEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SmartScreenEnabled'
+ ValueData = 1
+ }
+ }
+
+ if ($SmartScreenPuaEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SmartScreenPuaEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SmartScreenPuaEnabled'
+ ValueData = 1
+ }
+ }
+
+ if ($PaymentMethodQueryEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PaymentMethodQueryEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PaymentMethodQueryEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($AlternateErrorPagesEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AlternateErrorPagesEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AlternateErrorPagesEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($UserFeedbackAllowed) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\UserFeedbackAllowed'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UserFeedbackAllowed'
+ ValueData = 0
+ }
+ }
+
+ if ($EdgeCollectionsEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\EdgeCollectionsEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EdgeCollectionsEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($ConfigureShare) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ConfigureShare'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ConfigureShare'
+ ValueData = 1
+ }
+ }
+
+ if ($BrowserGuestModeEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\BrowserGuestModeEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'BrowserGuestModeEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($BuiltInDnsClientEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\BuiltInDnsClientEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'BuiltInDnsClientEnabled'
+ ValueData = 0
+ }
+ }
+ if ($SitePerProcess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SitePerProcess'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SitePerProcess'
+ ValueData = 1
+ }
+ }
+
+ if ($ManagedSearchEngines) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ManagedSearchEngines'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ManagedSearchEngines'
+ ValueData = '[{"allow_search_engine_discovery": false},{"is_default": true,"name": "Microsoft Bing","keyword": "bing","search_url": "https://www.bing.com/search?q={searchTerms}"},{"name": "Google","keyword": "google","search_url": "https://www.google.com/search?q={searchTerms}"}]'
+ }
+ }
+
+ if ($AuthSchemes) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AuthSchemes'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AuthSchemes'
+ ValueData = 'ntlm,negotiate'
+ }
+ }
+
+ if ($DefaultWebUsbGuardSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultWebUsbGuardSetting'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultWebUsbGuardSetting'
+ ValueData = 2
+ }
+ }
+
+ if ($DefaultWebBluetoothGuardSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultWebBluetoothGuardSetting'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultWebBluetoothGuardSetting'
+ ValueData = 2
+ }
+ }
+
+ if ($TrackingPrevention) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\TrackingPrevention'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'TrackingPrevention'
+ ValueData = 2
+ }
+ }
+
+ if ($RelaunchNotification) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\RelaunchNotification'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RelaunchNotification'
+ ValueData = 2
+ }
+ }
+
+ if ($ProxySettings) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ProxySettings'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ProxySettings'
+ ValueData = 'ADD YOUR PROXY CONFIGURATIONS HERE'
+ }
+ }
+
+ if ($EnableOnlineRevocationChecks) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\EnableOnlineRevocationChecks'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableOnlineRevocationChecks'
+ ValueData = 1
+ }
+ }
+
+ if ($QuicAllowed) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\QuicAllowed'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'QuicAllowed'
+ ValueData = 0
+ }
+ }
+
+ if ($DownloadRestrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DownloadRestrictions'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DownloadRestrictions'
+ ValueData = 1
+ }
+ }
+
+ if ($VisualSearchEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\VisualSearchEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'VisualSearchEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($HubsSidebarEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\HubsSidebarEnabled'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HubsSidebarEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($DefaultCookiesSetting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultCookiesSetting'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultCookiesSetting'
+ ValueData = 4
+ }
+ }
+
+ if ($ConfigureFriendlyURLFormat) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ConfigureFriendlyURLFormat'
+ {
+ Key = '\Software\Policies\Microsoft\Edge'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ConfigureFriendlyURLFormat'
+ ValueData = 1
+ }
+ }
+
+ if ($AutoplayAllowlist1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutoplayAllowlist\1'
+ {
+ Key = '\Software\Policies\Microsoft\Edge\AutoplayAllowlist'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1'
+ ValueData = '[*.]gov'
+ }
+ }
+
+ if ($AutoplayAllowlist2) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutoplayAllowlist\2'
+ {
+ Key = '\Software\Policies\Microsoft\Edge\AutoplayAllowlist'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2'
+ ValueData = '[*.]mil'
+ }
+ }
+
+ if ($ExtensionInstallBlocklist1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ExtensionInstallBlocklist\1'
+ {
+ Key = '\Software\Policies\Microsoft\Edge\ExtensionInstallBlocklist'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1'
+ ValueData = '*'
+ }
+ }
+
+ if ($PopupsAllowedForUrls1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PopupsAllowedForUrls\1'
+ {
+ Key = '\Software\Policies\Microsoft\Edge\PopupsAllowedForUrls'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1'
+ ValueData = '[*.]mil'
+ }
+ }
+
+ if ($PopupsAllowedForUrls2) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PopupsAllowedForUrls\2'
+ {
+ Key = '\Software\Policies\Microsoft\Edge\PopupsAllowedForUrls'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2'
+ ValueData = '[*.]gov'
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.psd1 b/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.psd1
new file mode 100644
index 0000000..c8a3d63
--- /dev/null
+++ b/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Mozilla_Firefox_v6r5'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/13/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Mozilla_Firefox_v6r5.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '1b2fd183-5b9f-4189-9f1a-69bc6b6177d6'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG policy for Mozilla FireFox'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.schema.psm1 b/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.schema.psm1
new file mode 100644
index 0000000..2398b94
--- /dev/null
+++ b/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.schema.psm1
@@ -0,0 +1,496 @@
+configuration DoD_Mozilla_Firefox_v6r5
+{
+
+ param(
+ [bool]$SSLVersionMin = $true,
+ [bool]$ExtensionUpdate = $true,
+ [bool]$DisableFormHistory = $true,
+ [bool]$PasswordManagerEnabled = $true,
+ [bool]$DisableTelemetry = $true,
+ [bool]$DisableDeveloperTools = $true,
+ [bool]$DisableForgetButton = $true,
+ [bool]$DisablePrivateBrowsing = $true,
+ [bool]$SearchSuggestEnabled = $true,
+ [bool]$NetworkPrediction = $true,
+ [bool]$DisableFirefoxAccounts = $true,
+ [bool]$DisableFeedbackCommands = $true,
+ [bool]$Preferences = $true,
+ [bool]$DisablePocket = $true,
+ [bool]$DisableFirefoxStudies = $true,
+ [bool]$ImportEnterpriseRoots = $true,
+ [bool]$DisabledCiphersTLS_RSA_WITH_3DES_EDE_CBC_SHA = $true,
+ [bool]$EnableTrackingProtectionFingerprinting = $true,
+ [bool]$EnableTrackingProtectionCryptomining = $true,
+ [bool]$EncryptedMediaExtensionsEnabled = $true,
+ [bool]$EncryptedMediaExtensionsLocked = $true,
+ [bool]$FirefoxHomeSearch = $true,
+ [bool]$FirefoxHomeTopSites = $true,
+ [bool]$FirefoxHomeSponsoredTopSites = $true,
+ [bool]$FirefoxHomeHighlights = $true,
+ [bool]$FirefoxHomePocket = $true,
+ [bool]$FirefoxHomeSponsoredPocket = $true,
+ [bool]$Snippets = $true,
+ [bool]$Locked = $true,
+ [bool]$InstallAddonsPermissionDefault = $true,
+ [bool]$PermissionsAutoplayDefault = $true,
+ [bool]$PopupBlockingDefault = $true,
+ [bool]$PopupBlockingLocked = $true,
+ [bool]$PopupBlockingAllow1 = $true,
+ [bool]$PopupBlockingAllow2 = $true,
+ [bool]$SanitizeOnShutdownCache = $true,
+ [bool]$SanitizeOnShutdownCookies = $true,
+ [bool]$SanitizeOnShutdownDownloads = $true,
+ [bool]$SanitizeOnShutdownFormData = $true,
+ [bool]$SanitizeOnShutdownHistory = $true,
+ [bool]$SanitizeOnShutdownSessions = $true,
+ [bool]$SanitizeOnShutdownSiteSettings = $true,
+ [bool]$SanitizeOnShutdownOfflineApps = $true,
+ [bool]$SanitizeOnShutdownLocked = $true,
+ [bool]$ExtensionRecommendations = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($SSLVersionMin) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SSLVersionMin'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SSLVersionMin'
+ ValueData = 'tls1.2'
+ }
+ }
+
+ if ($ExtensionUpdate) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\ExtensionUpdate'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ExtensionUpdate'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableFormHistory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableFormHistory'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableFormHistory'
+ ValueData = 1
+ }
+ }
+
+ if ($PasswordManagerEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PasswordManagerEnabled'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordManagerEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableTelemetry) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableTelemetry'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableTelemetry'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableDeveloperTools) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableDeveloperTools'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableDeveloperTools'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableForgetButton) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableForgetButton'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableForgetButton'
+ ValueData = 1
+ }
+ }
+
+ if ($DisablePrivateBrowsing) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePrivateBrowsing'
+ ValueData = 1
+ }
+ }
+
+ if ($SearchSuggestEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SearchSuggestEnabled'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SearchSuggestEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($NetworkPrediction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\NetworkPrediction'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NetworkPrediction'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableFirefoxAccounts) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableFirefoxAccounts'
+ ValueData = 1
+ }
+ }
+ if ($DisableFeedbackCommands) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableFeedbackCommands'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableFeedbackCommands'
+ ValueData = 1
+ }
+ }
+
+ if ($Preferences) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\Preferences'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'MultiString'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Preferences'
+ ValueData = '{"security.default_personal_cert": {"Value": "Ask Every Time","Status": "locked"},"browser.search.update": {"Value": false,"Status": "locked"},"dom.disable_window_move_resize": {"Value": true,"Status": "locked"},"dom.disable_window_flip": {"Value": true,"Status": "locked"},"browser.contentblocking.category": {"Value": "strict","Status": "locked"},"extensions.htmlaboutaddons.recommendations.enabled": {"Value": false,"Status": "locked"}}'
+ }
+ }
+
+ if ($DisablePocket) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisablePocket'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePocket'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableFirefoxStudies) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableFirefoxStudies'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableFirefoxStudies'
+ ValueData = 1
+ }
+ }
+
+ if ($ImportEnterpriseRoots) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\Certificates'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ImportEnterpriseRoots'
+ ValueData = 1
+ }
+ }
+
+ if ($DisabledCiphersTLS_RSA_WITH_3DES_EDE_CBC_SHA) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\DisabledCiphers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableTrackingProtectionFingerprinting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\EnableTrackingProtection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Fingerprinting'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableTrackingProtectionCryptomining) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\EnableTrackingProtection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Cryptomining'
+ ValueData = 1
+ }
+ }
+
+ if ($EncryptedMediaExtensionsEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Enabled'
+ ValueData = 0
+ }
+ }
+
+ if ($EncryptedMediaExtensionsLocked) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Locked'
+ ValueData = 1
+ }
+ }
+
+ if ($FirefoxHomeSearch) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\FirefoxHome\Search'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\FirefoxHome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Search'
+ ValueData = 0
+ }
+ }
+
+ if ($Snippets) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\FirefoxHome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Snippets'
+ ValueData = 0
+ }
+ }
+
+ if ($Locked) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\FirefoxHome\Locked'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\FirefoxHome'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Locked'
+ ValueData = 1
+ }
+ }
+
+ if ($InstallAddonsPermissionDefault) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\InstallAddonsPermission'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Default'
+ ValueData = 0
+ }
+ }
+
+ if ($PermissionsAutoplayDefault) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\Permissions\Autoplay'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Default'
+ ValueData = 'block-audio-video'
+ }
+ }
+
+ if ($PopupBlockingDefault) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PopupBlocking\Default'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\PopupBlocking'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Default'
+ ValueData = 1
+ }
+ }
+
+ if ($PopupBlockingLocked) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PopupBlocking\Locked'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\PopupBlocking'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Locked'
+ ValueData = 1
+ }
+ }
+
+ if ($PopupBlockingAllow1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\PopupBlocking\Allow'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1'
+ ValueData = '.mil'
+ }
+ }
+
+ if ($PopupBlockingAllow2) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\PopupBlocking\Allow'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '2'
+ ValueData = '.gov'
+ }
+ }
+
+ if ($SanitizeOnShutdownCache) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Cache'
+ ValueData = 0
+ }
+ }
+
+ if ($SanitizeOnShutdownCookies) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Cookies'
+ ValueData = 0
+ }
+ }
+
+ if ($SanitizeOnShutdownDownloads) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Downloads'
+ ValueData = 0
+ }
+ }
+
+ if ($SanitizeOnShutdownFormData) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'FormData'
+ ValueData = 0
+ }
+ }
+
+ if ($SanitizeOnShutdownHistory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'History'
+ ValueData = 0
+ }
+ }
+
+ if ($SanitizeOnShutdownSessions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Sessions'
+ ValueData = 0
+ }
+ }
+
+ if ($SanitizeOnShutdownSiteSettings) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SiteSettings'
+ ValueData = 0
+ }
+ }
+
+ if ($SanitizeOnShutdownOfflineApps) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'OfflineApps'
+ ValueData = 0
+ }
+ }
+
+ if ($SanitizeOnShutdownLocked) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Locked'
+ ValueData = 1
+ }
+ }
+
+ if ($ExtensionRecommendations) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations'
+ {
+ Key = '\Software\Policies\Mozilla\Firefox\UserMessaging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ExtensionRecommendations'
+ ValueData = 0
+ }
+ }
+
+}
+
diff --git a/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.psd1 b/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.psd1
new file mode 100644
index 0000000..4bd6180
--- /dev/null
+++ b/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Office_2019-M365_Apps_v3r1'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/14/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Office_2019-M365_Apps_v3r1.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '58c7a0ec-4ab8-43a7-8689-36deae8402e5'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG settings for Office 2019-M365'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.schema.psm1 b/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.schema.psm1
new file mode 100644
index 0000000..3848d42
--- /dev/null
+++ b/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.schema.psm1
@@ -0,0 +1,2419 @@
+configuration DoD_Office_2019-M365_Apps_v3r1
+{
+ param(
+ [bool]$DeleteCUFileExtensionsRemoveLevel1 = $true,
+ [bool]$DeleteCUFileExtensionsRemoveLevel2 = $true,
+ [bool]$FeatureAddonManagementGroove = $true,
+ [bool]$FeatureAddonManagementExcel = $true,
+ [bool]$FeatureAddonManagementMspub = $true,
+ [bool]$FeatureAddonManagementPowerPnt = $true,
+ [bool]$FeatureAddonManagementPptView = $true,
+ [bool]$FeatureAddonManagementVisio = $true,
+ [bool]$FeatureAddonManagementWinProj = $true,
+ [bool]$FeatureAddonManagementWinWord = $true,
+ [bool]$FeatureAddonManagementOutlook = $true,
+ [bool]$FeatureAddonManagementSPDesignExe = $true,
+ [bool]$FeatureAddonManagementExprwdExe = $true,
+ [bool]$FeatureAddonManagementMsAccessExe = $true,
+ [bool]$FeatureAddonManagementOneNoteExe = $true,
+ [bool]$FeatureAddonManagementMse7Exe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableGrooveExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableExcelExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableMsPubExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisablePowerPntExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisablePptViewExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableVisioExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableWinProjExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableWinWordExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableOutlookExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableSPDesignExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableExprWdExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableMsAccessExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableOneNoteExe = $true,
+ [bool]$FeatureHttpUsernamePasswordDisableMse7Exe = $true,
+ [bool]$FeatureLocalMachineLockdownGrooveExe = $true,
+ [bool]$FeatureLocalMachineLockdownExcelExe = $true,
+ [bool]$FeatureLocalMachineLockdownMsPubExe = $true,
+ [bool]$FeatureLocalMachineLockdownPowerPntExe = $true,
+ [bool]$FeatureLocalMachineLockdownPptViewExe = $true,
+ [bool]$FeatureLocalMachineLockdownVisioExe = $true,
+ [bool]$FeatureLocalMachineLockdownWinProjExe = $true,
+ [bool]$FeatureLocalMachineLockdownWinWordExe = $true,
+ [bool]$FeatureLocalMachineLockdownOutlookExe = $true,
+ [bool]$FeatureLocalMachineLockdownSPDesignExe = $true,
+ [bool]$FeatureLocalMachineLockdownExprWdExe = $true,
+ [bool]$FeatureLocalMachineLockdownMsAccessExe = $true,
+ [bool]$FeatureLocalMachineLockdownOneNoteExe = $true,
+ [bool]$FeatureLocalMachineLockdownMse7Exe = $true,
+ [bool]$FeatureMimeHandlingGrooveExe = $true,
+ [bool]$FeatureMimeHandlingExcelExe = $true,
+ [bool]$FeatureMimeHandlingMsPubExe = $true,
+ [bool]$FeatureMimeHandlingPowerPntExe = $true,
+ [bool]$FeatureMimeHandlingPptViewExe = $true,
+ [bool]$FeatureMimeHandlingVisioExe = $true,
+ [bool]$FeatureMimeHandlingWinProjExe = $true,
+ [bool]$FeatureMimeHandlingWinWordExe = $true,
+ [bool]$FeatureMimeHandlingOutlookExe = $true,
+ [bool]$FeatureMimeHandlingSPDesignExe = $true,
+ [bool]$FeatureMimeHandlingExprWdExe = $true,
+ [bool]$FeatureMimeHandlingMsAccessExe = $true,
+ [bool]$FeatureMimeHandlingOneNoteExe = $true,
+ [bool]$FeatureMimeHandlingMse7Exe = $true,
+ [bool]$FeatureMimeSniffingGrooveExe = $true,
+ [bool]$FeatureMimeSniffingExcelExe = $true,
+ [bool]$FeatureMimeSniffingMsPubExe = $true,
+ [bool]$FeatureMimeSniffingPowerPntExe = $true,
+ [bool]$FeatureMimeSniffingPptViewExe = $true,
+ [bool]$FeatureMimeSniffingVisioExe = $true,
+ [bool]$FeatureMimeSniffingWinProjExe = $true,
+ [bool]$FeatureMimeSniffingWinWordExe = $true,
+ [bool]$FeatureMimeSniffingOutlookExe = $true,
+ [bool]$FeatureMimeSniffingSPDesignExe = $true,
+ [bool]$FeatureMimeSniffingExprWdExe = $true,
+ [bool]$FeatureMimeSniffingMsAccessExe = $true,
+ [bool]$FeatureMimeSniffingOneNoteExe = $true,
+ [bool]$FeatureMimeSniffingMse7Exe = $true,
+ [bool]$FeatureObjectCachingGrooveExe = $true,
+ [bool]$FeatureObjectCachingExcelExe = $true,
+ [bool]$FeatureObjectCachingMsPubExe = $true,
+ [bool]$FeatureObjectCachingPowerPntExe = $true,
+ [bool]$FeatureObjectCachingPptViewExe = $true,
+ [bool]$FeatureObjectCachingVisioExe = $true,
+ [bool]$FeatureObjectCachingWinProjExe = $true,
+ [bool]$FeatureObjectCachingWinWordExe = $true,
+ [bool]$FeatureObjectCachingOutlookExe = $true,
+ [bool]$FeatureControl_groove = $true,
+ [bool]$FeatureControl_excel = $true,
+ [bool]$FeatureControl_mspub = $true,
+ [bool]$FeatureControl_powerpnt = $true,
+ [bool]$FeatureControl_pptview = $true,
+ [bool]$FeatureControl_visio = $true,
+ [bool]$FeatureControl_winproj = $true,
+ [bool]$FeatureControl_winword = $true,
+ [bool]$FeatureControl_outlook = $true,
+ [bool]$FeatureControl_spdesign = $true,
+ [bool]$FeatureControl_exprwd = $true,
+ [bool]$FeatureControl_msaccess = $true,
+ [bool]$FeatureControl_onenote = $true,
+ [bool]$FeatureControl_mse7 = $true,
+ [bool]$FeatureControl_groove_download = $true,
+ [bool]$FeatureControl_excel_download = $true,
+ [bool]$FeatureControl_mspub_download = $true,
+ [bool]$FeatureControl_powerpnt_download = $true,
+ [bool]$FeatureControl_pptview_download = $true,
+ [bool]$FeatureControl_visio_download = $true,
+ [bool]$FeatureControl_winproj_download = $true,
+ [bool]$FeatureControl_winword_download = $true,
+ [bool]$FeatureControl_outlook_download = $true,
+ [bool]$FeatureControl_spdesign_download = $true,
+ [bool]$FeatureControl_exprwd_download = $true,
+ [bool]$FeatureControl_msaccess_download = $true,
+ [bool]$FeatureControl_onenote_download = $true,
+ [bool]$FeatureControl_mse7_download = $true,
+ [bool]$FeatureControl_groove_security = $true,
+ [bool]$FeatureControl_excel_security = $true,
+ [bool]$FeatureControl_mspub_security = $true,
+ [bool]$FeatureControl_powerpnt_security = $true,
+ [bool]$FeatureControl_pptview_security = $true,
+ [bool]$FeatureControl_visio_security = $true,
+ [bool]$FeatureControl_winproj_security = $true,
+ [bool]$FeatureControl_winword_security = $true,
+ [bool]$FeatureControl_outlook_security = $true,
+ [bool]$FeatureControl_spdesign_security = $true,
+ [bool]$FeatureControl_exprwd_security = $true,
+ [bool]$FeatureControl_msaccess_security = $true,
+ [bool]$FeatureControl_onenote_security = $true,
+ [bool]$FeatureControl_mse7_security = $true,
+ [bool]$FeatureControl_groove_unc_check = $true,
+ [bool]$FeatureControl_excel_unc_check = $true,
+ [bool]$FeatureControl_mspub_unc_check = $true,
+ [bool]$FeatureControl_powerpnt_unc_check = $true,
+ [bool]$FeatureControl_pptview_unc_check = $true,
+ [bool]$FeatureControl_visio_unc_check = $true,
+ [bool]$FeatureControl_winproj_unc_check = $true,
+ [bool]$FeatureControl_winword_unc_check = $true,
+ [bool]$FeatureControl_outlook_unc_check = $true,
+ [bool]$FeatureControl_spdesign_unc_check = $true,
+ [bool]$FeatureControl_exprwd_unc_check = $true,
+ [bool]$FeatureControl_msaccess_unc_check = $true,
+ [bool]$FeatureControl_onenote_unc_check = $true,
+ [bool]$FeatureControl_mse7_unc_check = $true,
+ [bool]$FeatureControl_groove_validate_url = $true,
+ [bool]$FeatureControl_excel_validate_url = $true,
+ [bool]$FeatureControl_mspub_validate_url = $true,
+ [bool]$FeatureControl_powerpnt_validate_url = $true,
+ [bool]$FeatureControl_pptview_validate_url = $true,
+ [bool]$FeatureControl_visio_validate_url = $true,
+ [bool]$FeatureControl_winproj_validate_url = $true,
+ [bool]$FeatureControl_winword_validate_url = $true,
+ [bool]$FeatureControl_outlook_validate_url = $true,
+ [bool]$FeatureControl_spdesign_validate_url = $true,
+ [bool]$FeatureControl_exprwd_validate_url = $true,
+ [bool]$FeatureControl_msaccess_validate_url = $true,
+ [bool]$FeatureControl_onenote_validate_url = $true,
+ [bool]$FeatureControl_mse7_validate_url = $true,
+ [bool]$FeatureControl_groove_window_restriction = $true,
+ [bool]$FeatureControl_excel_window_restriction = $true,
+ [bool]$FeatureControl_mspub_window_restriction = $true,
+ [bool]$FeatureControl_powerpnt_window_restriction = $true,
+ [bool]$FeatureControl_pptview_window_restriction = $true,
+ [bool]$FeatureControl_visio_window_restriction = $true,
+ [bool]$FeatureControl_winproj_window_restriction = $true,
+ [bool]$FeatureControl_winword_window_restriction = $true,
+ [bool]$FeatureControl_outlook_window_restriction = $true,
+ [bool]$FeatureControl_spdesign_window_restriction = $true,
+ [bool]$FeatureControl_exprwd_window_restriction = $true,
+ [bool]$FeatureControl_msaccess_window_restriction = $true,
+ [bool]$FeatureControl_onenote_window_restriction = $true,
+ [bool]$FeatureControl_mse7_window_restriction = $true,
+ [bool]$FeatureControl_groove_zone_elevation = $true,
+ [bool]$FeatureControl_excel_zone_elevation = $true,
+ [bool]$FeatureControl_mspub_zone_elevation = $true,
+ [bool]$FeatureControl_powerpnt_zone_elevation = $true,
+ [bool]$FeatureControl_pptview_zone_elevation = $true,
+ [bool]$FeatureControl_visio_zone_elevation = $true,
+ [bool]$FeatureControl_winproj_zone_elevation = $true,
+ [bool]$FeatureControl_winword_zone_elevation = $true,
+ [bool]$FeatureControl_outlook_zone_elevation = $true,
+ [bool]$FeatureControl_spdesign_zone_elevation = $true,
+ [bool]$FeatureControl_exprwd_zone_elevation = $true,
+ [bool]$FeatureControl_msaccess_zone_elevation = $true,
+ [bool]$FeatureControl_onenote_zone_elevation = $true,
+ [bool]$FeatureControl_mse7_zone_elevation = $true,
+ [bool]$FeatureControl_D27CDB6E_ActivationFilterOverride = $true,
+ [bool]$FeatureControl_D27CDB6E_CompatibilityFlags = $true,
+ [bool]$FeatureControl_D27CDB70_ActivationFilterOverride = $true,
+ [bool]$FeatureControl_D27CDB70_CompatibilityFlags = $true,
+ [bool]$FeatureControl_Comment = $true,
+ [bool]$FeatureControl_D27CDB6E_Office_ActivationFilterOverride = $true,
+ [bool]$FeatureControl_D27CDB6E_Office_CompatibilityFlags = $true,
+ [bool]$FeatureControl_D27CDB70_Office_ActivationFilterOverride = $true,
+ [bool]$FeatureControl_D27CDB70_Office_CompatibilityFlags = $true,
+ [bool]$FeatureControl_EnableSipHighSecurityMode = $true,
+ [bool]$FeatureControl_DisableHttpConnect = $true,
+ [bool]$WOW6432Node_D27CDB6E_16_ActivationFilterOverride = $true,
+ [bool]$WOW6432Node_D27CDB6E_16_CompatibilityFlags = $true,
+ [bool]$WOW6432Node_D27CDB70_16_ActivationFilterOverride = $true,
+ [bool]$WOW6432Node_D27CDB70_16_CompatibilityFlags = $true,
+ [bool]$WOW6432Node_D27CDB6E_Common_ActivationFilterOverride = $true,
+ [bool]$WOW6432Node_D27CDB6E_Common_CompatibilityFlags = $true,
+ [bool]$WOW6432Node_D27CDB70_Common_ActivationFilterOverride = $true,
+ [bool]$WOW6432Node_D27CDB70_Common_CompatibilityFlags = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+
+ if ($FeatureAddonManagementGroove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementExcel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementMspub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementPowerPnt) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementPptView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementVisio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementWinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementWinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementOutlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementSPDesignExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementExprwdExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementMsAccessExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementOneNoteExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureAddonManagementMse7Exe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableGrooveExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableExcelExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableMsPubExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisablePowerPntExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisablePptViewExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableVisioExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableWinProjExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableWinWordExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableOutlookExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableSPDesignExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableExprWdExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableMsAccessExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableOneNoteExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureHttpUsernamePasswordDisableMse7Exe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownGrooveExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownExcelExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownMsPubExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownPowerPntExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownPptViewExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+ if ($FeatureLocalMachineLockdownVisioExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownWinProjExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownWinWordExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownOutlookExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownSPDesignExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownExprWdExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownMsAccessExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownOneNoteExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureLocalMachineLockdownMse7Exe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingGrooveExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingExcelExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingMsPubExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingPowerPntExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingPptViewExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingVisioExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingWinProjExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingWinWordExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingOutlookExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingSPDesignExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingExprWdExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingMsAccessExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingOneNoteExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeHandlingMse7Exe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingGrooveExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingExcelExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingMsPubExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingPowerPntExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingPptViewExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingVisioExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingWinProjExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingWinWordExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingOutlookExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingSPDesignExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingExprWdExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingMsAccessExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingOneNoteExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureMimeSniffingMse7Exe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureObjectCachingGrooveExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureObjectCachingExcelExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureObjectCachingMsPubExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureObjectCachingPowerPntExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureObjectCachingPptViewExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureObjectCachingVisioExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureObjectCachingWinProjExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureObjectCachingWinWordExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureObjectCachingOutlookExe) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_msaccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_groove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_msaccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_groove_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_msaccess_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_download) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_groove_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_msaccess_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_groove_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_msaccess_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_unc_check) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_groove_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_msaccess_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_validate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_groove_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_msaccess_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_window_restriction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_groove_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_msaccess_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_D27CDB6E_ActivationFilterOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride'
+ {
+ Key = '\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ActivationFilterOverride'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_D27CDB6E_CompatibilityFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags'
+ {
+ Key = '\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Compatibility Flags'
+ ValueData = 1024
+ }
+ }
+
+ if ($FeatureControl_D27CDB70_ActivationFilterOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride'
+ {
+ Key = '\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ActivationFilterOverride'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_D27CDB70_CompatibilityFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\Compatibility Flags'
+ {
+ Key = '\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Compatibility Flags'
+ ValueData = 1024
+ }
+ }
+
+ if ($FeatureControl_Comment) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\Comment'
+ {
+ Key = '\software\microsoft\Office\Common\COM Compatibility'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Comment'
+ ValueData = 'Block all Flash activation'
+ }
+ }
+
+ if ($FeatureControl_D27CDB6E_Office_ActivationFilterOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride'
+ {
+ Key = '\software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ActivationFilterOverride'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_D27CDB6E_Office_CompatibilityFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags'
+ {
+ Key = '\software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Compatibility Flags'
+ ValueData = 1024
+ }
+ }
+
+ if ($FeatureControl_D27CDB70_Office_ActivationFilterOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride'
+ {
+ Key = '\software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ActivationFilterOverride'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_D27CDB70_Office_CompatibilityFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\Compatibility Flags'
+ {
+ Key = '\software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Compatibility Flags'
+ ValueData = 1024
+ }
+ }
+
+ if ($FeatureControl_EnableSipHighSecurityMode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\enablesiphighsecuritymode'
+ {
+ Key = '\software\policies\microsoft\office\16.0\lync'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'enablesiphighsecuritymode'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_DisableHttpConnect) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\disablehttpconnect'
+ {
+ Key = '\software\policies\microsoft\office\16.0\lync'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'disablehttpconnect'
+ ValueData = 1
+ }
+ }
+
+ if ($WOW6432Node_D27CDB6E_16_ActivationFilterOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride'
+ {
+ Key = '\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ActivationFilterOverride'
+ ValueData = 0
+ }
+ }
+
+ if ($WOW6432Node_D27CDB6E_16_CompatibilityFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags'
+ {
+ Key = '\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Compatibility Flags'
+ ValueData = 1024
+ }
+ }
+
+ if ($WOW6432Node_D27CDB70_16_ActivationFilterOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride'
+ {
+ Key = '\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ActivationFilterOverride'
+ ValueData = 0
+ }
+ }
+
+ if ($WOW6432Node_D27CDB70_16_CompatibilityFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\Compatibility Flags'
+ {
+ Key = '\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Compatibility Flags'
+ ValueData = 1024
+ }
+ }
+
+ if ($WOW6432Node_D27CDB6E_Common_ActivationFilterOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride'
+ {
+ Key = '\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ActivationFilterOverride'
+ ValueData = 0
+ }
+ }
+
+ if ($WOW6432Node_D27CDB6E_Common_CompatibilityFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags'
+ {
+ Key = '\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Compatibility Flags'
+ ValueData = 1024
+ }
+ }
+
+ if ($WOW6432Node_D27CDB70_Common_ActivationFilterOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride'
+ {
+ Key = '\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ActivationFilterOverride'
+ ValueData = 0
+ }
+ }
+
+ if ($WOW6432Node_D27CDB70_Common_CompatibilityFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\Compatibility Flags'
+ {
+ Key = '\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Compatibility Flags'
+ ValueData = 1024
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.psd1 b/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.psd1
new file mode 100644
index 0000000..ada038e
--- /dev/null
+++ b/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Office_System_2013_and_Components'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/14/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Office_System_2013_and_Components.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = 'fb2d0241-fb4e-4ad5-985f-9718e6635ae6'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply Office 2013 STIG configuration'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.schema.psm1 b/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.schema.psm1
new file mode 100644
index 0000000..91c4b49
--- /dev/null
+++ b/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.schema.psm1
@@ -0,0 +1,1789 @@
+configuration DoD_Office_System_2013_and_Components
+{
+
+ param(
+ [bool]$FeatureControl_aptca_allowlist = $true,
+ [bool]$FeatureControl_groove_addon_management = $true,
+ [bool]$FeatureControl_excel_addon_management = $true,
+ [bool]$FeatureControl_mspub_addon_management = $true,
+ [bool]$FeatureControl_powerpnt_addon_management = $true,
+ [bool]$FeatureControl_pptview_addon_management = $true,
+ [bool]$FeatureControl_visio_addon_management = $true,
+ [bool]$FeatureControl_winproj_addon_management = $true,
+ [bool]$FeatureControl_winword_addon_management = $true,
+ [bool]$FeatureControl_outlook_addon_management = $true,
+ [bool]$FeatureControl_spdesign_addon_management = $true,
+ [bool]$FeatureControl_exprwd_addon_management = $true,
+ [bool]$FeatureControl_msaccess_addon_management = $true,
+ [bool]$FeatureControl_onenote_addon_management = $true,
+ [bool]$FeatureControl_mse7_addon_management = $true,
+ [bool]$FeatureControl_groove_http_username_password_disable = $true,
+ [bool]$FeatureControl_excel_http_username_password_disable = $true,
+ [bool]$FeatureControl_mspub_http_username_password_disable = $true,
+ [bool]$FeatureControl_powerpnt_http_username_password_disable = $true,
+ [bool]$FeatureControl_pptview_http_username_password_disable = $true,
+ [bool]$FeatureControl_visio_http_username_password_disable = $true,
+ [bool]$FeatureControl_winproj_http_username_password_disable = $true,
+ [bool]$FeatureControl_winword_http_username_password_disable = $true,
+ [bool]$FeatureControl_outlook_http_username_password_disable = $true,
+ [bool]$FeatureControl_spdesign_http_username_password_disable = $true,
+ [bool]$FeatureControl_exprwd_http_username_password_disable = $true,
+ [bool]$FeatureControl_msaccess_http_username_password_disable = $true,
+ [bool]$FeatureControl_onenote_http_username_password_disable = $true,
+ [bool]$FeatureControl_mse7_http_username_password_disable = $true,
+ [bool]$FeatureControl_winproj_restrict_activexinstall = $true,
+ [bool]$FeatureControl_winword_restrict_activexinstall = $true,
+ [bool]$FeatureControl_outlook_restrict_activexinstall = $true,
+ [bool]$FeatureControl_spdesign_restrict_activexinstall = $true,
+ [bool]$FeatureControl_exprwd_restrict_activexinstall = $true,
+ [bool]$FeatureControl_msaccess_restrict_activexinstall = $true,
+ [bool]$FeatureControl_onenote_restrict_activexinstall = $true,
+ [bool]$FeatureControl_mse7_restrict_activexinstall = $true,
+ [bool]$FeatureControl_groove_restrict_filedownload = $true,
+ [bool]$FeatureControl_excel_restrict_filedownload = $true,
+ [bool]$FeatureControl_mspub_restrict_filedownload = $true,
+ [bool]$FeatureControl_powerpnt_restrict_filedownload = $true,
+ [bool]$FeatureControl_pptview_restrict_filedownload = $true,
+ [bool]$FeatureControl_visio_restrict_filedownload = $true,
+ [bool]$FeatureControl_winproj_restrict_filedownload = $true,
+ [bool]$FeatureControl_winword_restrict_filedownload = $true,
+ [bool]$FeatureControl_outlook_restrict_filedownload = $true,
+ [bool]$FeatureControl_spdesign_restrict_filedownload = $true,
+ [bool]$FeatureControl_exprwd_restrict_filedownload = $true,
+ [bool]$FeatureControl_msaccess_restrict_filedownload = $true,
+ [bool]$FeatureControl_onenote_restrict_filedownload = $true,
+ [bool]$FeatureControl_mse7_restrict_filedownload = $true,
+ [bool]$FeatureControl_groove_safe_bindtoobject = $true,
+ [bool]$FeatureControl_excel_safe_bindtoobject = $true,
+ [bool]$FeatureControl_mspub_safe_bindtoobject = $true,
+ [bool]$FeatureControl_powerpnt_safe_bindtoobject = $true,
+ [bool]$FeatureControl_pptview_safe_bindtoobject = $true,
+ [bool]$FeatureControl_visio_safe_bindtoobject = $true,
+ [bool]$FeatureControl_winproj_safe_bindtoobject = $true,
+ [bool]$FeatureControl_winword_safe_bindtoobject = $true,
+ [bool]$FeatureControl_outlook_safe_bindtoobject = $true,
+ [bool]$FeatureControl_spdesign_safe_bindtoobject = $true,
+ [bool]$FeatureControl_exprwd_safe_bindtoobject = $true,
+ [bool]$FeatureControl_msaccess_safe_bindtoobject = $true,
+ [bool]$FeatureControl_onenote_safe_bindtoobject = $true,
+ [bool]$FeatureControl_mse7_safe_bindtoobject = $true,
+ [bool]$FeatureControl_groove_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_excel_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_mspub_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_powerpnt_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_pptview_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_visio_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_winproj_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_winword_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_outlook_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_spdesign_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_exprwd_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_msaccess_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_onenote_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_mse7_unc_savedfilecheck = $true,
+ [bool]$FeatureControl_groove_validate_navigate_url = $true,
+ [bool]$FeatureControl_excel_validate_navigate_url = $true,
+ [bool]$FeatureControl_mspub_validate_navigate_url = $true,
+ [bool]$FeatureControl_powerpnt_validate_navigate_url = $true,
+ [bool]$FeatureControl_pptview_validate_navigate_url = $true,
+ [bool]$FeatureControl_visio_validate_navigate_url = $true,
+ [bool]$FeatureControl_winproj_validate_navigate_url = $true,
+ [bool]$FeatureControl_winword_validate_navigate_url = $true,
+ [bool]$FeatureControl_outlook_validate_navigate_url = $true,
+ [bool]$FeatureControl_spdesign_validate_navigate_url = $true,
+ [bool]$FeatureControl_exprwd_validate_navigate_url = $true,
+ [bool]$FeatureControl_msaccess_validate_navigate_url = $true,
+ [bool]$FeatureControl_onenote_validate_navigate_url = $true,
+ [bool]$FeatureControl_mse7_validate_navigate_url = $true,
+ [bool]$FeatureControl_groove_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_excel_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_mspub_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_powerpnt_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_pptview_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_visio_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_winproj_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_winword_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_outlook_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_spdesign_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_exprwd_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_msaccess_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_onenote_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_mse7_weboc_popupmanagement = $true,
+ [bool]$FeatureControl_groove_window_restrictions = $true,
+ [bool]$FeatureControl_excel_window_restrictions = $true,
+ [bool]$FeatureControl_mspub_window_restrictions = $true,
+ [bool]$FeatureControl_powerpnt_window_restrictions = $true,
+ [bool]$FeatureControl_pptview_window_restrictions = $true,
+ [bool]$FeatureControl_visio_window_restrictions = $true,
+ [bool]$FeatureControl_winproj_window_restrictions = $true,
+ [bool]$FeatureControl_winword_window_restrictions = $true,
+ [bool]$FeatureControl_outlook_window_restrictions = $true,
+ [bool]$FeatureControl_spdesign_window_restrictions = $true,
+ [bool]$FeatureControl_exprwd_window_restrictions = $true,
+ [bool]$FeatureControl_msaccess_window_restrictions = $true,
+ [bool]$FeatureControl_onenote_window_restrictions = $true,
+ [bool]$FeatureControl_mse7_window_restrictions = $true,
+ [bool]$FeatureControl_groove_zone_elevation = $true,
+ [bool]$FeatureControl_excel_zone_elevation = $true,
+ [bool]$FeatureControl_mspub_zone_elevation = $true,
+ [bool]$FeatureControl_powerpnt_zone_elevation = $true,
+ [bool]$FeatureControl_pptview_zone_elevation = $true,
+ [bool]$FeatureControl_visio_zone_elevation = $true,
+ [bool]$FeatureControl_winproj_zone_elevation = $true,
+ [bool]$FeatureControl_winword_zone_elevation = $true,
+ [bool]$FeatureControl_outlook_zone_elevation = $true,
+ [bool]$FeatureControl_spdesign_zone_elevation = $true,
+ [bool]$FeatureControl_exprwd_zone_elevation = $true,
+ [bool]$FeatureControl_msaccess_zone_elevation = $true,
+ [bool]$FeatureControl_onenote_zone_elevation = $true,
+ [bool]$FeatureControl_mse7_zone_elevation = $true,
+ [bool]$FeatureControl_enableautomaticupdates = $true,
+ [bool]$FeatureControl_hideenabledisableupdates = $true,
+ [bool]$FeatureControl_savepassword = $true,
+ [bool]$FeatureControl_enablesiphighsecuritymode = $true,
+ [bool]$FeatureControl_disablehttpconnect = $true,
+ [bool]$FeatureControl_outlooksecuretempfolder_delete = $true,
+ [bool]$FeatureControl_fileextensionsremovelevel1_delete = $true,
+ [bool]$FeatureControl_fileextensionsremovelevel2_delete = $true,
+ [bool]$FeatureControl_loadcontrolsinforms_delete = $true,
+ [bool]$FeatureControl_uficontrols_delete = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($FeatureControl_aptca_allowlist) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\infopath\security\aptca_allowlist'
+ {
+ Key = '\software\policies\microsoft\office\15.0\infopath\security'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'aptca_allowlist'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_groove_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_addon_management) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_groove_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_http_username_password_disable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_winproj_restrict_activexinstall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_restrict_activexinstall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_restrict_activexinstall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_restrict_activexinstall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_restrict_activexinstall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_restrict_activexinstall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_restrict_activexinstall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_restrict_activexinstall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_groove_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_restrict_filedownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_groove_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_groove_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_unc_savedfilecheck) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_groove_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_validate_navigate_url) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_groove_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_weboc_popupmanagement) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_groove_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_window_restrictions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_groove_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_powerpnt_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_pptview_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_visio_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winproj_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_winword_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlook_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_spdesign_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_exprwd_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_msaccess_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_onenote_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mse7_zone_elevation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_enableautomaticupdates) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\common\officeupdate\enableautomaticupdates'
+ {
+ Key = '\software\policies\microsoft\office\15.0\common\officeupdate'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'enableautomaticupdates'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_hideenabledisableupdates) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\common\officeupdate\hideenabledisableupdates'
+ {
+ Key = '\software\policies\microsoft\office\15.0\common\officeupdate'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'hideenabledisableupdates'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_groove_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\groove.exe'
+ {
+ Key = '\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_excel_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\excel.exe'
+ {
+ Key = '\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_mspub_safe_bindtoobject) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mspub.exe'
+ {
+ Key = '\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_savepassword) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\lync\savepassword'
+ {
+ Key = '\software\policies\microsoft\office\15.0\lync'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'savepassword'
+ ValueData = 0
+ }
+ }
+
+ if ($FeatureControl_enablesiphighsecuritymode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\lync\enablesiphighsecuritymode'
+ {
+ Key = '\software\policies\microsoft\office\15.0\lync'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'enablesiphighsecuritymode'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_disablehttpconnect) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\lync\disablehttpconnect'
+ {
+ Key = '\software\policies\microsoft\office\15.0\lync'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'disablehttpconnect'
+ ValueData = 1
+ }
+ }
+
+ if ($FeatureControl_outlooksecuretempfolder_delete) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\15.0\outlook\security\outlooksecuretempfolder'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\15.0\outlook\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlooksecuretempfolder'
+ ValueData = ''
+ }
+ }
+
+ if ($FeatureControl_fileextensionsremovelevel1_delete) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\15.0\outlook\security\fileextensionsremovelevel1'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\15.0\outlook\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fileextensionsremovelevel1'
+ ValueData = ''
+ }
+ }
+
+ if ($FeatureControl_fileextensionsremovelevel2_delete) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\15.0\outlook\security\fileextensionsremovelevel2'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\15.0\outlook\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fileextensionsremovelevel2'
+ ValueData = ''
+ }
+ }
+
+ if ($FeatureControl_loadcontrolsinforms_delete) {
+ RegistryPolicyFile 'DEL_CU:\keycupoliciesmsvbasecurity\loadcontrolsinforms'
+ {
+ Key = 'HKCU:\keycupoliciesmsvbasecurity'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'loadcontrolsinforms'
+ ValueData = ''
+ }
+ }
+
+ if ($FeatureControl_uficontrols_delete) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\common\security\uficontrols'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\common\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'uficontrols'
+ ValueData = ''
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.psd1 b/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.psd1
new file mode 100644
index 0000000..d5293c5
--- /dev/null
+++ b/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Office_System_2016_and_Components'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/14/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Office_System_2016_and_Components.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '6b66747b-4af3-48ff-9eb1-493dda0996b9'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG settings for Office 2016'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.schema.psm1 b/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.schema.psm1
new file mode 100644
index 0000000..6cf9edd
--- /dev/null
+++ b/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.schema.psm1
@@ -0,0 +1,2045 @@
+configuration DoD_Office_System_2016_and_Components
+{
+
+ param(
+ [bool]$OneDrive_AllowTenantList_1111 = $true,
+ [bool]$Excel_EncryptedMacroScan = $false,
+ [bool]$Excel_WebServiceFunctionWarnings = $false,
+ [bool]$Excel_OpenInProtectedView = $false,
+ [bool]$Outlook_FileExtensionsRemoveLevel1 = $false,
+ [bool]$Outlook_FileExtensionsRemoveLevel2 = $false,
+ [bool]$KeyCU_LoadControlsInForms = $false,
+ [bool]$KeyCU_UFIControls = $false,
+ [bool]$IE_AddOnManagement_Grove = $true,
+ [bool]$IE_AddOnManagement_Excel = $true,
+ [bool]$IE_AddOnManagement_MSPub = $true,
+ [bool]$IE_AddOnManagement_PowerPNT = $true,
+ [bool]$IE_AddOnManagement_PPTView = $true,
+ [bool]$IE_AddOnManagement_Visio = $true,
+ [bool]$IE_AddOnManagement_WinProj = $true,
+ [bool]$IE_AddOnManagement_WinWord = $true,
+ [bool]$IE_AddOnManagement_Outlook = $true,
+ [bool]$IE_AddOnManagement_SPDesign = $false,
+ [bool]$IE_AddOnManagement_ExprWD = $false,
+ [bool]$IE_AddOnManagement_MSAccess = $true,
+ [bool]$IE_AddOnManagement_OneNote = $true,
+ [bool]$IE_AddOnManagement_MSE7 = $false,
+ [bool]$IE_HTTPUsernamePasswordDisable_Grove = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_Excel = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_MSPub = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_PowerPNT = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_PPTView = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_Visio = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_WinProj = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_WinWord = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_Outlook = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_SPDesign = $false,
+ [bool]$IE_HTTPUsernamePasswordDisable_ExprWD = $false,
+ [bool]$IE_HTTPUsernamePasswordDisable_MSAccess = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_OneNote = $true,
+ [bool]$IE_HTTPUsernamePasswordDisable_MSE7 = $false,
+ [bool]$IE_RestrictActiveXInstall_Grove = $true,
+ [bool]$IE_RestrictActiveXInstall_Excel = $true,
+ [bool]$IE_RestrictActiveXInstall_MSPub = $true,
+ [bool]$IE_RestrictActiveXInstall_PowerPNT = $true,
+ [bool]$IE_RestrictActiveXInstall_PPTView = $true,
+ [bool]$IE_RestrictActiveXInstall_Visio = $true,
+ [bool]$IE_RestrictActiveXInstall_WinProj = $true,
+ [bool]$IE_RestrictActiveXInstall_WinWord = $true,
+ [bool]$IE_RestrictActiveXInstall_Outlook = $true,
+ [bool]$IE_RestrictActiveXInstall_SPDesign = $false,
+ [bool]$IE_RestrictActiveXInstall_ExprWD = $false,
+ [bool]$IE_RestrictActiveXInstall_MSAccess = $true,
+ [bool]$IE_RestrictActiveXInstall_OneNote = $true,
+ [bool]$IE_RestrictActiveXInstall_MSE7 = $false,
+ [bool]$IE_RestrictFileDownload_Grove = $true,
+ [bool]$IE_RestrictFileDownload_Excel = $true,
+ [bool]$IE_RestrictFileDownload_MSPub = $true,
+ [bool]$IE_RestrictFileDownload_PowerPNT = $true,
+ [bool]$IE_RestrictFileDownload_PPTView = $true,
+ [bool]$IE_RestrictFileDownload_Visio = $true,
+ [bool]$IE_RestrictFileDownload_WinProj = $true,
+ [bool]$IE_RestrictFileDownload_WinWord = $true,
+ [bool]$IE_RestrictFileDownload_Outlook = $true,
+ [bool]$IE_RestrictFileDownload_SPDesign = $false,
+ [bool]$IE_RestrictFileDownload_ExprWD = $false,
+ [bool]$IE_RestrictFileDownload_MSAccess = $true,
+ [bool]$IE_RestrictFileDownload_OneNote = $true,
+ [bool]$IE_RestrictFileDownload_MSE7 = $false,
+ [bool]$IE_SafeBindToObject_Grove = $true,
+ [bool]$IE_SafeBindToObject_Excel = $true,
+ [bool]$IE_SafeBindToObject_MSPub = $true,
+ [bool]$IE_SafeBindToObject_PowerPNT = $true,
+ [bool]$IE_SafeBindToObject_PPTView = $true,
+ [bool]$IE_SafeBindToObject_Visio = $true,
+ [bool]$IE_SafeBindToObject_WinProj = $true,
+ [bool]$IE_SafeBindToObject_WinWord = $true,
+ [bool]$IE_SafeBindToObject_Outlook = $true,
+ [bool]$IE_SafeBindToObject_SPDesign = $false,
+ [bool]$IE_SafeBindToObject_ExprWD = $false,
+ [bool]$IE_SafeBindToObject_MSAccess = $true,
+ [bool]$IE_SafeBindToObject_OneNote = $true,
+ [bool]$IE_SafeBindToObject_MSE7 = $false,
+ [bool]$IE_UNCSavedFileCheck_Grove = $true,
+ [bool]$IE_UNCSavedFileCheck_Excel = $true,
+ [bool]$IE_UNCSavedFileCheck_MSPub = $true,
+ [bool]$IE_UNCSavedFileCheck_PowerPNT = $true,
+ [bool]$IE_UNCSavedFileCheck_PPTView = $true,
+ [bool]$IE_UNCSavedFileCheck_Visio = $true,
+ [bool]$IE_UNCSavedFileCheck_WinProj = $true,
+ [bool]$IE_UNCSavedFileCheck_WinWord = $true,
+ [bool]$IE_UNCSavedFileCheck_Outlook = $true,
+ [bool]$IE_UNCSavedFileCheck_SPDesign = $false,
+ [bool]$IE_UNCSavedFileCheck_ExprWD = $false,
+ [bool]$IE_UNCSavedFileCheck_MSAccess = $true,
+ [bool]$IE_UNCSavedFileCheck_OneNote = $true,
+ [bool]$IE_UNCSavedFileCheck_MSE7 = $false,
+ [bool]$IE_ValidateNavigateURL_Grove = $true,
+ [bool]$IE_ValidateNavigateURL_Excel = $true,
+ [bool]$IE_ValidateNavigateURL_MSPub = $true,
+ [bool]$IE_ValidateNavigateURL_PowerPNT = $true,
+ [bool]$IE_ValidateNavigateURL_PPTView = $true,
+ [bool]$IE_ValidateNavigateURL_Visio = $true,
+ [bool]$IE_ValidateNavigateURL_WinProj = $true,
+ [bool]$IE_ValidateNavigateURL_WinWord = $true,
+ [bool]$IE_ValidateNavigateURL_Outlook = $true,
+ [bool]$IE_ValidateNavigateURL_SPDesign = $false,
+ [bool]$IE_ValidateNavigateURL_ExprWD = $false,
+ [bool]$IE_ValidateNavigateURL_MSAccess = $true,
+ [bool]$IE_ValidateNavigateURL_OneNote = $true,
+ [bool]$IE_ValidateNavigateURL_MSE7 = $false,
+ [bool]$IE_WebocPopupManagement_Grove = $true,
+ [bool]$IE_WebocPopupManagement_Excel = $true,
+ [bool]$IE_WebocPopupManagement_MSPub = $true,
+ [bool]$IE_WebocPopupManagement_PowerPNT = $true,
+ [bool]$IE_WebocPopupManagement_PPTView = $true,
+ [bool]$IE_WebocPopupManagement_Visio = $true,
+ [bool]$IE_WebocPopupManagement_WinProj = $true,
+ [bool]$IE_WebocPopupManagement_WinWord = $true,
+ [bool]$IE_WebocPopupManagement_Outlook = $true,
+ [bool]$IE_WebocPopupManagement_SPDesign = $false,
+ [bool]$IE_WebocPopupManagement_ExprWD = $false,
+ [bool]$IE_WebocPopupManagement_MSAccess = $true,
+ [bool]$IE_WebocPopupManagement_OneNote = $true,
+ [bool]$IE_WebocPopupManagement_MSE7 = $false,
+ [bool]$IE_WindowRestrictions_Grove = $true,
+ [bool]$IE_WindowRestrictions_Excel = $true,
+ [bool]$IE_WindowRestrictions_MSPub = $true,
+ [bool]$IE_WindowRestrictions_PowerPNT = $true,
+ [bool]$IE_WindowRestrictions_PPTView = $true,
+ [bool]$IE_WindowRestrictions_Visio = $true,
+ [bool]$IE_WindowRestrictions_WinProj = $true,
+ [bool]$IE_WindowRestrictions_WinWord = $true,
+ [bool]$IE_WindowRestrictions_Outlook = $true,
+ [bool]$IE_WindowRestrictions_SPDesign = $false,
+ [bool]$IE_WindowRestrictions_ExprWD = $false,
+ [bool]$IE_WindowRestrictions_MSAccess = $true,
+ [bool]$IE_WindowRestrictions_OneNote = $true,
+ [bool]$IE_WindowRestrictions_MSE7 = $false,
+ [bool]$IE_ZoneElevation_Grove = $true,
+ [bool]$IE_ZoneElevation_Excel = $true,
+ [bool]$IE_ZoneElevation_MSPub = $true,
+ [bool]$IE_ZoneElevation_PowerPNT = $true,
+ [bool]$IE_ZoneElevation_PPTView = $true,
+ [bool]$IE_ZoneElevation_Visio = $true,
+ [bool]$IE_ZoneElevation_WinProj = $true,
+ [bool]$IE_ZoneElevation_WinWord = $true,
+ [bool]$IE_ZoneElevation_Outlook = $true,
+ [bool]$IE_ZoneElevation_SPDesign = $false,
+ [bool]$IE_ZoneElevation_ExprWD = $false,
+ [bool]$IE_ZoneElevation_MSAccess = $true,
+ [bool]$IE_ZoneElevation_OneNote = $true,
+ [bool]$IE_ZoneElevation_MSE7 = $false,
+ [bool]$PowerPoint_RunPrograms = $false,
+ [bool]$PowerPoint_OpenInProtectedView = $false,
+ [bool]$Lync_SavePassword = $false,
+ [bool]$Lync_EnableSIPHighSecurityMode = $true,
+ [bool]$Lync_DisableHTTPConnect = $true,
+ [bool]$Word_BypassEncryptedMacroScan = $false,
+ [bool]$Word_OpenInProtectedView = $false
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($OneDrive_AllowTenantList_1111) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\OneDrive\AllowTenantList\1111-2222-3333-4444'
+ {
+ Key = '\Software\Policies\Microsoft\OneDrive\AllowTenantList'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '1111-2222-3333-4444'
+ ValueData = '1111-2222-3333-4444'
+ }
+ }
+
+ if ( $Excel_EncryptedMacroScan) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\excel\security\excelbypassencryptedmacroscan'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\excel\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excelbypassencryptedmacroscan'
+ ValueData = ''
+ }
+ }
+
+ if ( $Excel_WebServiceFunctionWarnings) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\excel\security\webservicefunctionwarnings'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\excel\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'webservicefunctionwarnings'
+ ValueData = ''
+ }
+ }
+
+ if ( $Excel_OpenInProtectedView) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\excel\security\filevalidation\openinprotectedview'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\excel\security\filevalidation'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'openinprotectedview'
+ ValueData = ''
+ }
+ }
+
+ if ( $Outlook_FileExtensionsRemoveLevel1) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\outlook\security\fileextensionsremovelevel1'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\outlook\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fileextensionsremovelevel1'
+ ValueData = ''
+ }
+ }
+
+ if ( $Outlook_FileExtensionsRemoveLevel2) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\outlook\security\fileextensionsremovelevel2'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\outlook\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fileextensionsremovelevel2'
+ ValueData = ''
+ }
+ }
+
+ if ( $KeyCU_LoadControlsInForms) {
+ RegistryPolicyFile 'DEL_CU:\keycupoliciesmsvbasecurity\loadcontrolsinforms'
+ {
+ Key = 'HKCU:\keycupoliciesmsvbasecurity'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'loadcontrolsinforms'
+ ValueData = ''
+ }
+ }
+
+ if ( $KeyCU_UFIControls) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\common\security\uficontrols'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\common\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'uficontrols'
+ ValueData = ''
+ }
+ }
+
+ if ($IE_AddOnManagement_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_AddOnManagement_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_AddOnManagement_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_AddOnManagement_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_AddOnManagement_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_AddOnManagement_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_AddOnManagement_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_AddOnManagement_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_AddOnManagement_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_AddOnManagement_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_AddOnManagement_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_AddOnManagement_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_AddOnManagement_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_AddOnManagement_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_HTTPUsernamePasswordDisable_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_HTTPUsernamePasswordDisable_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_HTTPUsernamePasswordDisable_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_HTTPUsernamePasswordDisable_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+
+ }
+
+ if ($IE_RestrictActiveXInstall_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_RestrictActiveXInstall_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_RestrictActiveXInstall_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictActiveXInstall_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_RestrictActiveXInstall_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_RestrictFileDownload_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictFileDownload_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictFileDownload_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictFileDownload_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictFileDownload_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictFileDownload_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictFileDownload_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictFileDownload_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictFileDownload_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_RestrictFileDownload_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_RestrictFileDownload_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_RestrictFileDownload_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_RestrictFileDownload_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_RestrictFileDownload_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_SafeBindToObject_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_SafeBindToObject_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_SafeBindToObject_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_SafeBindToObject_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_SafeBindToObject_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_UNCSavedFileCheck_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_UNCSavedFileCheck_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_UNCSavedFileCheck_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_UNCSavedFileCheck_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_ValidateNavigateURL_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_ValidateNavigateURL_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ValidateNavigateURL_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_ValidateNavigateURL_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_WebocPopupManagement_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WebocPopupManagement_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WebocPopupManagement_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WebocPopupManagement_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WebocPopupManagement_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WebocPopupManagement_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WebocPopupManagement_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WebocPopupManagement_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WebocPopupManagement_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_WebocPopupManagement_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_WebocPopupManagement_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_WebocPopupManagement_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WebocPopupManagement_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_WebocPopupManagement_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_WindowRestrictions_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WindowRestrictions_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WindowRestrictions_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WindowRestrictions_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WindowRestrictions_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WindowRestrictions_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WindowRestrictions_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WindowRestrictions_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WindowRestrictions_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_WindowRestrictions_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_WindowRestrictions_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_WindowRestrictions_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_WindowRestrictions_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_WindowRestrictions_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_ZoneElevation_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\groove.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ZoneElevation_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\excel.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ZoneElevation_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mspub.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ZoneElevation_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\powerpnt.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ZoneElevation_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\pptview.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ZoneElevation_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\visio.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ZoneElevation_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winproj.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ZoneElevation_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winword.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ZoneElevation_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\outlook.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_ZoneElevation_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\spdesign.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+
+ if ( $IE_ZoneElevation_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\exprwd.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_ZoneElevation_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\msaccess.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_ZoneElevation_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\onenote.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_ZoneElevation_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mse7.exe'
+ {
+ Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_SafeBindToObject_Grove) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\groove.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'groove.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_Excel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\excel.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'excel.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_MSPub) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mspub.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mspub.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_PowerPNT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\powerpnt.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpnt.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_PPTView) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\pptview.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'pptview.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_Visio) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\visio.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'visio.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_WinProj) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winproj.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winproj.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_WinWord) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winword.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'winword.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_Outlook) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\outlook.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'outlook.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_SafeBindToObject_SPDesign) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\spdesign.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'spdesign.exe'
+ ValueData = 0
+ }
+ }
+ if ( $IE_SafeBindToObject_ExprWD) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\exprwd.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'exprwd.exe'
+ ValueData = 0
+ }
+ }
+
+ if ($IE_SafeBindToObject_MSAccess) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\msaccess.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'msaccess.exe'
+ ValueData = 1
+ }
+ }
+
+ if ($IE_SafeBindToObject_OneNote) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\onenote.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'onenote.exe'
+ ValueData = 1
+ }
+ }
+
+ if ( $IE_SafeBindToObject_MSE7) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mse7.exe'
+ {
+ Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'mse7.exe'
+ ValueData = 0
+ }
+ }
+
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\powerpoint\security\powerpointbypassencryptedmacroscan'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\powerpoint\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'powerpointbypassencryptedmacroscan'
+ ValueData = ''
+ }
+ if ( $PowerPoint_RunPrograms) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\powerpoint\security\runprograms'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\powerpoint\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'runprograms'
+ ValueData = ''
+ }
+ }
+
+ if ( $PowerPoint_OpenInProtectedView) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\powerpoint\security\filevalidation\openinprotectedview'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\powerpoint\security\filevalidation'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'openinprotectedview'
+ ValueData = ''
+ }
+ }
+
+ if ( $Lync_SavePassword) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\savepassword'
+ {
+ Key = '\software\policies\microsoft\office\16.0\lync'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'savepassword'
+ ValueData = 0
+ }
+ }
+
+ if ($Lync_EnableSIPHighSecurityMode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\enablesiphighsecuritymode'
+ {
+ Key = '\software\policies\microsoft\office\16.0\lync'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'enablesiphighsecuritymode'
+ ValueData = 1
+ }
+ }
+
+ if ($Lync_DisableHTTPConnect) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\disablehttpconnect'
+ {
+ Key = '\software\policies\microsoft\office\16.0\lync'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'disablehttpconnect'
+ ValueData = 1
+ }
+ }
+
+ if ( $Word_BypassEncryptedMacroScan) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\word\security\wordbypassencryptedmacroscan'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\word\security'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'wordbypassencryptedmacroscan'
+ ValueData = ''
+ }
+ }
+
+ if ( $Word_OpenInProtectedView) {
+ RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\word\security\filevalidation\openinprotectedview'
+ {
+ Key = 'HKCU:\software\policies\microsoft\office\16.0\word\security\filevalidation'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'openinprotectedview'
+ ValueData = ''
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.psd1 b/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.psd1
new file mode 100644
index 0000000..583bf34
--- /dev/null
+++ b/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_WinSvr_2012_R2_MS_and_DC_v3r7'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/15/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_WinSvr_2012_R2_MS_and_DC_v3r7.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '93c4be4b-ad19-4f4b-ae7d-8d99ea4dd35a'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG settings for Windows Server 2012 R2'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.schema.psm1 b/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.schema.psm1
new file mode 100644
index 0000000..2909029
--- /dev/null
+++ b/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.schema.psm1
@@ -0,0 +1,3063 @@
+configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7
+{
+
+ param(
+ [bool]$EnumerateAdministrators = $true,
+ [bool]$NoDriveTypeAutoRun = $true,
+ [bool]$NoInternetOpenWith = $true,
+ [bool]$PreXPSP2ShellProtocolBehavior = $true,
+ [bool]$NoAutorun = $true,
+ [bool]$LocalSourcePath = $true,
+ [bool]$UseWindowsUpdate = $true,
+ [bool]$RepairContentServerSource_Delete = $true,
+ [bool]$DisableBkGndGroupPolicy_Delete = $true,
+ [bool]$MSAOptional = $true,
+ [bool]$DisableAutomaticRestartSignOn = $true,
+ [bool]$LocalAccountTokenFilterPolicy = $true,
+ [bool]$ProcessCreationIncludeCmdLine_Enabled = $true,
+ [bool]$AutoAdminLogon = $true,
+ [bool]$ScreenSaverGracePeriod = $true,
+ [bool]$Biometrics_Enabled = $true,
+ [bool]$BlockUserInputMethodsForSignIn = $true,
+ [bool]$MicrosoftEventVwrDisableLinks = $true,
+ [bool]$DisableEnclosureDownload = $true,
+ [bool]$AllowBasicAuthInClear = $true,
+ [bool]$Peernet_Disabled = $true,
+ [bool]$DCSettingIndex = $true,
+ [bool]$ACSettingIndex = $true,
+ [bool]$CEIPEnable = $true,
+ [bool]$DisableInventory = $true,
+ [bool]$DisablePcaUI = $true,
+ [bool]$AllowAllTrustedApps = $true,
+ [bool]$DisablePasswordReveal = $true,
+ [bool]$PreventDeviceMetadataFromNetwork = $true,
+ [bool]$AllowRemoteRPC = $true,
+ [bool]$DisableSystemRestore = $true,
+ [bool]$DisableSendGenericDriverNotFoundToWER = $true,
+ [bool]$DisableSendRequestAdditionalSoftwareToWER = $true,
+ [bool]$DontSearchWindowsUpdate = $true,
+ [bool]$DontPromptForWindowsUpdate = $true,
+ [bool]$SearchOrderConfig = $true,
+ [bool]$DriverServerSelection = $true,
+ [bool]$MaxSize_Application = $true,
+ [bool]$MaxSize_Security = $true,
+ [bool]$MaxSize_Setup = $true,
+ [bool]$MaxSize_System = $true,
+ [bool]$NoHeapTerminationOnCorruption = $true,
+ [bool]$NoAutoplayfornonVolume = $true,
+ [bool]$NoDataExecutionPrevention = $true,
+ [bool]$NoUseStoreOpenWith = $true,
+ [bool]$NoBackgroundPolicy = $true,
+ [bool]$NoGPOListChanges = $true,
+ [bool]$PreventHandwritingErrorReports = $true,
+ [bool]$SafeForScripting = $true,
+ [bool]$EnableUserControl = $true,
+ [bool]$DisableLUAPatching = $true,
+ [bool]$AlwaysInstallElevated = $true,
+ [bool]$EnableLLTDIO = $true,
+ [bool]$AllowLLTDIOOnDomain = $true,
+ [bool]$AllowLLTDIOOnPublicNet = $true,
+ [bool]$ProhibitLLTDIOOnPrivateNet = $true,
+ [bool]$EnableRspndr = $true,
+ [bool]$AllowRspndrOnDomain = $true,
+ [bool]$AllowRspndrOnPublicNet = $true,
+ [bool]$ProhibitRspndrOnPrivateNet = $true,
+ [bool]$DisableLocation = $true,
+ [bool]$NC_AllowNetBridge_NLA = $true,
+ [bool]$NC_StdDomainUserSetLocation = $true,
+ [bool]$NoLockScreenSlideshow = $true,
+ [bool]$EnableScriptBlockLogging = $true,
+ [bool]$EnableScriptBlockInvocationLogging_Delete = $true,
+ [bool]$DisableQueryRemoteServer = $true,
+ [bool]$EnableQueryRemoteServer = $true,
+ [bool]$EnumerateLocalUsers = $true,
+ [bool]$DisableLockScreenAppNotifications = $true,
+ [bool]$DontDisplayNetworkSelectionUI = $true,
+ [bool]$EnableSmartScreen = $true,
+ [bool]$PreventHandwritingDataSharing = $true,
+ [bool]$Force_Tunneling = $true,
+ [bool]$EnableRegistrars = $true,
+ [bool]$DisableUPnPRegistrar = $true,
+ [bool]$DisableInBand802DOT11Registrar = $true,
+ [bool]$DisableFlashConfigRegistrar = $true,
+ [bool]$DisableWPDRegistrar = $true,
+ [bool]$MaxWCNDeviceNumber_Delete = $true,
+ [bool]$HigherPrecedenceRegistrar_Delete = $true,
+ [bool]$DisableWcnUi = $true,
+ [bool]$ScenarioExecutionEnabled = $true,
+ [bool]$AllowBasic = $true,
+ [bool]$AllowUnencryptedTraffic = $true,
+ [bool]$AllowDigest = $true,
+ [bool]$AllowBasic_Service = $true,
+ [bool]$AllowUnencryptedTraffic_Service = $true,
+ [bool]$DisableRunAs = $true,
+ [bool]$DisableHTTPPrinting = $true,
+ [bool]$DisableWebPnPDownload = $true,
+ [bool]$DoNotInstallCompatibleDriverFromWindowsUpdate = $true,
+ [bool]$fAllowToGetHelp = $true,
+ [bool]$fAllowFullControl_Delete = $true,
+ [bool]$MaxTicketExpiry_Delete = $true,
+ [bool]$MaxTicketExpiryUnits_Delete = $true,
+ [bool]$fUseMailto_Delete = $true,
+ [bool]$fPromptForPassword = $true,
+ [bool]$MinEncryptionLevel = $true,
+ [bool]$PerSessionTempDir = $true,
+ [bool]$DeleteTempDirsOnExit = $true,
+ [bool]$fAllowUnsolicited = $true,
+ [bool]$fAllowUnsolicitedFullControl_Delete = $true,
+ [bool]$fEncryptRPCTraffic = $true,
+ [bool]$DisablePasswordSaving = $true,
+ [bool]$fDisableCdm = $true,
+ [bool]$LoggingEnabled = $true,
+ [bool]$fDisableCcm = $true,
+ [bool]$fDisableLPT = $true,
+ [bool]$fDisablePNPRedir = $true,
+ [bool]$fEnableSmartCard = $true,
+ [bool]$RedirectOnlyDefaultClientPrinter = $true,
+ [bool]$DisableAutoUpdate = $true,
+ [bool]$GroupPrivacyAcceptance = $true,
+ [bool]$DisableOnline = $true,
+ [bool]$UseLogonCredential = $true,
+ [bool]$SafeDllSearchMode = $true,
+ [bool]$DriverLoadPolicy = $true,
+ [bool]$WarningLevel = $true,
+ [bool]$NoDefaultExempt = $true,
+ [bool]$SMB1 = $true,
+ [bool]$Start_MrxSmb10 = $true,
+ [bool]$NoNameReleaseOnDemand = $true,
+ [bool]$DisableIPSourceRouting = $true,
+ [bool]$EnableICMPRedirect = $true,
+ [bool]$PerformRouterDiscovery = $true,
+ [bool]$KeepAliveTime = $true,
+ [bool]$TcpMaxDataRetransmissions = $true,
+ [bool]$EnableIPAutoConfigurationLimits = $true,
+ [bool]$DisableIPSourceRouting_Tcpip6 = $true,
+ [bool]$TcpMaxDataRetransmissions_Tcpip6 = $true,
+ [bool]$AuditCredentialValidation_Success = $true,
+ [bool]$AuditCredentialValidation_Failure = $true,
+ [bool]$AuditComputerAccountManagement_Success = $true,
+ [bool]$AuditComputerAccountManagement_Failure = $false,
+ [bool]$AuditOtherAccountManagementEvents_Success = $true,
+ [bool]$AuditOtherAccountManagementEvents_Failure = $false,
+ [bool]$AuditSecurityGroupManagement_Success = $true,
+ [bool]$AuditSecurityGroupManagement_Failure = $false,
+ [bool]$AuditUserAccountManagement_Success = $true,
+ [bool]$AuditUserAccountManagement_Failure = $true,
+ [bool]$AuditProcessCreation_Success = $true,
+ [bool]$AuditProcessCreation_Failure = $false,
+ [bool]$AuditDirectoryServiceAccess_Success = $true,
+ [bool]$AuditDirectoryServiceAccess_Failure = $true,
+ [bool]$AuditDirectoryServiceChanges_Success = $true,
+ [bool]$AuditDirectoryServiceChanges_Failure = $false,
+ [bool]$AuditAccountLockout_Failure = $true,
+ [bool]$AuditAccountLockout_Success = $false,
+ [bool]$AuditLogoff_Success = $true,
+ [bool]$AuditLogoff_Failure = $false,
+ [bool]$AuditLogon_Success = $true,
+ [bool]$AuditLogon_Failure = $true,
+ [bool]$AuditSpecialLogon_Success = $true,
+ [bool]$AuditSpecialLogon_Failure = $false,
+ [bool]$AuditRemovableStorage_Success = $true,
+ [bool]$AuditRemovableStorage_Failure = $true,
+ [bool]$AuditCentralAccessPolicyStaging_Success = $true,
+ [bool]$AuditCentralAccessPolicyStaging_Failure = $true,
+ [bool]$AuditPolicyChange_Success = $true,
+ [bool]$AuditPolicyChange_Failure = $true,
+ [bool]$AuditAuthenticationPolicyChange_Success = $true,
+ [bool]$AuditAuthenticationPolicyChange_Failure = $false,
+ [bool]$AuditAuthorizationPolicyChange_Success = $true,
+ [bool]$AuditAuthorizationPolicyChange_Failure = $false,
+ [bool]$AuditSensitivePrivilegeUse_Success = $true,
+ [bool]$AuditSensitivePrivilegeUse_Failure = $true,
+ [bool]$AuditIPsecDriver_Success = $true,
+ [bool]$AuditIPsecDriver_Failure = $true,
+ [bool]$AuditOtherSystemEvents_Success = $true,
+ [bool]$AuditOtherSystemEvents_Failure = $true,
+ [bool]$AuditSecurityStateChange_Success = $true,
+ [bool]$AuditSecurityStateChange_Failure = $false,
+ [bool]$AuditSecuritySystemExtension_Success = $true,
+ [bool]$AuditSecuritySystemExtension_Failure = $false,
+ [bool]$AuditSystemIntegrity_Success = $true,
+ [bool]$AuditSystemIntegrity_Failure = $true,
+ [bool]$EnableComputerAndUserAccountsToBeTrustedForDelegation = $true,
+ [bool]$AllowLogOnThroughRemoteDesktopServices = $true,
+ [bool]$BackUpFilesAndDirectories = $true,
+ [bool]$ImpersonateAClientAfterAuthentication = $true,
+ [bool]$PerformVolumeMaintenanceTasks = $true,
+ [bool]$AccessThisComputerFromTheNetwork = $true,
+ [bool]$LockPagesInMemory = $true,
+ [bool]$TakeOwnershipOfFilesOrOtherObjects = $true,
+ [bool]$CreatePermanentSharedObjects = $true,
+ [bool]$DenyAccessToThisComputerFromTheNetwork = $true,
+ [bool]$CreateGlobalObjects = $true,
+ [bool]$DenyLogOnAsABatchJob = $true,
+ [bool]$RestoreFilesAndDirectories = $true,
+ [bool]$AccessCredentialManagerAsATrustedCaller = $true,
+ [bool]$AddWorkstationsToDomain = $true,
+ [bool]$DenyLogOnAsAService = $true,
+ [bool]$IncreaseSchedulingPriority = $true,
+ [bool]$ForceShutdownFromARemoteSystem = $true,
+ [bool]$GenerateSecurityAudits = $true,
+ [bool]$DenyLogOnLocally = $true,
+ [bool]$CreateSymbolicLinks = $true,
+ [bool]$DebugPrograms = $true,
+ [bool]$AllowLogOnLocally = $true,
+ [bool]$ManageAuditingAndSecurityLog = $true,
+ [bool]$ActAsPartOfTheOperatingSystem = $true,
+ [bool]$ProfileSingleProcess = $true,
+ [bool]$CreateATokenObject = $true,
+ [bool]$LoadAndUnloadDeviceDrivers = $true,
+ [bool]$ModifyFirmwareEnvironmentValues = $true,
+ [bool]$CreateAPagefile = $true,
+ [bool]$DenyLogOnThroughRemoteDesktopServices = $true,
+ [bool]$UACAdminApprovalMode = $true,
+ [bool]$RestrictAnonymousAccess = $true,
+ [bool]$RemotelyAccessibleRegistryPaths = $true,
+ [bool]$SharingAndSecurityModel = $true,
+ [bool]$RequireStrongSessionKey = $true,
+ [bool]$OnlyElevateUIAccessAppsInSecureLocations = $true,
+ [bool]$IdleTimeBeforeSuspendingSession = $true,
+ [bool]$StrongKeyProtection = $true,
+ [bool]$KerberosEncryptionTypes = $true,
+ [bool]$DigitallySignCommunicationsIfClientAgrees = $true,
+ [bool]$UseFIPSCompliantAlgorithms = $true,
+ [bool]$ShutdownWithoutLogon = $true,
+ [bool]$AuditBackupAndRestorePrivilege = $true,
+ [bool]$DoNotRequireCtrlAltDel = $true,
+ [bool]$LANManagerAuthenticationLevel = $true,
+ [bool]$DisableMachineAccountPasswordChanges = $true,
+ [bool]$VirtualizeFileAndRegistryWriteFailures = $true,
+ [bool]$LogonMessageTitle = $true,
+ [bool]$DigitallySignSecureChannelData = $true,
+ [bool]$AllowUIAccessApplicationsToPromptForElevation = $true,
+ [bool]$SmartCardRemovalBehavior = $true,
+ [bool]$LimitLocalAccountUseOfBlankPasswords = $true,
+ [bool]$ServerSPNTargetNameValidationLevel = $true,
+ [bool]$LdapServerSigningRequirements = $true,
+ [bool]$AllowedToFormatAndEjectRemovableMedia = $true,
+ [bool]$NamedPipesAccessedAnonymously = $true,
+ [bool]$SwitchToSecureDesktopForElevation = $true,
+ [bool]$MessageTextForUsersLogon = $true,
+ [string]$MessageTextWhenLogging,
+ [bool]$SharesAccessedAnonymously = $true,
+ [bool]$EveryonePermissionsApplyToAnonymousUsers = $true,
+ [bool]$DigitallyEncryptSecureChannelData = $true,
+ [bool]$ElevationPromptBehaviorForStandardUsers = $true,
+ [bool]$DigitallySignCommunicationsAlways_Server = $true,
+ [bool]$OptionalSubsystemsEnabled = $true,
+ [bool]$DigitallySignCommunicationsAlways_Client = $true,
+ [bool]$MinimumSessionSecurityForNTLM = $true,
+ [bool]$PromptUserToChangePasswordBeforeExpiration = $true,
+ [bool]$RunAllAdministratorsInAdminApprovalMode = $true,
+ [bool]$DigitallySignCommunicationsIfServerAgrees = $true,
+ [bool]$DetectApplicationInstallationsAndPromptForElevation = $true,
+ [bool]$DoNotAllowAnonymousEnumerationOfSAMAccounts = $true,
+ [bool]$AllowLocalSystemToUseComputerIdentityForNTLM = $true,
+ [bool]$RequireCaseInsensitivityForNonWindowsSubsystems = $true,
+ [bool]$AllowLocalSystemNULLSessionFallback = $true,
+ [bool]$ForceAuditPolicySubcategorySettings = $true,
+ [bool]$OnlyElevateSignedAndValidatedExecutables = $true,
+ [bool]$AuditAccessOfGlobalSystemObjects = $true,
+ [bool]$SendUnencryptedPasswordToThirdPartySMBServers = $true,
+ [bool]$MinimumSessionSecurityForNTLMSPBASED = $true,
+ [bool]$NumberOfPreviousLogonsToCache = $true,
+ [bool]$DoNotDisplayLastUserName = $true,
+ [bool]$MaximumMachineAccountPasswordAge = $true,
+ [bool]$DisconnectClientsWhenLogonHoursExpire = $true,
+ [bool]$DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares = $true,
+ [bool]$RefuseMachineAccountPasswordChanges = $true,
+ [bool]$PreventUsersFromInstallingPrinterDrivers = $true,
+ [bool]$StrengthenDefaultPermissionsOfInternalSystemObjects = $true,
+ [bool]$AllowPKU2UAuthenticationRequestsToUseOnlineIdentities = $true,
+ [bool]$MachineInactivityLimit = $true,
+ [bool]$DoNotStoreLANManagerHashOnNextPasswordChange = $true,
+ [bool]$DigitallyEncryptOrSignSecureChannelDataAlways = $true,
+ [bool]$LDAPClientSigningRequirements = $true,
+ [bool]$ElevationPromptBehaviorForAdmins = $true,
+ [bool]$LockoutDuration = $true,
+ [bool]$LockoutBadCount = $true,
+ [bool]$ResetLockoutCount = $true,
+ [bool]$RenameGuestAccount = $true,
+ [bool]$MinimumPasswordAge = $true,
+ [bool]$PasswordComplexity = $true,
+ [bool]$PasswordHistorySize = $true,
+ [bool]$LSAAnonymousNameLookup = $true,
+ [bool]$MinimumPasswordLength = $true,
+ [bool]$RenameAdministratorAccount = $true,
+ [bool]$EnableGuestAccount = $true,
+ [bool]$ClearTextPassword = $true,
+ [bool]$MaximumPasswordAge = $true,
+ [bool]$ForceLogoffWhenHourExpire = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($EnumerateAdministrators) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateAdministrators'
+ ValueData = 0
+ }
+ }
+
+ if ($NoDriveTypeAutoRun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDriveTypeAutoRun'
+ ValueData = 255
+ }
+ }
+
+ if ($NoInternetOpenWith) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoInternetOpenWith'
+ ValueData = 1
+ }
+ }
+
+ if ($PreXPSP2ShellProtocolBehavior) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreXPSP2ShellProtocolBehavior'
+ ValueData = 0
+ }
+ }
+
+ if ($NoAutorun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutorun'
+ ValueData = 1
+ }
+ }
+
+ if ($LocalSourcePath) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\LocalSourcePath'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing'
+ ValueType = 'ExpandString'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LocalSourcePath'
+ ValueData = $null
+ }
+ }
+
+ if ($UseWindowsUpdate) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\UseWindowsUpdate'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseWindowsUpdate'
+ ValueData = 2
+ }
+ }
+
+ if ($RepairContentServerSource_Delete) {
+ RegistryPolicyFile 'DEL_\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\RepairContentServerSource'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RepairContentServerSource'
+ ValueData = ''
+ }
+ }
+
+ if ($DisableBkGndGroupPolicy_Delete) {
+ RegistryPolicyFile 'DEL_\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableBkGndGroupPolicy'
+ ValueData = ''
+ }
+ }
+
+ if ($MSAOptional) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MSAOptional'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableAutomaticRestartSignOn) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableAutomaticRestartSignOn'
+ ValueData = 1
+ }
+ }
+
+ if ($LocalAccountTokenFilterPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LocalAccountTokenFilterPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($ProcessCreationIncludeCmdLine_Enabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ProcessCreationIncludeCmdLine_Enabled'
+ ValueData = 1
+ }
+ }
+
+ if ($AutoAdminLogon) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon'
+ {
+ Key = '\Software\Microsoft\Windows NT\CurrentVersion\Winlogon'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AutoAdminLogon'
+ ValueData = '0'
+ }
+ }
+
+ if ($ScreenSaverGracePeriod) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod'
+ {
+ Key = '\Software\Microsoft\Windows NT\CurrentVersion\Winlogon'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ScreenSaverGracePeriod'
+ ValueData = '5'
+ }
+ }
+
+ if ($Biometrics_Enabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Biometrics\Enabled'
+ {
+ Key = '\Software\policies\Microsoft\Biometrics'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Enabled'
+ ValueData = 0
+ }
+ }
+
+ if ($BlockUserInputMethodsForSignIn) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Control Panel\International\BlockUserInputMethodsForSignIn'
+ {
+ Key = '\Software\policies\Microsoft\Control Panel\International'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'BlockUserInputMethodsForSignIn'
+ ValueData = 1
+ }
+ }
+
+ if ($MicrosoftEventVwrDisableLinks) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks'
+ {
+ Key = '\Software\policies\Microsoft\EventViewer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MicrosoftEventVwrDisableLinks'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableEnclosureDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload'
+ {
+ Key = '\Software\policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableEnclosureDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowBasicAuthInClear) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear'
+ {
+ Key = '\Software\policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasicAuthInClear'
+ ValueData = 0
+ }
+ }
+
+ if ($Peernet_Disabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Peernet\Disabled'
+ {
+ Key = '\Software\policies\Microsoft\Peernet'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Disabled'
+ ValueData = 1
+ }
+ }
+
+ if ($DCSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex'
+ {
+ Key = '\Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DCSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($ACSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex'
+ {
+ Key = '\Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ACSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($CEIPEnable) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\SQMClient\Windows\CEIPEnable'
+ {
+ Key = '\Software\policies\Microsoft\SQMClient\Windows'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'CEIPEnable'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableInventory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\AppCompat\DisableInventory'
+ {
+ Key = '\Software\policies\Microsoft\Windows\AppCompat'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableInventory'
+ ValueData = 1
+ }
+ }
+
+ if ($DisablePcaUI) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\AppCompat\DisablePcaUI'
+ {
+ Key = '\Software\policies\Microsoft\Windows\AppCompat'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePcaUI'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowAllTrustedApps) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Appx\AllowAllTrustedApps'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Appx'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowAllTrustedApps'
+ ValueData = 1
+ }
+ }
+
+ if ($DisablePasswordReveal) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\CredUI\DisablePasswordReveal'
+ {
+ Key = '\Software\policies\Microsoft\Windows\CredUI'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePasswordReveal'
+ ValueData = 1
+ }
+ }
+
+ if ($PreventDeviceMetadataFromNetwork) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Device Metadata'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventDeviceMetadataFromNetwork'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowRemoteRPC) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC'
+ {
+ Key = '\Software\policies\Microsoft\Windows\DeviceInstall\Settings'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowRemoteRPC'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableSystemRestore) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore'
+ {
+ Key = '\Software\policies\Microsoft\Windows\DeviceInstall\Settings'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableSystemRestore'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableSendGenericDriverNotFoundToWER) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER'
+ {
+ Key = '\Software\policies\Microsoft\Windows\DeviceInstall\Settings'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableSendGenericDriverNotFoundToWER'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableSendRequestAdditionalSoftwareToWER) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER'
+ {
+ Key = '\Software\policies\Microsoft\Windows\DeviceInstall\Settings'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableSendRequestAdditionalSoftwareToWER'
+ ValueData = 1
+ }
+ }
+
+ if ($DontSearchWindowsUpdate) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate'
+ {
+ Key = '\Software\policies\Microsoft\Windows\DriverSearching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DontSearchWindowsUpdate'
+ ValueData = 1
+ }
+ }
+
+ if ($DontPromptForWindowsUpdate) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate'
+ {
+ Key = '\Software\policies\Microsoft\Windows\DriverSearching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DontPromptForWindowsUpdate'
+ ValueData = 1
+ }
+ }
+
+ if ($SearchOrderConfig) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DriverSearching\SearchOrderConfig'
+ {
+ Key = '\Software\policies\Microsoft\Windows\DriverSearching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SearchOrderConfig'
+ ValueData = 0
+ }
+ }
+
+ if ($DriverServerSelection) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DriverSearching\DriverServerSelection'
+ {
+ Key = '\Software\policies\Microsoft\Windows\DriverSearching'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DriverServerSelection'
+ ValueData = 1
+ }
+ }
+
+ if ($MaxSize_Application) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\EventLog\Application\MaxSize'
+ {
+ Key = '\Software\policies\Microsoft\Windows\EventLog\Application'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($MaxSize_Security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\EventLog\Security\MaxSize'
+ {
+ Key = '\Software\policies\Microsoft\Windows\EventLog\Security'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 196608
+ }
+ }
+
+ if ($MaxSize_Setup) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\EventLog\Setup\MaxSize'
+ {
+ Key = '\Software\policies\Microsoft\Windows\EventLog\Setup'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($MaxSize_System) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\EventLog\System\MaxSize'
+ {
+ Key = '\Software\policies\Microsoft\Windows\EventLog\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($NoHeapTerminationOnCorruption) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoHeapTerminationOnCorruption'
+ ValueData = 0
+ }
+ }
+
+ if ($NoAutoplayfornonVolume) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutoplayfornonVolume'
+ ValueData = 1
+ }
+ }
+
+ if ($NoDataExecutionPrevention) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDataExecutionPrevention'
+ ValueData = 0
+ }
+ }
+
+ if ($NoUseStoreOpenWith) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Explorer\NoUseStoreOpenWith'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoUseStoreOpenWith'
+ ValueData = 1
+ }
+ }
+ if ($NoBackgroundPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoBackgroundPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($NoGPOListChanges) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoGPOListChanges'
+ ValueData = 0
+ }
+ }
+
+ if ($PreventHandwritingErrorReports) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports'
+ {
+ Key = '\Software\policies\Microsoft\Windows\HandwritingErrorReports'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventHandwritingErrorReports'
+ ValueData = 1
+ }
+ }
+
+ if ($SafeForScripting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Installer\SafeForScripting'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SafeForScripting'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableUserControl) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Installer\EnableUserControl'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableUserControl'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableLUAPatching) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Installer\DisableLUAPatching'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableLUAPatching'
+ ValueData = 1
+ }
+ }
+
+ if ($AlwaysInstallElevated) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Installer\AlwaysInstallElevated'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AlwaysInstallElevated'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableLLTDIO) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\EnableLLTDIO'
+ {
+ Key = '\Software\policies\Microsoft\Windows\LLTD'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableLLTDIO'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowLLTDIOOnDomain) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\AllowLLTDIOOnDomain'
+ {
+ Key = '\Software\policies\Microsoft\Windows\LLTD'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowLLTDIOOnDomain'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowLLTDIOOnPublicNet) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet'
+ {
+ Key = '\Software\policies\Microsoft\Windows\LLTD'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowLLTDIOOnPublicNet'
+ ValueData = 0
+ }
+ }
+
+ if ($ProhibitLLTDIOOnPrivateNet) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet'
+ {
+ Key = '\Software\policies\Microsoft\Windows\LLTD'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ProhibitLLTDIOOnPrivateNet'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableRspndr) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\EnableRspndr'
+ {
+ Key = '\Software\policies\Microsoft\Windows\LLTD'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableRspndr'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowRspndrOnDomain) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\AllowRspndrOnDomain'
+ {
+ Key = '\Software\policies\Microsoft\Windows\LLTD'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowRspndrOnDomain'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowRspndrOnPublicNet) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet'
+ {
+ Key = '\Software\policies\Microsoft\Windows\LLTD'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowRspndrOnPublicNet'
+ ValueData = 0
+ }
+ }
+
+ if ($ProhibitRspndrOnPrivateNet) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet'
+ {
+ Key = '\Software\policies\Microsoft\Windows\LLTD'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ProhibitRspndrOnPrivateNet'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableLocation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LocationAndSensors\DisableLocation'
+ {
+ Key = '\Software\policies\Microsoft\Windows\LocationAndSensors'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableLocation'
+ ValueData = 1
+ }
+ }
+
+ if ($NC_AllowNetBridge_NLA) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Network Connections'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NC_AllowNetBridge_NLA'
+ ValueData = 0
+ }
+ }
+
+ if ($NC_StdDomainUserSetLocation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Network Connections'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NC_StdDomainUserSetLocation'
+ ValueData = 1
+ }
+ }
+
+ if ($NoLockScreenSlideshow) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow'
+ {
+ Key = '\Software\policies\Microsoft\Windows\Personalization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoLockScreenSlideshow'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableScriptBlockLogging) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging'
+ {
+ Key = '\Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockLogging'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableScriptBlockInvocationLogging_Delete) {
+ RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging'
+ {
+ Key = '\Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockInvocationLogging'
+ ValueData = ''
+ }
+ }
+
+ if ($DisableQueryRemoteServer) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer'
+ {
+ Key = '\Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableQueryRemoteServer'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableQueryRemoteServer) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer'
+ {
+ Key = '\Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableQueryRemoteServer'
+ ValueData = 0
+ }
+ }
+
+ if ($EnumerateLocalUsers) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\System\EnumerateLocalUsers'
+ {
+ Key = '\Software\policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateLocalUsers'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableLockScreenAppNotifications) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\System\DisableLockScreenAppNotifications'
+ {
+ Key = '\Software\policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableLockScreenAppNotifications'
+ ValueData = 1
+ }
+ }
+
+ if ($DontDisplayNetworkSelectionUI) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI'
+ {
+ Key = '\Software\policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DontDisplayNetworkSelectionUI'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableSmartScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\System\EnableSmartScreen'
+ {
+ Key = '\Software\policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableSmartScreen'
+ ValueData = 2
+ }
+ }
+
+ if ($PreventHandwritingDataSharing) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\TabletPC\PreventHandwritingDataSharing'
+ {
+ Key = '\Software\policies\Microsoft\Windows\TabletPC'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventHandwritingDataSharing'
+ ValueData = 1
+ }
+ }
+
+ if ($Force_Tunneling) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling'
+ {
+ Key = '\Software\policies\Microsoft\Windows\TCPIP\v6Transition'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Force_Tunneling'
+ ValueData = 'Enabled'
+ }
+ }
+
+ if ($EnableRegistrars) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WCN\Registrars'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableRegistrars'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableUPnPRegistrar) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WCN\Registrars'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableUPnPRegistrar'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableInBand802DOT11Registrar) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WCN\Registrars'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableInBand802DOT11Registrar'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableFlashConfigRegistrar) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WCN\Registrars'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableFlashConfigRegistrar'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableWPDRegistrar) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WCN\Registrars'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWPDRegistrar'
+ ValueData = 0
+ }
+ }
+
+ if ($MaxWCNDeviceNumber_Delete) {
+ RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows\WCN\Registrars\MaxWCNDeviceNumber'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WCN\Registrars'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxWCNDeviceNumber'
+ ValueData = ''
+ }
+ }
+
+ if ($HigherPrecedenceRegistrar_Delete) {
+ RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows\WCN\Registrars\HigherPrecedenceRegistrar'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WCN\Registrars'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HigherPrecedenceRegistrar'
+ ValueData = ''
+ }
+ }
+
+ if ($DisableWcnUi) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\UI\DisableWcnUi'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WCN\UI'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWcnUi'
+ ValueData = 1
+ }
+ }
+
+ if ($ScenarioExecutionEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ScenarioExecutionEnabled'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowBasic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Client\AllowBasic'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowUnencryptedTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowDigest) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Client\AllowDigest'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDigest'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowBasic_Service) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Service\AllowBasic'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowUnencryptedTraffic_Service) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableRunAs) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Service\DisableRunAs'
+ {
+ Key = '\Software\policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableRunAs'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableHTTPPrinting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableHTTPPrinting'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableWebPnPDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWebPnPDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($DoNotInstallCompatibleDriverFromWindowsUpdate) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DoNotInstallCompatibleDriverFromWindowsUpdate'
+ ValueData = 1
+ }
+ }
+
+ if ($fAllowToGetHelp) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fAllowToGetHelp'
+ ValueData = 0
+ }
+ }
+
+ if ($fAllowFullControl_Delete) {
+ RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowFullControl'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fAllowFullControl'
+ ValueData = ''
+ }
+ }
+
+ if ($MaxTicketExpiry_Delete) {
+ RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiry'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxTicketExpiry'
+ ValueData = ''
+ }
+ }
+
+ if ($MaxTicketExpiryUnits_Delete) {
+ RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiryUnits'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxTicketExpiryUnits'
+ ValueData = ''
+ }
+ }
+
+ if ($fUseMailto_Delete) {
+ RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\fUseMailto'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fUseMailto'
+ ValueData = ''
+ }
+ }
+
+ if ($fPromptForPassword) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fPromptForPassword'
+ ValueData = 1
+ }
+ }
+
+ if ($MinEncryptionLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinEncryptionLevel'
+ ValueData = 3
+ }
+ }
+
+ if ($PerSessionTempDir) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PerSessionTempDir'
+ ValueData = 1
+ }
+ }
+
+ if ($DeleteTempDirsOnExit) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DeleteTempDirsOnExit'
+ ValueData = 1
+ }
+ }
+
+ if ($fAllowUnsolicited) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fAllowUnsolicited'
+ ValueData = 0
+ }
+ }
+
+ if ($fAllowUnsolicitedFullControl_Delete) {
+ RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicitedFullControl'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fAllowUnsolicitedFullControl'
+ ValueData = ''
+ }
+ }
+
+ if ($fEncryptRPCTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fEncryptRPCTraffic'
+ ValueData = 1
+ }
+ }
+
+ if ($DisablePasswordSaving) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePasswordSaving'
+ ValueData = 1
+ }
+ }
+
+ if ($fDisableCdm) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fDisableCdm'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fDisableCdm'
+ ValueData = 1
+ }
+ }
+
+ if ($LoggingEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LoggingEnabled'
+ ValueData = 1
+ }
+ }
+
+ if ($fDisableCcm) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fDisableCcm'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fDisableCcm'
+ ValueData = 1
+ }
+ }
+
+ if ($fDisableLPT) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fDisableLPT'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fDisableLPT'
+ ValueData = 1
+ }
+ }
+
+ if ($fDisablePNPRedir) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fDisablePNPRedir'
+ ValueData = 1
+ }
+ }
+
+ if ($fEnableSmartCard) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fEnableSmartCard'
+ ValueData = 1
+ }
+ }
+
+ if ($RedirectOnlyDefaultClientPrinter) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter'
+ {
+ Key = '\Software\policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RedirectOnlyDefaultClientPrinter'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableAutoUpdate) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\WindowsMediaPlayer\DisableAutoUpdate'
+ {
+ Key = '\Software\policies\Microsoft\WindowsMediaPlayer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableAutoUpdate'
+ ValueData = 1
+ }
+ }
+
+ if ($GroupPrivacyAcceptance) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance'
+ {
+ Key = '\Software\policies\Microsoft\WindowsMediaPlayer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'GroupPrivacyAcceptance'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableOnline) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\WMDRM\DisableOnline'
+ {
+ Key = '\Software\policies\Microsoft\WMDRM'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableOnline'
+ ValueData = 1
+ }
+ }
+
+ if ($UseLogonCredential) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseLogonCredential'
+ ValueData = 0
+ }
+ }
+
+ if ($SafeDllSearchMode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Control\Session Manager'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SafeDllSearchMode'
+ ValueData = 1
+ }
+ }
+
+ if ($DriverLoadPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Policies\EarlyLaunch'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DriverLoadPolicy'
+ ValueData = 1
+ }
+ }
+
+ if ($WarningLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Eventlog\Security'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'WarningLevel'
+ ValueData = 90
+ }
+ }
+
+ if ($NoDefaultExempt) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\IPSEC'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDefaultExempt'
+ ValueData = 3
+ }
+ }
+
+ if ($SMB1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SMB1'
+ ValueData = 0
+ }
+ }
+
+ if ($Start_MrxSmb10) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\MrxSmb10'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Start'
+ ValueData = 4
+ }
+ }
+
+ if ($NoNameReleaseOnDemand) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Netbt\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoNameReleaseOnDemand'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableIPSourceRouting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($EnableICMPRedirect) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableICMPRedirect'
+ ValueData = 0
+ }
+ }
+
+ if ($PerformRouterDiscovery) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PerformRouterDiscovery'
+ ValueData = 0
+ }
+ }
+
+ if ($KeepAliveTime) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'KeepAliveTime'
+ ValueData = 300000
+ }
+ }
+
+ if ($TcpMaxDataRetransmissions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'TcpMaxDataRetransmissions'
+ ValueData = 3
+ }
+ }
+
+ if ($EnableIPAutoConfigurationLimits) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIPAutoConfigurationLimits'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableIPAutoConfigurationLimits'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableIPSourceRouting_Tcpip6) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($TcpMaxDataRetransmissions_Tcpip6) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissions'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'TcpMaxDataRetransmissions'
+ ValueData = 3
+ }
+ }
+
+ if ($AuditCredentialValidation_Success) {
+ AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditCredentialValidation_Failure) {
+ AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditComputerAccountManagement_Success) {
+ AuditPolicySubcategory 'Audit Computer Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Computer Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditComputerAccountManagement_Failure) {
+ AuditPolicySubcategory 'Audit Computer Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Computer Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherAccountManagementEvents_Success) {
+ AuditPolicySubcategory 'Audit Other Account Management Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Account Management Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditOtherAccountManagementEvents_Failure) {
+ AuditPolicySubcategory 'Audit Other Account Management Events (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Other Account Management Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityGroupManagement_Success) {
+ AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security Group Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditSecurityGroupManagement_Failure) {
+ AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security Group Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditUserAccountManagement_Success) {
+ AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditUserAccountManagement_Failure) {
+ AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditProcessCreation_Success) {
+ AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Process Creation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditProcessCreation_Failure) {
+ AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Process Creation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDirectoryServiceAccess_Success) {
+ AuditPolicySubcategory 'Audit Directory Service Access (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Access'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditDirectoryServiceAccess_Failure) {
+ AuditPolicySubcategory 'Audit Directory Service Access (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Access'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDirectoryServiceChanges_Success) {
+ AuditPolicySubcategory 'Audit Directory Service Changes (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Changes'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditDirectoryServiceChanges_Failure) {
+ AuditPolicySubcategory 'Audit Directory Service Changes (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Directory Service Changes'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAccountLockout_Failure) {
+ AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Account Lockout'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ( $AuditAccountLockout_Success) {
+ AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Account Lockout'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogoff_Success) {
+ AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logoff'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditLogoff_Failure) {
+ AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Logoff'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogon_Success) {
+ AuditPolicySubcategory 'Audit Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogon_Failure) {
+ AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSpecialLogon_Success) {
+ AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Special Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditSpecialLogon_Failure) {
+ AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Special Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditRemovableStorage_Success) {
+ AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditRemovableStorage_Failure) {
+ AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditCentralAccessPolicyStaging_Success) {
+ AuditPolicySubcategory 'Audit Central Access Policy Staging (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Central Policy Staging'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditCentralAccessPolicyStaging_Failure) {
+ AuditPolicySubcategory 'Audit Central Access Policy Staging (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Central Policy Staging'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPolicyChange_Success) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditPolicyChange_Failure) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthenticationPolicyChange_Success) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditAuthenticationPolicyChange_Failure) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthorizationPolicyChange_Success) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditAuthorizationPolicyChange_Failure) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUse_Success) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUse_Failure) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditIPsecDriver_Success) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditIPsecDriver_Failure) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherSystemEvents_Success) {
+ AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherSystemEvents_Failure) {
+ AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Failure'
+ }
+ }
+ if ($AuditSecurityStateChange_Success) {
+ AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security State Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditSecurityStateChange_Failure) {
+ AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security State Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecuritySystemExtension_Success) {
+ AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security System Extension'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ( $AuditSecuritySystemExtension_Failure) {
+ AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security System Extension'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSystemIntegrity_Success) {
+ AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSystemIntegrity_Failure) {
+ AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($EnableComputerAndUserAccountsToBeTrustedForDelegation) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ }
+ }
+
+ if ($AllowLogOnThroughRemoteDesktopServices) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_through_Remote_Desktop_Services'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Allow_log_on_through_Remote_Desktop_Services'
+ }
+ }
+
+ if ($BackUpFilesAndDirectories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Back_up_files_and_directories'
+ }
+ }
+
+ if ($ImpersonateAClientAfterAuthentication) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication'
+ {
+ Force = $True
+ Identity = @('*S-1-5-6', '*S-1-5-20', '*S-1-5-19', '*S-1-5-32-544')
+ Policy = 'Impersonate_a_client_after_authentication'
+ }
+ }
+
+ if ($PerformVolumeMaintenanceTasks) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Perform_volume_maintenance_tasks'
+ }
+ }
+
+ if ($AccessThisComputerFromTheNetwork) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-9', '*S-1-5-11', '*S-1-5-32-544')
+ Policy = 'Access_this_computer_from_the_network'
+ }
+ }
+
+ if ($LockPagesInMemory) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Lock_pages_in_memory'
+ }
+ }
+
+ if ($TakeOwnershipOfFilesOrOtherObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Take_ownership_of_files_or_other_objects'
+ }
+ }
+
+ if ($CreatePermanentSharedObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_permanent_shared_objects'
+ }
+ }
+
+ if ($DenyAccessToThisComputerFromTheNetwork) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-546')
+ Policy = 'Deny_access_to_this_computer_from_the_network'
+ }
+ }
+
+ if ($CreateGlobalObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-6', '*S-1-5-20', '*S-1-5-19', '*S-1-5-32-544')
+ Policy = 'Create_global_objects'
+ }
+ }
+
+ if ($DenyLogOnAsABatchJob) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-546')
+ Policy = 'Deny_log_on_as_a_batch_job'
+ }
+ }
+
+ if ($RestoreFilesAndDirectories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Restore_files_and_directories'
+ }
+ }
+
+ if ($AccessCredentialManagerAsATrustedCaller) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Access_Credential_Manager_as_a_trusted_caller'
+ }
+ }
+
+ if ($AddWorkstationsToDomain) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Add_workstations_to_domain'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Add_workstations_to_domain'
+ }
+ }
+
+ if ($DenyLogOnAsAService) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Deny_log_on_as_a_service'
+ }
+ }
+
+ if ($IncreaseSchedulingPriority) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Increase_scheduling_priority'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Increase_scheduling_priority'
+ }
+ }
+
+ if ($ForceShutdownFromARemoteSystem) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Force_shutdown_from_a_remote_system'
+ }
+ }
+
+ if ($GenerateSecurityAudits) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Generate_security_audits'
+ {
+ Force = $True
+ Identity = @('*S-1-5-20', '*S-1-5-19')
+ Policy = 'Generate_security_audits'
+ }
+ }
+
+ if ($DenyLogOnLocally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-546')
+ Policy = 'Deny_log_on_locally'
+ }
+ }
+
+ if ($CreateSymbolicLinks) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_symbolic_links'
+ }
+ }
+
+ if ($DebugPrograms) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Debug_programs'
+ }
+ }
+
+ if ($AllowLogOnLocally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Allow_log_on_locally'
+ }
+ }
+
+ if ($ManageAuditingAndSecurityLog) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Manage_auditing_and_security_log'
+ }
+ }
+
+ if ($ActAsPartOfTheOperatingSystem) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Act_as_part_of_the_operating_system'
+ }
+ }
+
+ if ($ProfileSingleProcess) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Profile_single_process'
+ }
+ }
+
+ if ($CreateATokenObject) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_a_token_object'
+ }
+ }
+
+ if ($LoadAndUnloadDeviceDrivers) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Load_and_unload_device_drivers'
+ }
+ }
+
+ if ($ModifyFirmwareEnvironmentValues) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Modify_firmware_environment_values'
+ }
+ }
+
+ if ($CreateAPagefile) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_a_pagefile'
+ }
+ }
+
+ if ($DenyLogOnThroughRemoteDesktopServices) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-546')
+ Policy = 'Deny_log_on_through_Remote_Desktop_Services'
+ }
+ }
+
+ if ($UACAdminApprovalMode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ {
+ User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled'
+ Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ }
+ }
+
+ if ($RestrictAnonymousAccess) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ {
+ Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled'
+ Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ }
+ }
+
+ if ($RemotelyAccessibleRegistryPaths) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Remotely_accessible_registry_paths_and_subpaths'
+ {
+ Network_access_Remotely_accessible_registry_paths_and_subpaths = 'Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog'
+ Name = 'Network_access_Remotely_accessible_registry_paths_and_subpaths'
+ }
+ }
+
+ if ($SharingAndSecurityModel) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Sharing_and_security_model_for_local_accounts'
+ {
+ Network_access_Sharing_and_security_model_for_local_accounts = 'Classic - Local users authenticate as themselves'
+ Name = 'Network_access_Sharing_and_security_model_for_local_accounts'
+ }
+ }
+
+ if ($RequireStrongSessionKey) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ {
+ Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled'
+ Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ }
+ }
+
+ if ($OnlyElevateUIAccessAppsInSecureLocations) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ {
+ User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled'
+ Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ }
+ }
+
+ if ($IdleTimeBeforeSuspendingSession) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Amount_of_idle_time_required_before_suspending_session'
+ {
+ Name = 'Microsoft_network_server_Amount_of_idle_time_required_before_suspending_session'
+ Microsoft_network_server_Amount_of_idle_time_required_before_suspending_session = '15'
+ }
+ }
+
+ if ($StrongKeyProtection) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer'
+ {
+ Name = 'System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer'
+ System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer = 'User must enter a password each time they use a key'
+ }
+ }
+
+ if ($KerberosEncryptionTypes) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ {
+ Network_security_Configure_encryption_types_allowed_for_Kerberos = 'AES128_HMAC_SHA1'
+ Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ }
+ }
+
+ if ($DigitallySignCommunicationsIfClientAgrees) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_if_client_agrees'
+ {
+ Name = 'Microsoft_network_server_Digitally_sign_communications_if_client_agrees'
+ Microsoft_network_server_Digitally_sign_communications_if_client_agrees = 'Enabled'
+ }
+ }
+
+ if ($UseFIPSCompliantAlgorithms) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ {
+ System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing = 'Enabled'
+ Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ }
+ }
+
+ if ($ShutdownWithoutLogon) {
+ SecurityOption 'SecurityRegistry(INF): Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on'
+ {
+ Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on = 'Disabled'
+ Name = 'Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on'
+ }
+ }
+
+ if ($AuditBackupAndRestorePrivilege) {
+ SecurityOption 'SecurityRegistry(INF): Audit_Audit_the_use_of_Backup_and_Restore_privilege'
+ {
+ Name = 'Audit_Audit_the_use_of_Backup_and_Restore_privilege'
+ Audit_Audit_the_use_of_Backup_and_Restore_privilege = 'Disabled'
+ }
+ }
+
+ if ($DoNotRequireCtrlAltDel) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Do_not_require_CTRL_ALT_DEL'
+ {
+ Interactive_logon_Do_not_require_CTRL_ALT_DEL = 'Disabled'
+ Name = 'Interactive_logon_Do_not_require_CTRL_ALT_DEL'
+ }
+ }
+
+ if ($LANManagerAuthenticationLevel) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level'
+ {
+ Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM'
+ Name = 'Network_security_LAN_Manager_authentication_level'
+ }
+ }
+
+ if ($DisableMachineAccountPasswordChanges) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes'
+ {
+ Domain_member_Disable_machine_account_password_changes = 'Disabled'
+ Name = 'Domain_member_Disable_machine_account_password_changes'
+ }
+ }
+
+ if ($RemotelyAccessibleRegistryPaths) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Remotely_accessible_registry_paths'
+ {
+ Network_access_Remotely_accessible_registry_paths = 'System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion'
+ Name = 'Network_access_Remotely_accessible_registry_paths'
+ }
+ }
+
+ if ($VirtualizeFileAndRegistryWriteFailures) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ {
+ User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled'
+ Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ }
+ }
+
+ if ($LogonMessageTitle) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ {
+ Name = 'Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ Interactive_logon_Message_title_for_users_attempting_to_log_on = 'Warning Statement'
+ }
+ }
+
+ if ($DigitallySignSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ {
+ Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled'
+ Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ }
+ }
+
+ if ($AllowUIAccessApplicationsToPromptForElevation) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop'
+ {
+ User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop = 'Disabled'
+ Name = 'User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop'
+ }
+ }
+
+ if ($SmartCardRemovalBehavior) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior'
+ {
+ Interactive_logon_Smart_card_removal_behavior = 'Lock workstation'
+ Name = 'Interactive_logon_Smart_card_removal_behavior'
+ }
+ }
+
+ if ($LimitLocalAccountUseOfBlankPasswords) {
+ SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ {
+ Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled'
+ }
+ }
+
+ if ($ServerSPNTargetNameValidationLevel) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Server_SPN_target_name_validation_level'
+ {
+ Microsoft_network_server_Server_SPN_target_name_validation_level = 'Off'
+ Name = 'Microsoft_network_server_Server_SPN_target_name_validation_level'
+ }
+ }
+
+ if ($LdapServerSigningRequirements) {
+ SecurityOption 'SecurityRegistry(INF): Domain_controller_LDAP_server_signing_requirements'
+ {
+ Domain_controller_LDAP_server_signing_requirements = 'Require Signing'
+ Name = 'Domain_controller_LDAP_server_signing_requirements'
+ }
+ }
+
+ if ($AllowedToFormatAndEjectRemovableMedia) {
+ SecurityOption 'SecurityRegistry(INF): Devices_Allowed_to_format_and_eject_removable_media'
+ {
+ Devices_Allowed_to_format_and_eject_removable_media = 'Administrators'
+ Name = 'Devices_Allowed_to_format_and_eject_removable_media'
+ }
+ }
+
+ if ($NamedPipesAccessedAnonymously) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Named_Pipes_that_can_be_accessed_anonymously'
+ {
+ Network_access_Named_Pipes_that_can_be_accessed_anonymously = 'lsarpc,netlogon,samr'
+ Name = 'Network_access_Named_Pipes_that_can_be_accessed_anonymously'
+ }
+ }
+
+ if ($SwitchToSecureDesktopForElevation) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation'
+ {
+ User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation = 'Enabled'
+ Name = 'User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation'
+ }
+ }
+
+ if ($MessageTextForUsersLogon) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ {
+ Interactive_logon_Message_text_for_users_attempting_to_log_on = $MessageTextWhenLogging
+ Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ }
+ }
+
+ if ($SharesAccessedAnonymously) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Shares_that_can_be_accessed_anonymously'
+ {
+ Name = 'Network_access_Shares_that_can_be_accessed_anonymously'
+ Network_access_Shares_that_can_be_accessed_anonymously = 'String'
+ }
+ }
+
+ if ($EveryonePermissionsApplyToAnonymousUsers) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ {
+ Network_access_Let_Everyone_permissions_apply_to_anonymous_users = 'Disabled'
+ Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ }
+ }
+
+ if ($DigitallyEncryptSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ {
+ Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled'
+ }
+ }
+
+ if ($ElevationPromptBehaviorForStandardUsers) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ {
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request'
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ }
+ }
+
+ if ($DigitallySignCommunicationsAlways_Server) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always'
+ {
+ Microsoft_network_server_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_server_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($OptionalSubsystemsEnabled) {
+ SecurityOption 'SecurityRegistry(INF): System_settings_Optional_subsystems'
+ {
+ System_settings_Optional_subsystems = 'String'
+ Name = 'System_settings_Optional_subsystems'
+ }
+ }
+
+ if ($DigitallySignCommunicationsAlways_Client) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always'
+ {
+ Microsoft_network_client_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_client_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($MinimumSessionSecurityForNTLM) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked'
+ }
+ }
+
+ if ($PromptUserToChangePasswordBeforeExpiration) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Prompt_user_to_change_password_before_expiration'
+ {
+ Interactive_logon_Prompt_user_to_change_password_before_expiration = '14'
+ Name = 'Interactive_logon_Prompt_user_to_change_password_before_expiration'
+ }
+ }
+
+ if ($RunAllAdministratorsInAdminApprovalMode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ {
+ User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled'
+ Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ }
+ }
+
+ if ($DigitallySignCommunicationsIfServerAgrees) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_if_server_agrees'
+ {
+ Name = 'Microsoft_network_client_Digitally_sign_communications_if_server_agrees'
+ Microsoft_network_client_Digitally_sign_communications_if_server_agrees = 'Enabled'
+ }
+ }
+
+ if ($DetectApplicationInstallationsAndPromptForElevation) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ {
+ User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled'
+ Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ }
+ }
+
+ if ($DoNotAllowAnonymousEnumerationOfSAMAccounts) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled'
+ }
+ }
+
+ if ($AllowLocalSystemToUseComputerIdentityForNTLM) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM'
+ {
+ Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM = 'Enabled'
+ Name = 'Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM'
+ }
+ }
+
+ if ($RequireCaseInsensitivityForNonWindowsSubsystems) {
+ SecurityOption 'SecurityRegistry(INF): System_objects_Require_case_insensitivity_for_non_Windows_subsystems'
+ {
+ Name = 'System_objects_Require_case_insensitivity_for_non_Windows_subsystems'
+ System_objects_Require_case_insensitivity_for_non_Windows_subsystems = 'Enabled'
+ }
+ }
+
+ if ($AllowLocalSystemNULLSessionFallback) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback'
+ {
+ Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback'
+ Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled'
+ }
+ }
+
+ if ($ForceAuditPolicySubcategorySettings) {
+ SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ {
+ Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled'
+ }
+ }
+
+ if ($OnlyElevateSignedAndValidatedExecutables) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_executables_that_are_signed_and_validated'
+ {
+ Name = 'User_Account_Control_Only_elevate_executables_that_are_signed_and_validated'
+ User_Account_Control_Only_elevate_executables_that_are_signed_and_validated = 'Disabled'
+ }
+ }
+
+ if ($AuditAccessOfGlobalSystemObjects) {
+ SecurityOption 'SecurityRegistry(INF): Audit_Audit_the_access_of_global_system_objects'
+ {
+ Name = 'Audit_Audit_the_access_of_global_system_objects'
+ Audit_Audit_the_access_of_global_system_objects = 'Disabled'
+ }
+ }
+
+ if ($SendUnencryptedPasswordToThirdPartySMBServers) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ {
+ Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled'
+ Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ }
+ }
+
+ if ($MinimumSessionSecurityForNTLMSPBASED) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked'
+ }
+ }
+
+ if ($NumberOfPreviousLogonsToCache) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ {
+ Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available = '4'
+ Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ }
+ }
+
+ if ($DoNotDisplayLastUserName) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Do_not_display_last_user_name'
+ {
+ Name = 'Interactive_logon_Do_not_display_last_user_name'
+ Interactive_logon_Do_not_display_last_user_name = 'Enabled'
+ }
+ }
+
+ if ($MaximumMachineAccountPasswordAge) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age'
+ {
+ Name = 'Domain_member_Maximum_machine_account_password_age'
+ Domain_member_Maximum_machine_account_password_age = '30'
+ }
+ }
+
+ if ($DisconnectClientsWhenLogonHoursExpire) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Disconnect_clients_when_logon_hours_expire'
+ {
+ Microsoft_network_server_Disconnect_clients_when_logon_hours_expire = 'Enabled'
+ Name = 'Microsoft_network_server_Disconnect_clients_when_logon_hours_expire'
+ }
+ }
+
+ if ($DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled'
+ }
+ }
+
+ if ($RefuseMachineAccountPasswordChanges) {
+ SecurityOption 'SecurityRegistry(INF): Domain_controller_Refuse_machine_account_password_changes'
+ {
+ Name = 'Domain_controller_Refuse_machine_account_password_changes'
+ Domain_controller_Refuse_machine_account_password_changes = 'Disabled'
+ }
+ }
+
+ if ($PreventUsersFromInstallingPrinterDrivers) {
+ SecurityOption 'SecurityRegistry(INF): Devices_Prevent_users_from_installing_printer_drivers'
+ {
+ Name = 'Devices_Prevent_users_from_installing_printer_drivers'
+ Devices_Prevent_users_from_installing_printer_drivers = 'Enabled'
+ }
+ }
+
+ if ($StrengthenDefaultPermissionsOfInternalSystemObjects) {
+ SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ {
+ System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled'
+ Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ }
+ }
+
+ if ($AllowPKU2UAuthenticationRequestsToUseOnlineIdentities) {
+ SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ {
+ Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities = 'Disabled'
+ Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ }
+ }
+
+ if ($MachineInactivityLimit) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit'
+ {
+ Name = 'Interactive_logon_Machine_inactivity_limit'
+ Interactive_logon_Machine_inactivity_limit = '900'
+ }
+ }
+
+ if ($DoNotStoreLANManagerHashOnNextPasswordChange) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ {
+ Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled'
+ }
+ }
+
+ if ($DigitallyEncryptOrSignSecureChannelDataAlways) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ {
+ Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled'
+ Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ }
+ }
+
+ if ($LDAPClientSigningRequirements) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements'
+ {
+ Name = 'Network_security_LDAP_client_signing_requirements'
+ Network_security_LDAP_client_signing_requirements = 'Negotiate Signing'
+ }
+ }
+
+ if ($ElevationPromptBehaviorForAdmins) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ {
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent'
+ }
+ }
+
+ if ($LockoutDuration) {
+ AccountPolicy 'SecuritySetting(INF): LockoutDuration'
+ {
+ Account_lockout_duration = 15
+ Name = 'Account_lockout_duration'
+ }
+ }
+
+ if ($LockoutBadCount) {
+ AccountPolicy 'SecuritySetting(INF): LockoutBadCount'
+ {
+ Account_lockout_threshold = 3
+ Name = 'Account_lockout_threshold'
+ }
+ }
+ if ($ResetLockoutCount) {
+ AccountPolicy 'SecuritySetting(INF): ResetLockoutCount'
+ {
+ Reset_account_lockout_counter_after = 15
+ Name = 'Reset_account_lockout_counter_after'
+ }
+ }
+
+ if ($RenameGuestAccount) {
+ SecurityOption 'SecuritySetting(INF): NewGuestName'
+ {
+ Name = 'Accounts_Rename_guest_account'
+ Accounts_Rename_guest_account = 'Visitor'
+ }
+ }
+
+ if ($MinimumPasswordAge) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge'
+ {
+ Name = 'Minimum_Password_Age'
+ Minimum_Password_Age = 1
+ }
+ }
+
+ if ($PasswordComplexity) {
+ AccountPolicy 'SecuritySetting(INF): PasswordComplexity'
+ {
+ Password_must_meet_complexity_requirements = 'Enabled'
+ Name = 'Password_must_meet_complexity_requirements'
+ }
+ }
+
+ if ($PasswordHistorySize) {
+ AccountPolicy 'SecuritySetting(INF): PasswordHistorySize'
+ {
+ Name = 'Enforce_password_history'
+ Enforce_password_history = 24
+ }
+ }
+
+ if ($LSAAnonymousNameLookup) {
+ SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup'
+ {
+ Network_access_Allow_anonymous_SID_Name_translation = 'Disabled'
+ Name = 'Network_access_Allow_anonymous_SID_Name_translation'
+ }
+ }
+
+ if ($MinimumPasswordLength) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength'
+ {
+ Name = 'Minimum_Password_Length'
+ Minimum_Password_Length = 14
+ }
+ }
+
+ if ($RenameAdministratorAccount) {
+ SecurityOption 'SecuritySetting(INF): NewAdministratorName'
+ {
+ Accounts_Rename_administrator_account = 'X_Admin'
+ Name = 'Accounts_Rename_administrator_account'
+ }
+ }
+
+ if ($EnableGuestAccount) {
+ SecurityOption 'SecuritySetting(INF): EnableGuestAccount'
+ {
+ Name = 'Accounts_Guest_account_status'
+ Accounts_Guest_account_status = 'Disabled'
+ }
+ }
+
+ if ($ClearTextPassword) {
+ AccountPolicy 'SecuritySetting(INF): ClearTextPassword'
+ {
+ Name = 'Store_passwords_using_reversible_encryption'
+ Store_passwords_using_reversible_encryption = 'Disabled'
+ }
+ }
+
+ if ($MaximumPasswordAge) {
+ AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge'
+ {
+ Maximum_Password_Age = 60
+ Name = 'Maximum_Password_Age'
+ }
+ }
+
+ if ($ForceLogoffWhenHourExpire) {
+ SecurityOption 'SecuritySetting(INF): ForceLogoffWhenHourExpire'
+ {
+ Network_security_Force_logoff_when_logon_hours_expire = 'Enabled'
+ Name = 'Network_security_Force_logoff_when_logon_hours_expire'
+ }
+ }
+
+}
+
diff --git a/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.psd1 b/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.psd1
new file mode 100644
index 0000000..9b3ed15
--- /dev/null
+++ b/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_WinSvr_2016_MS_and_DC_v2r9'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/15/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_WinSvr_2016_MS_and_DC_v2r9.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = 'b4086b75-eb42-48d7-8763-ff1a527deb38'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG for Windows Server 2016'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.schema.psm1 b/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.schema.psm1
new file mode 100644
index 0000000..6cb2d21
--- /dev/null
+++ b/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.schema.psm1
@@ -0,0 +1,2008 @@
+configuration DoD_WinSvr_2016_MS_and_DC_v2r9
+{
+
+ param(
+ [string]$EnterpriseAdmins,
+ [string]$DomainAdmins,
+ [bool]$EnumerateAdministrators = $true,
+ [bool]$NoAutorun = $true,
+ [bool]$NoDriveTypeAutoRun = $true,
+ [bool]$DisableAutomaticRestartSignOn = $true,
+ [bool]$LocalAccountTokenFilterPolicy = $true,
+ [bool]$ProcessCreationIncludeCmdLine_Enabled = $true,
+ [bool]$DisableEnclosureDownload = $true,
+ [bool]$DCSettingIndex = $true,
+ [bool]$ACSettingIndex = $true,
+ [bool]$DisableInventory = $true,
+ [bool]$AllowTelemetry = $true,
+ [bool]$EnableVirtualizationBasedSecurity = $true,
+ [bool]$RequirePlatformSecurityFeatures = $true,
+ [bool]$HypervisorEnforcedCodeIntegrity = $true,
+ [bool]$LsaCfgFlags = $true,
+ [bool]$MaxSizeApplication = $true,
+ [bool]$MaxSizeSecurity = $true,
+ [bool]$MaxSizeSystem = $true,
+ [bool]$NoAutoplayfornonVolume = $true,
+ [bool]$NoBackgroundPolicy = $true,
+ [bool]$NoGPOListChanges = $true,
+ [bool]$EnableUserControl = $true,
+ [bool]$AlwaysInstallElevated = $true,
+ [bool]$AllowInsecureGuestAuth = $true,
+ [bool]$NoLockScreenSlideshow = $true,
+ [bool]$EnableScriptBlockLogging = $true,
+ [bool]$EnableScriptBlockInvocationLogging = $true,
+ [bool]$EnableTranscripting = $true,
+ [bool]$OutputDirectory = $true,
+ [bool]$EnableInvocationHeader = $true,
+ [bool]$DontDisplayNetworkSelectionUI = $true,
+ [bool]$EnumerateLocalUsers = $true,
+ [bool]$EnableSmartScreen = $true,
+ [bool]$AllowIndexingEncryptedStoresOrItems = $true,
+ [bool]$WinRMClientAllowBasic = $true,
+ [bool]$WinRMClientAllowUnencryptedTraffic = $true,
+ [bool]$WinRMClientAllowDigest = $true,
+ [bool]$WinRMServiceAllowBasic = $true,
+ [bool]$WinRMServiceAllowUnencryptedTraffic = $true,
+ [bool]$DisableRunAs = $true,
+ [bool]$DisableWebPnPDownload = $true,
+ [bool]$DisableHTTPPrinting = $true,
+ [bool]$RestrictRemoteClients = $true,
+ [bool]$DisablePasswordSaving = $true,
+ [bool]$fDisableCdm = $true,
+ [bool]$fPromptForPassword = $true,
+ [bool]$fEncryptRPCTraffic = $true,
+ [bool]$MinEncryptionLevel = $true,
+ [bool]$UseLogonCredential = $true,
+ [bool]$SMB1 = $true,
+ [bool]$SMB10Start = $true,
+ [bool]$NoNameReleaseOnDemand = $true,
+ [bool]$DisableIPSourceRouting = $true,
+ [bool]$EnableICMPRedirect = $true,
+ [bool]$DisableIPSourceRoutingIPv6 = $true,
+ [bool]$AuditCredentialValidationSuccess = $true,
+ [bool]$AuditCredentialValidationFailure = $true,
+ [bool]$AuditOtherAccountManagementSuccess = $true,
+ [bool]$AuditOtherAccountManagementFailure = $true,
+ [bool]$AuditSecurityGroupManagementSuccess = $true,
+ [bool]$AuditSecurityGroupManagementFailure = $true,
+ [bool]$AuditUserAccountManagementSuccess = $true,
+ [bool]$AuditUserAccountManagementFailure = $true,
+ [bool]$AuditPNPActivitySuccess = $true,
+ [bool]$AuditPNPActivityFailure = $true,
+ [bool]$AuditProcessCreationSuccess = $true,
+ [bool]$AuditProcessCreationFailure = $true,
+ [bool]$AuditAccountLockoutFailure = $true,
+ [bool]$AuditAccountLockoutSuccess = $true,
+ [bool]$AuditGroupMembershipSuccess = $true,
+ [bool]$AuditGroupMembershipFailure = $true,
+ [bool]$AuditLogoffSuccess = $true,
+ [bool]$AuditLogoffFailure = $true,
+ [bool]$AuditLogonSuccess = $true,
+ [bool]$AuditLogonFailure = $true,
+ [bool]$AuditSpecialLogonSuccess = $true,
+ [bool]$AuditSpecialLogonFailure = $true,
+ [bool]$AuditOtherObjectAccessEventsSuccess = $true,
+ [bool]$AuditOtherObjectAccessEventsFailure = $true,
+ [bool]$AuditRemovableStorageSuccess = $true,
+ [bool]$AuditRemovableStorageFailure = $true,
+ [bool]$AuditPolicyChangeSuccess = $true,
+ [bool]$AuditPolicyChangeFailure = $true,
+ [bool]$AuditAuthenticationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthenticationPolicyChangeFailure = $true,
+ [bool]$AuditAuthorizationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthorizationPolicyChangeFailure = $true,
+ [bool]$AuditSensitivePrivilegeUseSuccess = $true,
+ [bool]$AuditSensitivePrivilegeUseFailure = $true,
+ [bool]$AuditIPsecDriverSuccess = $true,
+ [bool]$AuditIPsecDriverFailure = $true,
+ [bool]$AuditOtherSystemEventsSuccess = $true,
+ [bool]$AuditOtherSystemEventsFailure = $true,
+ [bool]$AuditSecurityStateChangeSuccess = $true,
+ [bool]$AuditSecurityStateChangeFailure = $true,
+ [bool]$AuditSecuritySystemExtensionSuccess = $true,
+ [bool]$AuditSecuritySystemExtensionFailure = $true,
+ [bool]$AuditSystemIntegritySuccess = $true,
+ [bool]$AuditSystemIntegrityFailure = $true,
+ [bool]$AuditComputerAccountManagementSuccess = $true,
+ [bool]$AuditComputerAccountManagementFailure = $true,
+ [bool]$AuditDirectoryServiceAccessSuccess = $true,
+ [bool]$AuditDirectoryServiceAccessFailure = $true,
+ [bool]$AuditDirectoryServiceChangesSuccess = $true,
+ [bool]$AuditDirectoryServiceChangesFailure = $true,
+ [bool]$UserAccountControlRunAllAdminsInAdminApprovalMode = $true,
+ [bool]$NetworkAccessRestrictAnonymousAccess = $true,
+ [bool]$DomainMemberRequireStrongSessionKey = $true,
+ [bool]$UserAccountControlOnlyElevateUIAccess = $true,
+ [bool]$SystemCryptographyForceStrongKeyProtection = $true,
+ [bool]$NetworkSecurityConfigureEncryptionTypesAllowedForKerberos = $true,
+ [bool]$MicrosoftNetworkServerDigitallySignCommunications = $true,
+ [bool]$NetworkAccessRestrictClientsAllowedToMakeRemoteCalls = $true,
+ [bool]$SystemCryptographyUseFIPSCompliantAlgorithms = $true,
+ [bool]$NetworkSecurityLANManagerAuthenticationLevel = $true,
+ [bool]$NetworkSecurityAllowLocalSystemToUseComputerIdentity = $true,
+ [bool]$InteractiveLogonMessageTitle = $true,
+ [bool]$DomainMemberDigitallySignSecureChannelData = $true,
+ [bool]$UserAccountControlAllowUIAccessApplications = $true,
+ [bool]$InteractiveLogonSmartCardRemovalBehavior = $true,
+ [bool]$AccountsLimitLocalAccountUseOfBlankPasswords = $true,
+ [bool]$UserAccountControlVirtualizeWriteFailures = $true,
+ [bool]$InteractiveLogonMessageText = $true,
+ [string]$InteractiveLogonMessageText_Input,
+ [bool]$NetworkAccessLetEveryonePermissionsApply = $true,
+ [bool]$DomainMemberDigitallyEncryptSecureChannelData = $true,
+ [bool]$UserAccountControlBehaviorOfElevationPrompt = $true,
+ [bool]$MicrosoftNetworkServerDigitallySignCommunicationsAlways = $true,
+ [bool]$MicrosoftNetworkClientDigitallySignCommunicationsAlways = $true,
+ [bool]$NetworkSecurityMinimumSessionSecurityForNTLMSSP = $true,
+ [bool]$DomainMemberDisableMachineAccountPasswordChanges = $true,
+ [bool]$MicrosoftNetworkClientDigitallySignCommunicationsIfServerAgrees = $true,
+ [bool]$UserAccountControlDetectApplicationInstallations = $true,
+ [bool]$NetworkAccessDoNotAllowAnonymousEnumerationSAMAccounts = $true,
+ [bool]$NetworkSecurityAllowLocalSystemNullSessionFallback = $true,
+ [bool]$UserAccountControlAdminApprovalMode = $true,
+ [bool]$MicrosoftNetworkClientSendUnencryptedPassword = $true,
+ [bool]$NetworkSecurityMinimumSessionSecurityForNTLMSSPServers = $true,
+ [bool]$InteractiveLogonNumberOfPreviousLogonsToCache = $true,
+ [bool]$DomainMemberMaximumMachineAccountPasswordAge = $true,
+ [bool]$NetworkAccessDoNotAllowAnonymousEnumerationSAMAndShares = $true,
+ [bool]$AuditForceAuditPolicySubcategorySettings = $true,
+ [bool]$SystemObjectsStrengthenDefaultPermissions = $true,
+ [bool]$NetworkSecurityAllowPKU2UAuthenticationRequests = $true,
+ [bool]$InteractiveLogonMachineInactivityLimit = $true,
+ [bool]$NetworkSecurityDoNotStoreLANManagerHash = $true,
+ [bool]$DomainMemberDigitallyEncryptOrSignDataAlways = $true,
+ [bool]$NetworkSecurityLDAPClientSigningRequirements = $true,
+ [bool]$UserAccountControlBehaviorElevationPrompt = $true,
+ [bool]$AccountLockoutDurationEnabled = $true,
+ [bool]$AccountLockoutThresholdEnabled = $true,
+ [bool]$ResetAccountLockoutCount = $true,
+ [bool]$AccountsRenameGuestAccount = $true,
+ [bool]$MinimumPasswordAgeEnabled = $true,
+ [bool]$PasswordComplexityEnabled = $true,
+ [bool]$PasswordHistoryEnforcementEnabled = $true,
+ [bool]$NetworkAccessAllowAnonymousSIDNameTranslation = $true,
+ [bool]$MinimumPasswordLengthEnabled = $true,
+ [bool]$AccountsRenameAdministratorAccount = $true,
+ [bool]$AccountsGuestAccountStatusEnabled = $true,
+ [bool]$MaximumPasswordAgeEnabled = $true,
+ [bool]$ClearTextPasswordEnabled = $true,
+ [bool]$EnableComputerAndUserAccountsTrustedForDelegation = $true,
+ [bool]$AccessThisComputerFromTheNetwork = $true,
+ [bool]$BackUpFilesAndDirectories = $true,
+ [bool]$ImpersonateClientAfterAuthentication = $true,
+ [bool]$PerformVolumeMaintenanceTasks = $true,
+ [bool]$LoadAndUnloadDeviceDrivers = $true,
+ [bool]$LockPagesInMemory = $true,
+ [bool]$TakeOwnershipOfFilesOrOtherObjects = $true,
+ [bool]$CreatePermanentSharedObjects = $true,
+ [bool]$DenyAccessToThisComputerFromTheNetwork = $true,
+ [bool]$CreateGlobalObjects = $true,
+ [bool]$DenyLogOnAsABatchJob = $true,
+ [bool]$RestoreFilesAndDirectories = $true,
+ [bool]$AccessCredentialManagerAsTrustedCaller = $true,
+ [bool]$DenyLogOnAsAService = $true,
+ [bool]$IncreaseSchedulingPriority = $true,
+ [bool]$ForceShutdownFromRemoteSystem = $true,
+ [bool]$GenerateSecurityAudits = $true,
+ [bool]$DenyLogOnLocally = $true,
+ [bool]$CreateSymbolicLinks = $true,
+ [bool]$DebugPrograms = $true,
+ [bool]$AllowLogOnLocally = $true,
+ [bool]$ManageAuditingAndSecurityLog = $true,
+ [bool]$ActAsPartOfTheOperatingSystem = $true,
+ [bool]$ProfileSingleProcess = $true,
+ [bool]$CreateATokenObject = $true,
+ [bool]$ModifyFirmwareEnvironmentValues = $true,
+ [bool]$CreateAPagefile = $true,
+ [bool]$DenyLogOnThroughRemoteDesktopServices = $true,
+ [bool]$DomainControllerLDAPServerSigningRequirements = $true,
+ [bool]$DomainControllerRefuseMachineAccountPasswordChanges = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($EnumerateAdministrators) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateAdministrators'
+ ValueData = 0
+ }
+ }
+
+ if ($NoAutorun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutorun'
+ ValueData = 1
+ }
+ }
+
+ if ($NoDriveTypeAutoRun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDriveTypeAutoRun'
+ ValueData = 255
+ }
+ }
+
+ if ($DisableAutomaticRestartSignOn) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableAutomaticRestartSignOn'
+ ValueData = 1
+ }
+ }
+
+ if ($LocalAccountTokenFilterPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LocalAccountTokenFilterPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($ProcessCreationIncludeCmdLine_Enabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ProcessCreationIncludeCmdLine_Enabled'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableEnclosureDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableEnclosureDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($DCSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex'
+ {
+ Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DCSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($ACSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex'
+ {
+ Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ACSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableInventory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\AppCompat'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableInventory'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowTelemetry) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DataCollection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowTelemetry'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableVirtualizationBasedSecurity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableVirtualizationBasedSecurity'
+ ValueData = 1
+ }
+ }
+
+ if ($RequirePlatformSecurityFeatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RequirePlatformSecurityFeatures'
+ ValueData = 1
+ }
+ }
+
+ if ($HypervisorEnforcedCodeIntegrity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HypervisorEnforcedCodeIntegrity'
+ ValueData = 0
+ }
+ }
+
+ if ($LsaCfgFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LsaCfgFlags'
+ ValueData = 1
+ }
+ }
+
+ if ($MaxSizeApplication) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\Application'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($MaxSizeSecurity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\Security'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 196608
+ }
+ }
+
+ if ($MaxSizeSystem) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($NoAutoplayfornonVolume) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutoplayfornonVolume'
+ ValueData = 1
+ }
+ }
+
+ if ($NoBackgroundPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoBackgroundPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($NoGPOListChanges) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoGPOListChanges'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableUserControl) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableUserControl'
+ ValueData = 0
+ }
+ }
+
+ if ($AlwaysInstallElevated) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AlwaysInstallElevated'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowInsecureGuestAuth) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\LanmanWorkstation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowInsecureGuestAuth'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableScriptBlockLogging) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockLogging'
+ ValueData = 1
+ }
+ }
+
+ if ($NoLockScreenSlideshow) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Personalization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoLockScreenSlideshow'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableScriptBlockInvocationLogging) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockInvocationLogging'
+ ValueData = ''
+ }
+ }
+
+ # The following registry settings require String type handling for HardenedPaths,
+ # thus they are implemented as separate conditions.
+ if ($true) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\NETLOGON'
+ ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1'
+ }
+ }
+
+ if ($true) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\SYSVOL'
+ ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1'
+ }
+ }
+ if ($EnableTranscripting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableTranscripting'
+ ValueData = 1
+ }
+ }
+
+ if ($OutputDirectory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'OutputDirectory'
+ ValueData = 'C:\ProgramData\PS_Transcript'
+ }
+ }
+
+ if ($EnableInvocationHeader) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableInvocationHeader'
+ ValueData = ''
+ }
+ }
+
+ if ($DontDisplayNetworkSelectionUI) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DontDisplayNetworkSelectionUI'
+ ValueData = 1
+ }
+ }
+
+ if ($EnumerateLocalUsers) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateLocalUsers'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableSmartScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableSmartScreen'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowIndexingEncryptedStoresOrItems) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Windows Search'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowIndexingEncryptedStoresOrItems'
+ ValueData = 0
+ }
+ }
+
+ if ($WinRMClientAllowBasic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if ($WinRMClientAllowUnencryptedTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($WinRMClientAllowDigest) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDigest'
+ ValueData = 0
+ }
+ }
+
+ if ($WinRMServiceAllowBasic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if ($WinRMServiceAllowUnencryptedTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableRunAs) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableRunAs'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableWebPnPDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWebPnPDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableHTTPPrinting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableHTTPPrinting'
+ ValueData = 1
+ }
+ }
+
+ if ($RestrictRemoteClients) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Rpc'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RestrictRemoteClients'
+ ValueData = 1
+ }
+ }
+
+ if ($DisablePasswordSaving) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePasswordSaving'
+ ValueData = 1
+ }
+ }
+
+ if ($fDisableCdm) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fDisableCdm'
+ ValueData = 1
+ }
+ }
+
+ if ($fPromptForPassword) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fPromptForPassword'
+ ValueData = 1
+ }
+ }
+
+ if ($fEncryptRPCTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fEncryptRPCTraffic'
+ ValueData = 1
+ }
+ }
+
+ if ($MinEncryptionLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinEncryptionLevel'
+ ValueData = 3
+ }
+ }
+
+ if ($UseLogonCredential) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential'
+ {
+ Key = 'System\CurrentControlSet\Control\SecurityProviders\WDigest'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseLogonCredential'
+ ValueData = 0
+ }
+ }
+
+ if ($SMB1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters\SMB1'
+ {
+ Key = 'System\CurrentControlSet\Services\LanmanServer\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SMB1'
+ ValueData = 0
+ }
+ }
+
+ if ($SMB10Start) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\MrxSmb10\Start'
+ {
+ Key = 'System\CurrentControlSet\Services\MrxSmb10'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Start'
+ ValueData = 4
+ }
+ }
+
+ if ($NoNameReleaseOnDemand) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand'
+ {
+ Key = 'System\CurrentControlSet\Services\Netbt\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoNameReleaseOnDemand'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableIPSourceRouting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting'
+ {
+ Key = 'System\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($EnableICMPRedirect) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect'
+ {
+ Key = 'System\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableICMPRedirect'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableIPSourceRoutingIPv6) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting'
+ {
+ Key = 'System\CurrentControlSet\Services\Tcpip6\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($AuditCredentialValidationSuccess) {
+ AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditCredentialValidationFailure) {
+ AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherAccountManagementSuccess) {
+ AuditPolicySubcategory 'Audit Other Account Management Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Account Management Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherAccountManagementFailure) {
+ AuditPolicySubcategory 'Audit Other Account Management Events (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Other Account Management Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityGroupManagementSuccess) {
+ AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security Group Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSecurityGroupManagementFailure) {
+ AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security Group Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditUserAccountManagementSuccess) {
+ AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditUserAccountManagementFailure) {
+ AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPNPActivitySuccess) {
+ AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditPNPActivityFailure) {
+ AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditProcessCreationSuccess) {
+ AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Process Creation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditProcessCreationFailure) {
+ AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Process Creation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAccountLockoutFailure) {
+ AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Account Lockout'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAccountLockoutSuccess) {
+ AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Account Lockout'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditGroupMembershipSuccess) {
+ AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Group Membership'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditGroupMembershipFailure) {
+ AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Group Membership'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogoffSuccess) {
+ AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logoff'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogoffFailure) {
+ AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Logoff'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogonSuccess) {
+ AuditPolicySubcategory 'Audit Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogonFailure) {
+ AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSpecialLogonSuccess) {
+ AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Special Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSpecialLogonFailure) {
+ AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Special Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherObjectAccessEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherObjectAccessEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditRemovableStorageSuccess) {
+ AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditRemovableStorageFailure) {
+ AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthenticationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditAuthenticationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthorizationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditAuthorizationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseSuccess) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseFailure) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditIPsecDriverSuccess) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditIPsecDriverFailure) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherSystemEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherSystemEventsFailure) {
+ AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityStateChangeSuccess) {
+ AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security State Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSecurityStateChangeFailure) {
+ AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security State Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecuritySystemExtensionSuccess) {
+ AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security System Extension'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSecuritySystemExtensionFailure) {
+ AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security System Extension'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSystemIntegritySuccess) {
+ AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSystemIntegrityFailure) {
+ AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditComputerAccountManagementSuccess) {
+ AuditPolicySubcategory 'Audit Computer Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Computer Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditComputerAccountManagementFailure) {
+ AuditPolicySubcategory 'Audit Computer Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Computer Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDirectoryServiceAccessSuccess) {
+ AuditPolicySubcategory 'Audit Directory Service Access (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Access'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditDirectoryServiceAccessFailure) {
+ AuditPolicySubcategory 'Audit Directory Service Access (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Access'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDirectoryServiceChangesSuccess) {
+ AuditPolicySubcategory 'Audit Directory Service Changes (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Changes'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditDirectoryServiceChangesFailure) {
+ AuditPolicySubcategory 'Audit Directory Service Changes (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Directory Service Changes'
+ AuditFlag = 'Failure'
+ }
+ }
+ if ($UserAccountControlRunAllAdminsInAdminApprovalMode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ {
+ User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled'
+ Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ }
+ }
+
+ if ($NetworkAccessRestrictAnonymousAccess) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ {
+ Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled'
+ Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ }
+ }
+
+ if ($DomainMemberRequireStrongSessionKey) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ {
+ Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled'
+ }
+ }
+
+ if ($UserAccountControlOnlyElevateUIAccess) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ {
+ User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled'
+ Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ }
+ }
+
+ if ($SystemCryptographyForceStrongKeyProtection) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer'
+ {
+ Name = 'System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer'
+ System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer = 'User must enter a password each time they use a key'
+ }
+ }
+
+ if ($NetworkSecurityConfigureEncryptionTypesAllowedForKerberos) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ {
+ Network_security_Configure_encryption_types_allowed_for_Kerberos = '2147483640'
+ Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ }
+ }
+
+ if ($MicrosoftNetworkServerDigitallySignCommunications) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_if_client_agrees'
+ {
+ Name = 'Microsoft_network_server_Digitally_sign_communications_if_client_agrees'
+ Microsoft_network_server_Digitally_sign_communications_if_client_agrees = 'Enabled'
+ }
+ }
+ if ($NetworkAccessRestrictClientsAllowedToMakeRemoteCalls) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+ {
+ Name = 'Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+ Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = 'O:BAG:BAD:(A;;RC;;;BA)'
+ }
+ }
+
+ if ($SystemCryptographyUseFIPSCompliantAlgorithms) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ {
+ System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing = 'Enabled'
+ Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ }
+ }
+
+ if ($NetworkSecurityLANManagerAuthenticationLevel) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level'
+ {
+ Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM'
+ Name = 'Network_security_LAN_Manager_authentication_level'
+ }
+ }
+
+ if ($NetworkSecurityAllowLocalSystemToUseComputerIdentity) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM'
+ {
+ Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM = 'Enabled'
+ Name = 'Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM'
+ }
+ }
+
+ if ($InteractiveLogonMessageTitle) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ {
+ Name = 'Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ Interactive_logon_Message_title_for_users_attempting_to_log_on = 'US Department of Defense Warning Statement'
+ }
+ }
+
+ if ($DomainMemberDigitallySignSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ {
+ Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled'
+ Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ }
+ }
+ if ($UserAccountControlAllowUIAccessApplications) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop'
+ {
+ User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop = 'Disabled'
+ Name = 'User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop'
+ }
+ }
+
+ if ($InteractiveLogonSmartCardRemovalBehavior) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior'
+ {
+ Interactive_logon_Smart_card_removal_behavior = 'Lock workstation'
+ Name = 'Interactive_logon_Smart_card_removal_behavior'
+ }
+ }
+
+ if ($AccountsLimitLocalAccountUseOfBlankPasswords) {
+ SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ {
+ Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled'
+ }
+ }
+
+ if ($UserAccountControlVirtualizeWriteFailures) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ {
+ User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled'
+ Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ }
+ }
+
+ if ($InteractiveLogonMessageText) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ {
+ Interactive_logon_Message_text_for_users_attempting_to_log_on = $InteractiveLogonMessageText_Input
+ Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ }
+ }
+
+ if ($NetworkAccessLetEveryonePermissionsApply) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ {
+ Network_access_Let_Everyone_permissions_apply_to_anonymous_users = 'Disabled'
+ Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ }
+ }
+
+ if ($DomainMemberDigitallyEncryptSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ {
+ Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled'
+ }
+ }
+
+ if ($UserAccountControlBehaviorOfElevationPrompt) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ {
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request'
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ }
+ }
+
+ if ($MicrosoftNetworkServerDigitallySignCommunicationsAlways) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always'
+ {
+ Microsoft_network_server_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_server_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($MicrosoftNetworkClientDigitallySignCommunicationsAlways) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always'
+ {
+ Microsoft_network_client_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_client_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($NetworkSecurityMinimumSessionSecurityForNTLMSSP) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked'
+ }
+ }
+
+ if ($DomainMemberDisableMachineAccountPasswordChanges) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes'
+ {
+ Domain_member_Disable_machine_account_password_changes = 'Disabled'
+ Name = 'Domain_member_Disable_machine_account_password_changes'
+ }
+ }
+
+ if ($MicrosoftNetworkClientDigitallySignCommunicationsIfServerAgrees) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_if_server_agrees'
+ {
+ Name = 'Microsoft_network_client_Digitally_sign_communications_if_server_agrees'
+ Microsoft_network_client_Digitally_sign_communications_if_server_agrees = 'Enabled'
+ }
+ }
+
+ if ($UserAccountControlDetectApplicationInstallations) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ {
+ User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled'
+ Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ }
+ }
+
+ if ($NetworkAccessDoNotAllowAnonymousEnumerationSAMAccounts) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled'
+ }
+ }
+
+ if ($NetworkSecurityAllowLocalSystemNullSessionFallback) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback'
+ {
+ Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback'
+ Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled'
+ }
+ }
+
+ if ($UserAccountControlAdminApprovalMode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ {
+ User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled'
+ Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ }
+ }
+
+ if ($MicrosoftNetworkClientSendUnencryptedPassword) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ {
+ Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled'
+ Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ }
+ }
+
+ if ($NetworkSecurityMinimumSessionSecurityForNTLMSSPServers) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked'
+ }
+ }
+
+ if ($InteractiveLogonNumberOfPreviousLogonsToCache) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ {
+ Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available = '4'
+ Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ }
+ }
+
+ if ($DomainMemberMaximumMachineAccountPasswordAge) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age'
+ {
+ Name = 'Domain_member_Maximum_machine_account_password_age'
+ Domain_member_Maximum_machine_account_password_age = '30'
+ }
+ }
+
+ if ($NetworkAccessDoNotAllowAnonymousEnumerationSAMAndShares) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled'
+ }
+ }
+
+ if ($AuditForceAuditPolicySubcategorySettings) {
+ SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ {
+ Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled'
+ }
+ }
+
+ if ($SystemObjectsStrengthenDefaultPermissions) {
+ SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ {
+ System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled'
+ Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ }
+ }
+
+ if ($NetworkSecurityAllowPKU2UAuthenticationRequests) {
+ SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ {
+ Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities = 'Disabled'
+ Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ }
+ }
+
+ if ($InteractiveLogonMachineInactivityLimit) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit'
+ {
+ Name = 'Interactive_logon_Machine_inactivity_limit'
+ Interactive_logon_Machine_inactivity_limit = '900'
+ }
+ }
+
+ if ($NetworkSecurityDoNotStoreLANManagerHash) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ {
+ Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled'
+ }
+ }
+
+ if ($DomainMemberDigitallyEncryptOrSignDataAlways) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ {
+ Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled'
+ Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ }
+ }
+
+ if ($NetworkSecurityLDAPClientSigningRequirements) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements'
+ {
+ Name = 'Network_security_LDAP_client_signing_requirements'
+ Network_security_LDAP_client_signing_requirements = 'Negotiate Signing'
+ }
+ }
+
+ if ($UserAccountControlBehaviorElevationPrompt) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ {
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop'
+ }
+ }
+
+ if ($AccountLockoutDurationEnabled) {
+ AccountPolicy 'SecuritySetting(INF): LockoutDuration'
+ {
+ Account_lockout_duration = 15
+ Name = 'Account_lockout_duration'
+ }
+ }
+
+ if ($AccountLockoutThresholdEnabled) {
+ AccountPolicy 'SecuritySetting(INF): LockoutBadCount'
+ {
+ Account_lockout_threshold = 3
+ Name = 'Account_lockout_threshold'
+ }
+ }
+
+ if ($ResetAccountLockoutCount) {
+ AccountPolicy 'SecuritySetting(INF): ResetLockoutCount'
+ {
+ Reset_account_lockout_counter_after = 15
+ Name = 'Reset_account_lockout_counter_after'
+ }
+ }
+
+ if ($AccountsRenameGuestAccount) {
+ SecurityOption 'SecuritySetting(INF): NewGuestName'
+ {
+ Name = 'Accounts_Rename_guest_account'
+ Accounts_Rename_guest_account = 'Visitor'
+ }
+ }
+
+ if ($MinimumPasswordAgeEnabled) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge'
+ {
+ Name = 'Minimum_Password_Age'
+ Minimum_Password_Age = 1
+ }
+ }
+
+ if ($PasswordComplexityEnabled) {
+ AccountPolicy 'SecuritySetting(INF): PasswordComplexity'
+ {
+ Password_must_meet_complexity_requirements = 'Enabled'
+ Name = 'Password_must_meet_complexity_requirements'
+ }
+ }
+
+ if ($PasswordHistoryEnforcementEnabled) {
+ AccountPolicy 'SecuritySetting(INF): PasswordHistorySize'
+ {
+ Name = 'Enforce_password_history'
+ Enforce_password_history = 24
+ }
+ }
+
+ if ($NetworkAccessAllowAnonymousSIDNameTranslation) {
+ SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup'
+ {
+ Network_access_Allow_anonymous_SID_Name_translation = 'Disabled'
+ Name = 'Network_access_Allow_anonymous_SID_Name_translation'
+ }
+ }
+
+ if ($MinimumPasswordLengthEnabled) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength'
+ {
+ Name = 'Minimum_Password_Length'
+ Minimum_Password_Length = 14
+ }
+ }
+
+ if ($AccountsRenameAdministratorAccount) {
+ SecurityOption 'SecuritySetting(INF): NewAdministratorName'
+ {
+ Accounts_Rename_administrator_account = 'X_Admin'
+ Name = 'Accounts_Rename_administrator_account'
+ }
+ }
+
+ if ($AccountsGuestAccountStatusEnabled) {
+ SecurityOption 'SecuritySetting(INF): EnableGuestAccount'
+ {
+ Name = 'Accounts_Guest_account_status'
+ Accounts_Guest_account_status = 'Disabled'
+ }
+ }
+
+ if ($MaximumPasswordAgeEnabled) {
+ AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge'
+ {
+ Maximum_Password_Age = 60
+ Name = 'Maximum_Password_Age'
+ }
+ }
+
+ if ($ClearTextPasswordEnabled) {
+ AccountPolicy 'SecuritySetting(INF): ClearTextPassword'
+ {
+ Name = 'Store_passwords_using_reversible_encryption'
+ Store_passwords_using_reversible_encryption = 'Disabled'
+ }
+ }
+
+ if ($EnableComputerAndUserAccountsTrustedForDelegation) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ }
+ }
+
+ if ($AccessThisComputerFromTheNetwork) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-11', '*S-1-5-32-544')
+ Policy = 'Access_this_computer_from_the_network'
+ }
+ }
+
+ if ($BackUpFilesAndDirectories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Back_up_files_and_directories'
+ }
+ }
+
+ if ($ImpersonateClientAfterAuthentication) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544', '*S-1-5-19', '*S-1-5-20', '*S-1-5-6')
+ Policy = 'Impersonate_a_client_after_authentication'
+ }
+ }
+
+ if ($PerformVolumeMaintenanceTasks) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Perform_volume_maintenance_tasks'
+ }
+ }
+
+ if ($LoadAndUnloadDeviceDrivers) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Load_and_unload_device_drivers'
+ }
+ }
+
+ if ($LockPagesInMemory) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Lock_pages_in_memory'
+ }
+ }
+
+ if ($TakeOwnershipOfFilesOrOtherObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Take_ownership_of_files_or_other_objects'
+ }
+ }
+
+ if ($CreatePermanentSharedObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_permanent_shared_objects'
+ }
+ }
+
+ if ($DenyAccessToThisComputerFromTheNetwork) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-113', '*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_access_to_this_computer_from_the_network'
+ }
+ }
+
+ if ($CreateGlobalObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544', '*S-1-5-19', '*S-1-5-20', '*S-1-5-6')
+ Policy = 'Create_global_objects'
+ }
+ }
+
+ if ($DenyLogOnAsABatchJob) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_as_a_batch_job'
+ }
+ }
+
+ if ($RestoreFilesAndDirectories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Restore_files_and_directories'
+ }
+ }
+
+ if ($AccessCredentialManagerAsTrustedCaller) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Access_Credential_Manager_as_a_trusted_caller'
+ }
+ }
+
+ if ($DenyLogOnAsAService) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service'
+ {
+ Force = $True
+ Identity = @($EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_as_a_service'
+ }
+ }
+
+ if ($IncreaseSchedulingPriority) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Increase_scheduling_priority'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Increase_scheduling_priority'
+ }
+ }
+
+ if ($ForceShutdownFromRemoteSystem) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Force_shutdown_from_a_remote_system'
+ }
+ }
+
+ if ($GenerateSecurityAudits) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Generate_security_audits'
+ {
+ Force = $True
+ Identity = @('*S-1-5-19', '*S-1-5-20')
+ Policy = 'Generate_security_audits'
+ }
+ }
+
+ if ($DenyLogOnLocally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_locally'
+ }
+ }
+
+ if ($CreateSymbolicLinks) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_symbolic_links'
+ }
+ }
+
+ if ($DebugPrograms) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Debug_programs'
+ }
+ }
+
+ if ($AllowLogOnLocally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Allow_log_on_locally'
+ }
+ }
+
+ if ($ManageAuditingAndSecurityLog) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Manage_auditing_and_security_log'
+ }
+ }
+
+ if ($ActAsPartOfTheOperatingSystem) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Act_as_part_of_the_operating_system'
+ }
+ }
+
+ if ($ProfileSingleProcess) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Profile_single_process'
+ }
+ }
+
+ if ($CreateATokenObject) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_a_token_object'
+ }
+ }
+
+ if ($ModifyFirmwareEnvironmentValues) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Modify_firmware_environment_values'
+ }
+ }
+
+ if ($CreateAPagefile) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_a_pagefile'
+ }
+ }
+
+ if ($DenyLogOnThroughRemoteDesktopServices) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services'
+ {
+ Force = $True
+ Identity = @('*S-1-5-113', '*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_through_Remote_Desktop_Services'
+ }
+ }
+
+ if ($DomainControllerLDAPServerSigningRequirements) {
+ SecurityOption 'SecurityRegistry(INF): Domain_controller_LDAP_server_signing_requirements'
+ {
+ Domain_controller_LDAP_server_signing_requirements = 'Require Signing'
+ Name = 'Domain_controller_LDAP_server_signing_requirements'
+ }
+ }
+
+ if ($DomainControllerRefuseMachineAccountPasswordChanges) {
+ SecurityOption 'SecurityRegistry(INF): Domain_controller_Refuse_machine_account_password_changes'
+ {
+ Name = 'Domain_controller_Refuse_machine_account_password_changes'
+ Domain_controller_Refuse_machine_account_password_changes = 'Disabled'
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.psd1 b/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.psd1
new file mode 100644
index 0000000..39d3633
--- /dev/null
+++ b/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_WinSvr_2019_MS_and_DC_v3r2'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/15/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_WinSvr_2019_MS_and_DC_v3r2.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = 'd03ebb8e-5991-4f30-93d8-4b1532201a3a'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG Settings for Windows Server 2019'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.schema.psm1 b/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.schema.psm1
new file mode 100644
index 0000000..5442364
--- /dev/null
+++ b/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.schema.psm1
@@ -0,0 +1,2110 @@
+configuration DoD_WinSvr_2019_MS_and_DC_v3r2
+{
+
+ param(
+ [string]$EnterpriseAdmins,
+ [string]$DomainAdmins,
+ [bool]$EnumerateAdministrators = $true,
+ [bool]$NoAutorun = $true,
+ [bool]$NoDriveTypeAutoRun = $true,
+ [bool]$PasswordComplexity = $true,
+ [bool]$PasswordLength = $true,
+ [bool]$PasswordAgeDays = $true,
+ [bool]$DisableAutomaticRestartSignOn = $true,
+ [bool]$LocalAccountTokenFilterPolicy = $true,
+ [bool]$ProcessCreationIncludeCmdLine_Enabled = $true,
+ [bool]$DisableEnclosureDownload = $true,
+ [bool]$DCSettingIndex = $true,
+ [bool]$ACSettingIndex = $true,
+ [bool]$DisableInventory = $true,
+ [bool]$AllowProtectedCreds = $true,
+ [bool]$AllowTelemetry = $true,
+ [bool]$DODownloadMode = $true,
+ [bool]$EnableVirtualizationBasedSecurity = $true,
+ [bool]$RequirePlatformSecurityFeatures = $true,
+ [bool]$HypervisorEnforcedCodeIntegrity = $true,
+ [bool]$HVCIMATRequired = $true,
+ [bool]$LsaCfgFlags = $true,
+ [bool]$ConfigureSystemGuardLaunch = $true,
+ [bool]$MaxSizeApplication = $true,
+ [bool]$MaxSizeSecurity = $true,
+ [bool]$MaxSizeSystem = $true,
+ [bool]$NoAutoplayfornonVolume = $true,
+ [bool]$NoBackgroundPolicy = $true,
+ [bool]$NoGPOListChanges = $true,
+ [bool]$EnableUserControl = $true,
+ [bool]$AlwaysInstallElevated = $true,
+ [bool]$AllowInsecureGuestAuth = $true,
+ [bool]$HardenedPaths_NETLOGON = $true,
+ [bool]$HardenedPaths_SYSVOL = $true,
+ [bool]$NoLockScreenSlideshow = $true,
+ [bool]$EnableScriptBlockLogging = $true,
+ [bool]$EnableScriptBlockInvocationLogging = $false,
+ [bool]$EnableTranscripting = $true,
+ [bool]$SetOutputDirectory = $true,
+ [bool]$EnableInvocationHeader = $false,
+ [bool]$DontDisplayNetworkSelectionUI = $true,
+ [bool]$EnumerateLocalUsers = $true,
+ [bool]$EnableSmartScreen = $true,
+ [bool]$AllowIndexingEncryptedStoresOrItems = $true,
+ [bool]$AllowBasic = $true,
+ [bool]$AllowUnencryptedTraffic = $true,
+ [bool]$AllowDigest = $true,
+ [bool]$DisableRunAs = $true,
+ [bool]$DisableWebPnPDownload = $true,
+ [bool]$DisableHTTPPrinting = $true,
+ [bool]$RestrictRemoteClients = $true,
+ [bool]$DisablePasswordSaving = $true,
+ [bool]$fDisableCdm = $true,
+ [bool]$fPromptForPassword = $true,
+ [bool]$fEncryptRPCTraffic = $true,
+ [bool]$SetMinEncryptionLevel = $true,
+ [bool]$UseLogonCredential = $false,
+ [bool]$DisableSMB1 = $true,
+ [bool]$StopMrxSmb10 = $true,
+ [bool]$NoNameReleaseOnDemand = $true,
+ [bool]$DisableIPSourceRouting = $true,
+ [bool]$DisableICMPRedirect = $true,
+ [bool]$AuditCredentialValidationSuccess = $true,
+ [bool]$AuditCredentialValidationFailure = $true,
+ [bool]$AuditOtherAccountManagementEventsSuccess = $true,
+ [bool]$AuditOtherAccountManagementEventsFailure = $false,
+ [bool]$AuditSecurityGroupManagementSuccess = $true,
+ [bool]$AuditSecurityGroupManagementFailure = $false,
+ [bool]$AuditUserAccountManagementSuccess = $true,
+ [bool]$AuditUserAccountManagementFailure = $true,
+ [bool]$AuditPNPActivitySuccess = $true,
+ [bool]$AuditPNPActivityFailure = $false,
+ [bool]$AuditProcessCreationSuccess = $true,
+ [bool]$AuditProcessCreationFailure = $false,
+ [bool]$AuditAccountLockoutFailure = $true,
+ [bool]$AuditAccountLockoutSuccess = $false,
+ [bool]$AuditGroupMembershipSuccess = $true,
+ [bool]$AuditGroupMembershipFailure = $false,
+ [bool]$AuditLogoffSuccess = $true,
+ [bool]$AuditLogoffFailure = $false,
+ [bool]$AuditLogonSuccess = $true,
+ [bool]$AuditLogonFailure = $true,
+ [bool]$AuditSpecialLogonSuccess = $true,
+ [bool]$AuditSpecialLogonFailure = $false,
+ [bool]$AuditOtherObjectAccessEventsSuccess = $true,
+ [bool]$AuditOtherObjectAccessEventsFailure = $true,
+ [bool]$AuditRemovableStorageSuccess = $true,
+ [bool]$AuditRemovableStorageFailure = $true,
+ [bool]$AuditPolicyChangeSuccess = $true,
+ [bool]$AuditPolicyChangeFailure = $true,
+ [bool]$AuditAuthenticationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthenticationPolicyChangeFailure = $false,
+ [bool]$AuditAuthorizationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthorizationPolicyChangeFailure = $false,
+ [bool]$AuditSensitivePrivilegeUseSuccess = $true,
+ [bool]$AuditSensitivePrivilegeUseFailure = $true,
+ [bool]$AuditIPsecDriverSuccess = $true,
+ [bool]$AuditIPsecDriverFailure = $true,
+ [bool]$AuditOtherSystemEventsSuccess = $true,
+ [bool]$AuditOtherSystemEventsFailure = $true,
+ [bool]$AuditSecurityStateChangeSuccess = $true,
+ [bool]$AuditSecurityStateChangeFailure = $false,
+ [bool]$AuditSecuritySystemExtensionSuccess = $true,
+ [bool]$AuditSecuritySystemExtensionFailure = $false,
+ [bool]$AuditSystemIntegritySuccess = $true,
+ [bool]$AuditSystemIntegrityFailure = $true,
+ [bool]$AuditComputerAccountManagementSuccess = $true,
+ [bool]$AuditComputerAccountManagementFailure = $false,
+ [bool]$AuditDirectoryServiceAccessSuccess = $true,
+ [bool]$AuditDirectoryServiceAccessFailure = $true,
+ [bool]$AuditDirectoryServiceChangesSuccess = $true,
+ [bool]$AuditDirectoryServiceChangesFailure = $false,
+ [bool]$RestrictAnonymousAccessToNamedPipesAndShares = $true,
+ [bool]$RequireStrongSessionKey = $true,
+ [bool]$ElevateUIAccessApplications = $true,
+ [bool]$MinimumSessionSecurityForNTLM = $true,
+ [bool]$DigitallySignCommunicationsIfClientAgrees = $true,
+ [bool]$AllowLocalSystemNullSessionFallback = $false,
+ [bool]$UseFIPSCompliantAlgorithms = $true,
+ [bool]$LANManagerAuthenticationLevel = $true,
+ [bool]$AllowLocalSystemToUseComputerIdentityForNTLM = $true,
+ [bool]$InteractiveLogonMessageTitle = $true,
+ [bool]$DigitallySignSecureChannelData = $true,
+ [bool]$AllowUIAccessApplicationsElevation = $false,
+ [bool]$LimitLocalAccountUseOfBlankPasswords = $true,
+ [bool]$VirtualizeFileAndRegistryWriteFailures = $true,
+ [bool]$InteractiveLogonMachineInactivityLimit = $true,
+ [bool]$InteractiveLogonMessageText = $true,
+ [string]$InteractiveLogonMessageText_input,
+ [bool]$DigitallyEncryptSecureChannelData = $true,
+ [bool]$DenyElevationRequestForStandardUsers = $true,
+ [bool]$AdminApprovalModeForBuiltInAdmin = $true,
+ [bool]$DigitallySignCommunicationsAlwaysForServer = $true,
+ [bool]$DigitallySignCommunicationsAlwaysForClient = $true,
+ [bool]$DisableMachineAccountPasswordChanges = $false,
+ [bool]$RunAllAdministratorsInAdminApprovalMode = $true,
+ [bool]$DigitallySignCommunicationsIfServerAgrees = $true,
+ [bool]$DetectApplicationInstallationsAndPromptForElevation = $true,
+ [bool]$DoNotAllowAnonymousEnumerationOfSAMAccounts = $true,
+ [bool]$ConfigureEncryptionTypesForKerberos = $true,
+ [bool]$SendUnencryptedPasswordToThirdPartySMBServers = $false,
+ [bool]$CachePreviousLogons = $true,
+ [bool]$SetMaximumMachineAccountPasswordAge = $true,
+ [bool]$DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares = $true,
+ [bool]$ForceAuditPolicySubcategorySettings = $true,
+ [bool]$StrengthenDefaultPermissionsOfInternalSystemObjects = $true,
+ [bool]$AllowPKU2UAuthenticationRequests = $false,
+ [bool]$DigitallyEncryptOrSignSecureChannelDataAlways = $true,
+ [bool]$SmartCardRemovalBehaviorLockWorkstation = $true,
+ [bool]$DoNotStoreLANManagerHashValueOnNextPasswordChange = $true,
+ [bool]$LetEveryonePermissionsApplyToAnonymousUsers = $false,
+ [bool]$LDAPClientSigningRequirements = $true,
+ [bool]$ForceStrongKeyProtectionForUserKeys = $true,
+ [bool]$BehaviorOfElevationPromptForAdmins = $true,
+ [bool]$SetLockoutDuration = $true,
+ [bool]$SetLockoutThreshold = $true,
+ [bool]$SetResetLockoutCount = $true,
+ [bool]$RenameGuestAccount = $true,
+ [bool]$SetMinimumPasswordAge = $true,
+ [bool]$EnablePasswordComplexity = $true,
+ [bool]$SetPasswordHistorySize = $true,
+ [bool]$DisableAnonymousSIDNameLookup = $true,
+ [bool]$SetMinimumPasswordLength = $true,
+ [bool]$RenameAdministratorAccount = $true,
+ [bool]$DisableGuestAccount = $true,
+ [bool]$SetMaximumPasswordAge = $true,
+ [bool]$DisableClearTextPassword = $true,
+ [bool]$EnableTrustedForDelegation = $true,
+ [bool]$AccessThisComputerFromNetwork = $true,
+ [bool]$BackupFilesAndDirectories = $true,
+ [bool]$ImpersonateClientAfterAuthentication = $true,
+ [bool]$PerformVolumeMaintenanceTasks = $true,
+ [bool]$LoadAndUnloadDeviceDrivers = $true,
+ [bool]$LockPagesInMemory = $true,
+ [bool]$TakeOwnershipOfFilesOrOtherObjects = $true,
+ [bool]$CreatePermanentSharedObjects = $true,
+ [bool]$DenyAccessFromNetwork = $true,
+ [bool]$CreateGlobalObjects = $true,
+ [bool]$DenyLogOnAsBatchJob = $true,
+ [bool]$RestoreFilesAndDirectories = $true,
+ [bool]$AccessCredentialManagerAsTrustedCaller = $true,
+ [bool]$DenyLogOnAsService = $true,
+ [bool]$IncreaseSchedulingPriority = $true,
+ [bool]$ForceShutdownFromRemoteSystem = $true,
+ [bool]$GenerateSecurityAudits = $true,
+ [bool]$DenyLogOnLocally = $true,
+ [bool]$CreateSymbolicLinks = $true,
+ [bool]$DebugPrograms = $true,
+ [bool]$AllowLogOnLocally = $true,
+ [bool]$ManageAuditingAndSecurityLog = $true,
+ [bool]$ActAsPartOfTheOperatingSystem = $true,
+ [bool]$ProfileSingleProcess = $true,
+ [bool]$CreateATokenObject = $true,
+ [bool]$ModifyFirmwareEnvironmentValues = $true,
+ [bool]$CreateAPagefile = $true,
+ [bool]$DenyLogOnThroughRemoteDesktopServices = $true,
+ [bool]$RequireLDAPServerSigning = $true,
+ [bool]$RefuseMachineAccountPasswordChanges = $false,
+ [bool]$AddWorkstationsToDomain = $true,
+ [bool]$AllowLogOnThroughRemoteDesktopServices = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($EnumerateAdministrators) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateAdministrators'
+ ValueData = 0
+ }
+ }
+
+ if ($NoAutorun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutorun'
+ ValueData = 1
+ }
+ }
+
+ if ($NoDriveTypeAutoRun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDriveTypeAutoRun'
+ ValueData = 255
+ }
+ }
+
+ if ($PasswordComplexity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordComplexity'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordComplexity'
+ ValueData = 4
+ }
+ }
+
+ if ($PasswordLength) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordLength'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordLength'
+ ValueData = 14
+ }
+ }
+
+ if ($PasswordAgeDays) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordAgeDays'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordAgeDays'
+ ValueData = 60
+ }
+ }
+
+ if ($DisableAutomaticRestartSignOn) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableAutomaticRestartSignOn'
+ ValueData = 1
+ }
+ }
+
+ if ($LocalAccountTokenFilterPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LocalAccountTokenFilterPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($ProcessCreationIncludeCmdLine_Enabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ProcessCreationIncludeCmdLine_Enabled'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableEnclosureDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableEnclosureDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($DCSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex'
+ {
+ Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DCSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($ACSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex'
+ {
+ Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ACSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableInventory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\AppCompat'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableInventory'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowProtectedCreds) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CredentialsDelegation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowProtectedCreds'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowTelemetry) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DataCollection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowTelemetry'
+ ValueData = 1
+ }
+ }
+
+ if ($DODownloadMode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeliveryOptimization\DODownloadMode'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeliveryOptimization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DODownloadMode'
+ ValueData = 2
+ }
+ }
+
+ if ($EnableVirtualizationBasedSecurity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableVirtualizationBasedSecurity'
+ ValueData = 1
+ }
+ }
+
+ if ($RequirePlatformSecurityFeatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RequirePlatformSecurityFeatures'
+ ValueData = 1
+ }
+ }
+
+ if ($HypervisorEnforcedCodeIntegrity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HypervisorEnforcedCodeIntegrity'
+ ValueData = 3
+ }
+ }
+
+ if ($HVCIMATRequired) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HVCIMATRequired'
+ ValueData = 0
+ }
+ }
+
+ if ($LsaCfgFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LsaCfgFlags'
+ ValueData = 1
+ }
+ }
+
+ if ($ConfigureSystemGuardLaunch) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ConfigureSystemGuardLaunch'
+ ValueData = 0
+ }
+ }
+
+ if ($MaxSizeApplication) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\Application'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($MaxSizeSecurity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\Security'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 196608
+ }
+ }
+
+ if ($MaxSizeSystem) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($NoAutoplayfornonVolume) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutoplayfornonVolume'
+ ValueData = 1
+ }
+ }
+
+ if ($NoBackgroundPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoBackgroundPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($NoGPOListChanges) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoGPOListChanges'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableUserControl) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableUserControl'
+ ValueData = 0
+ }
+ }
+
+ if ($AlwaysInstallElevated) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AlwaysInstallElevated'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowInsecureGuestAuth) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\LanmanWorkstation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowInsecureGuestAuth'
+ ValueData = 0
+ }
+ }
+
+ if ($HardenedPaths_NETLOGON) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\NETLOGON'
+ ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1'
+ }
+ }
+
+ if ($HardenedPaths_SYSVOL) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\SYSVOL'
+ ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1'
+ }
+ }
+
+ if ($NoLockScreenSlideshow) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Personalization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoLockScreenSlideshow'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableScriptBlockLogging) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockLogging'
+ ValueData = 1
+ }
+ }
+
+ if (-not $EnableScriptBlockInvocationLogging) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockInvocationLogging'
+ ValueData = ''
+ }
+ }
+
+ if ($EnableTranscripting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableTranscripting'
+ ValueData = 1
+ }
+ }
+
+ if ($SetOutputDirectory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'OutputDirectory'
+ ValueData = 'C:\ProgramData\PS_Transcript' # Default output directory
+ }
+ }
+
+ if (-not $EnableInvocationHeader) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableInvocationHeader'
+ ValueData = ''
+ }
+ }
+
+ if ($DontDisplayNetworkSelectionUI) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DontDisplayNetworkSelectionUI'
+ ValueData = 1
+ }
+ }
+
+ if (-not $EnumerateLocalUsers) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateLocalUsers'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableSmartScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableSmartScreen'
+ ValueData = 1
+ }
+ }
+
+ if (-not $AllowIndexingEncryptedStoresOrItems) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Windows Search'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowIndexingEncryptedStoresOrItems'
+ ValueData = 0
+ }
+ }
+
+ if (-not $AllowBasic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if (-not $AllowUnencryptedTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if (-not $AllowDigest) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDigest'
+ ValueData = 0
+ }
+ }
+
+ if (-not $AllowBasic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if (-not $AllowUnencryptedTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableRunAs) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableRunAs'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableWebPnPDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWebPnPDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableHTTPPrinting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableHTTPPrinting'
+ ValueData = 1
+ }
+ }
+
+ if ($RestrictRemoteClients) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Rpc'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RestrictRemoteClients'
+ ValueData = 1
+ }
+ }
+
+ if ($DisablePasswordSaving) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePasswordSaving'
+ ValueData = 1
+ }
+ }
+
+ if ($fDisableCdm) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fDisableCdm'
+ ValueData = 1
+ }
+ }
+
+ if ($fPromptForPassword) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fPromptForPassword'
+ ValueData = 1
+ }
+ }
+
+ if ($fEncryptRPCTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fEncryptRPCTraffic'
+ ValueData = 1
+ }
+ }
+
+ if ($SetMinEncryptionLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinEncryptionLevel'
+ ValueData = 3 # Set to a default value if condition is true
+ }
+ }
+
+ if (-not $UseLogonCredential) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential'
+ {
+ Key = '\System\CurrentControlSet\Control\SecurityProviders\WDigest'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseLogonCredential'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableSMB1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters\SMB1'
+ {
+ Key = '\System\CurrentControlSet\Services\LanmanServer\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SMB1'
+ ValueData = 0
+ }
+ }
+
+ if ($StopMrxSmb10) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\MrxSmb10\Start'
+ {
+ Key = '\System\CurrentControlSet\Services\MrxSmb10'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Start'
+ ValueData = 4
+ }
+ }
+
+ if ($NoNameReleaseOnDemand) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand'
+ {
+ Key = '\System\CurrentControlSet\Services\Netbt\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoNameReleaseOnDemand'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableIPSourceRouting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\System\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($DisableICMPRedirect) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect'
+ {
+ Key = '\System\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableICMPRedirect'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableIPSourceRouting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\System\CurrentControlSet\Services\Tcpip6\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($AuditCredentialValidationSuccess) {
+ AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditCredentialValidationFailure) {
+ AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherAccountManagementEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Account Management Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Account Management Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditOtherAccountManagementEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Account Management Events (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Other Account Management Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityGroupManagementSuccess) {
+ AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security Group Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditSecurityGroupManagementFailure) {
+ AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security Group Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditUserAccountManagementSuccess) {
+ AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditUserAccountManagementFailure) {
+ AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPNPActivitySuccess) {
+ AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditPNPActivityFailure) {
+ AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditProcessCreationSuccess) {
+ AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Process Creation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditProcessCreationFailure) {
+ AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Process Creation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAccountLockoutFailure) {
+ AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Account Lockout'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if (-not $AuditAccountLockoutSuccess) {
+ AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Account Lockout'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditGroupMembershipSuccess) {
+ AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Group Membership'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditGroupMembershipFailure) {
+ AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Group Membership'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogoffSuccess) {
+ AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logoff'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditLogoffFailure) {
+ AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Logoff'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogonSuccess) {
+ AuditPolicySubcategory 'Audit Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogonFailure) {
+ AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSpecialLogonSuccess) {
+ AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Special Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditSpecialLogonFailure) {
+ AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Special Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherObjectAccessEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherObjectAccessEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditRemovableStorageSuccess) {
+ AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditRemovableStorageFailure) {
+ AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthenticationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditAuthenticationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthorizationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditAuthorizationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseSuccess) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseFailure) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditIPsecDriverSuccess) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditIPsecDriverFailure) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherSystemEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherSystemEventsFailure) {
+ AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityStateChangeSuccess) {
+ AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security State Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditSecurityStateChangeFailure) {
+ AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security State Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecuritySystemExtensionSuccess) {
+ AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security System Extension'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditSecuritySystemExtensionFailure) {
+ AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security System Extension'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSystemIntegritySuccess) {
+ AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSystemIntegrityFailure) {
+ AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditComputerAccountManagementSuccess) {
+ AuditPolicySubcategory 'Audit Computer Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Computer Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditComputerAccountManagementFailure) {
+ AuditPolicySubcategory 'Audit Computer Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Computer Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDirectoryServiceAccessSuccess) {
+ AuditPolicySubcategory 'Audit Directory Service Access (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Access'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditDirectoryServiceAccessFailure) {
+ AuditPolicySubcategory 'Audit Directory Service Access (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Access'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDirectoryServiceChangesSuccess) {
+ AuditPolicySubcategory 'Audit Directory Service Changes (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Changes'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditDirectoryServiceChangesFailure) {
+ AuditPolicySubcategory 'Audit Directory Service Changes (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Directory Service Changes'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+ {
+ Name = 'Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+ Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = 'O:BAG:BAD:(A;;RC;;;BA)'
+ }
+
+ if ($RestrictAnonymousAccessToNamedPipesAndShares) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ {
+ Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled'
+ Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ }
+ }
+
+ if ($RequireStrongSessionKey) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ {
+ Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled'
+ }
+ }
+
+ if ($ElevateUIAccessApplications) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ {
+ User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled'
+ Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ }
+ }
+
+ if ($MinimumSessionSecurityForNTLM) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked'
+ }
+ }
+
+ if ($DigitallySignCommunicationsIfClientAgrees) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_if_client_agrees'
+ {
+ Name = 'Microsoft_network_server_Digitally_sign_communications_if_client_agrees'
+ Microsoft_network_server_Digitally_sign_communications_if_client_agrees = 'Enabled'
+ }
+ }
+
+ if (-not $AllowLocalSystemNullSessionFallback) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback'
+ {
+ Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback'
+ Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled'
+ }
+ }
+
+ if ($UseFIPSCompliantAlgorithms) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ {
+ System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing = 'Enabled'
+ Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ }
+ }
+
+ if ($LANManagerAuthenticationLevel) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level'
+ {
+ Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM'
+ Name = 'Network_security_LAN_Manager_authentication_level'
+ }
+ }
+
+ if ($AllowLocalSystemToUseComputerIdentityForNTLM) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM'
+ {
+ Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM = 'Enabled'
+ Name = 'Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM'
+ }
+ }
+
+ if ($InteractiveLogonMessageTitle) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ {
+ Name = 'Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ Interactive_logon_Message_title_for_users_attempting_to_log_on = 'US Department of Defense Warning Statement'
+ }
+ }
+
+ if ($DigitallySignSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ {
+ Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled'
+ Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ }
+ }
+
+ if ($AllowUIAccessApplicationsElevation) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop'
+ {
+ User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop = 'Disabled'
+ Name = 'User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop'
+ }
+ }
+
+ if ($LimitLocalAccountUseOfBlankPasswords) {
+ SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ {
+ Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled'
+ }
+ }
+
+ if ($VirtualizeFileAndRegistryWriteFailures) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ {
+ User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled'
+ Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ }
+ }
+
+ if ($InteractiveLogonMachineInactivityLimit) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit'
+ {
+ Name = 'Interactive_logon_Machine_inactivity_limit'
+ Interactive_logon_Machine_inactivity_limit = '900'
+ }
+ }
+
+ if ($InteractiveLogonMessageText) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ {
+ Interactive_logon_Message_text_for_users_attempting_to_log_on = $InteractiveLogonMessageText_input
+ Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ }
+ }
+
+ if ($DigitallyEncryptSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ {
+ Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled'
+ }
+ }
+
+ if ($DenyElevationRequestForStandardUsers) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ {
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request'
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ }
+ }
+
+ if ($AdminApprovalModeForBuiltInAdmin) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ {
+ User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled'
+ Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ }
+ }
+
+ if ($DigitallySignCommunicationsAlwaysForServer) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always'
+ {
+ Microsoft_network_server_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_server_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($DigitallySignCommunicationsAlwaysForClient) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always'
+ {
+ Microsoft_network_client_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_client_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($MinimumSessionSecurityForNTLM) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked'
+ }
+ }
+
+ if (-not $DisableMachineAccountPasswordChanges) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes'
+ {
+ Domain_member_Disable_machine_account_password_changes = 'Disabled'
+ Name = 'Domain_member_Disable_machine_account_password_changes'
+ }
+ }
+
+ if ($RunAllAdministratorsInAdminApprovalMode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ {
+ User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled'
+ Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ }
+ }
+
+ if ($DigitallySignCommunicationsIfServerAgrees) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_if_server_agrees'
+ {
+ Name = 'Microsoft_network_client_Digitally_sign_communications_if_server_agrees'
+ Microsoft_network_client_Digitally_sign_communications_if_server_agrees = 'Enabled'
+ }
+ }
+
+ if ($DetectApplicationInstallationsAndPromptForElevation) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ {
+ User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled'
+ Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ }
+ }
+
+ if ($DoNotAllowAnonymousEnumerationOfSAMAccounts) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled'
+ }
+ }
+
+ if ($ConfigureEncryptionTypesForKerberos) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ {
+ Network_security_Configure_encryption_types_allowed_for_Kerberos = 'AES256_HMAC_SHA1'
+ Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ }
+ }
+
+ if (-not $SendUnencryptedPasswordToThirdPartySMBServers) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ {
+ Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled'
+ Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ }
+ }
+
+ if ($CachePreviousLogons) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ {
+ Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available = '4'
+ Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ }
+ }
+
+ if ($SetMaximumMachineAccountPasswordAge) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age'
+ {
+ Name = 'Domain_member_Maximum_machine_account_password_age'
+ Domain_member_Maximum_machine_account_password_age = '30'
+ }
+ }
+
+ if ($DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled'
+ }
+ }
+
+ if ($ForceAuditPolicySubcategorySettings) {
+ SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ {
+ Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled'
+ }
+ }
+
+ if ($StrengthenDefaultPermissionsOfInternalSystemObjects) {
+ SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ {
+ System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled'
+ Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ }
+ }
+
+ if (-not $AllowPKU2UAuthenticationRequests) {
+ SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ {
+ Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities = 'Disabled'
+ Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ }
+ }
+
+ if ($DigitallyEncryptOrSignSecureChannelDataAlways) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ {
+ Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled'
+ Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ }
+ }
+
+ if ($SmartCardRemovalBehaviorLockWorkstation) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior'
+ {
+ Interactive_logon_Smart_card_removal_behavior = 'Lock workstation'
+ Name = 'Interactive_logon_Smart_card_removal_behavior'
+ }
+ }
+
+ if ($DoNotStoreLANManagerHashValueOnNextPasswordChange) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ {
+ Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled'
+ }
+ }
+
+ if (-not $LetEveryonePermissionsApplyToAnonymousUsers) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ {
+ Network_access_Let_Everyone_permissions_apply_to_anonymous_users = 'Disabled'
+ Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ }
+ }
+
+ if ($LDAPClientSigningRequirements) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements'
+ {
+ Name = 'Network_security_LDAP_client_signing_requirements'
+ Network_security_LDAP_client_signing_requirements = 'Negotiate Signing'
+ }
+ }
+
+ if ($ForceStrongKeyProtectionForUserKeys) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer'
+ {
+ Name = 'System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer'
+ System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer = 'User must enter a password each time they use a key'
+ }
+ }
+
+ if ($BehaviorOfElevationPromptForAdmins) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ {
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop'
+ }
+ }
+
+ if ($SetLockoutDuration) {
+ AccountPolicy 'SecuritySetting(INF): LockoutDuration'
+ {
+ Account_lockout_duration = '15'
+ Name = 'Account_lockout_duration'
+ }
+ }
+
+ if ($SetLockoutThreshold) {
+ AccountPolicy 'SecuritySetting(INF): LockoutBadCount'
+ {
+ Account_lockout_threshold = '3'
+ Name = 'Account_lockout_threshold'
+ }
+ }
+
+ if ($SetResetLockoutCount) {
+ AccountPolicy 'SecuritySetting(INF): ResetLockoutCount'
+ {
+ Reset_account_lockout_counter_after = '15'
+ Name = 'Reset_account_lockout_counter_after'
+ }
+ }
+
+ if ($RenameGuestAccount) {
+ SecurityOption 'SecuritySetting(INF): NewGuestName'
+ {
+ Name = 'Accounts_Rename_guest_account'
+ Accounts_Rename_guest_account = 'Visitor'
+ }
+ }
+
+ if ($SetMinimumPasswordAge) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge'
+ {
+ Name = 'Minimum_Password_Age'
+ Minimum_Password_Age = '1'
+ }
+ }
+
+ if ($EnablePasswordComplexity) {
+ AccountPolicy 'SecuritySetting(INF): PasswordComplexity'
+ {
+ Password_must_meet_complexity_requirements = 'Enabled'
+ Name = 'Password_must_meet_complexity_requirements'
+ }
+ }
+
+ if ($SetPasswordHistorySize) {
+ AccountPolicy 'SecuritySetting(INF): PasswordHistorySize'
+ {
+ Name = 'Enforce_password_history'
+ Enforce_password_history = '24'
+ }
+ }
+
+ if ($DisableAnonymousSIDNameLookup) {
+ SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup'
+ {
+ Network_access_Allow_anonymous_SID_Name_translation = 'Disabled'
+ Name = 'Network_access_Allow_anonymous_SID_Name_translation'
+ }
+ }
+
+ if ($SetMinimumPasswordLength) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength'
+ {
+ Name = 'Minimum_Password_Length'
+ Minimum_Password_Length = '14'
+ }
+ }
+
+ if ($RenameAdministratorAccount) {
+ SecurityOption 'SecuritySetting(INF): NewAdministratorName'
+ {
+ Accounts_Rename_administrator_account = 'X_Admin'
+ Name = 'Accounts_Rename_administrator_account'
+ }
+ }
+
+ if ($DisableGuestAccount) {
+ SecurityOption 'SecuritySetting(INF): EnableGuestAccount'
+ {
+ Name = 'Accounts_Guest_account_status'
+ Accounts_Guest_account_status = 'Disabled'
+ }
+ }
+
+ if ($SetMaximumPasswordAge) {
+ AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge'
+ {
+ Maximum_Password_Age = '60'
+ Name = 'Maximum_Password_Age'
+ }
+ }
+
+ if ($DisableClearTextPassword) {
+ AccountPolicy 'SecuritySetting(INF): ClearTextPassword'
+ {
+ Name = 'Store_passwords_using_reversible_encryption'
+ Store_passwords_using_reversible_encryption = 'Disabled'
+ }
+ }
+
+ if ($EnableTrustedForDelegation) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ }
+ }
+
+ if ($AccessThisComputerFromNetwork) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-11', '*S-1-5-32-544')
+ Policy = 'Access_this_computer_from_the_network'
+ }
+ }
+
+ if ($BackupFilesAndDirectories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Back_up_files_and_directories'
+ }
+ }
+
+ if ($ImpersonateClientAfterAuthentication) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544', '*S-1-5-19', '*S-1-5-20', '*S-1-5-6')
+ Policy = 'Impersonate_a_client_after_authentication'
+ }
+ }
+
+ if ($PerformVolumeMaintenanceTasks) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Perform_volume_maintenance_tasks'
+ }
+ }
+
+ if ($LoadAndUnloadDeviceDrivers) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Load_and_unload_device_drivers'
+ }
+ }
+
+ if ($LockPagesInMemory) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Lock_pages_in_memory'
+ }
+ }
+
+ if ($TakeOwnershipOfFilesOrOtherObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Take_ownership_of_files_or_other_objects'
+ }
+ }
+
+ if ($CreatePermanentSharedObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_permanent_shared_objects'
+ }
+ }
+
+ if ($DenyAccessFromNetwork) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-113', '*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_access_to_this_computer_from_the_network'
+ }
+ }
+
+ if ($CreateGlobalObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544', '*S-1-5-19', '*S-1-5-20', '*S-1-5-6')
+ Policy = 'Create_global_objects'
+ }
+ }
+
+
+ if ($DenyLogOnAsBatchJob) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_as_a_batch_job'
+ }
+ }
+
+ if ($RestoreFilesAndDirectories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Restore_files_and_directories'
+ }
+ }
+
+ if ($AccessCredentialManagerAsTrustedCaller) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Access_Credential_Manager_as_a_trusted_caller'
+ }
+ }
+
+ if ($DenyLogOnAsService) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service'
+ {
+ Force = $True
+ Identity = @($EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_as_a_service'
+ }
+ }
+
+ if ($IncreaseSchedulingPriority) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Increase_scheduling_priority'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Increase_scheduling_priority'
+ }
+ }
+
+ if ($ForceShutdownFromRemoteSystem) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Force_shutdown_from_a_remote_system'
+ }
+ }
+
+ if ($GenerateSecurityAudits) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Generate_security_audits'
+ {
+ Force = $True
+ Identity = @('*S-1-5-19', '*S-1-5-20')
+ Policy = 'Generate_security_audits'
+ }
+ }
+
+ if ($DenyLogOnLocally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_locally'
+ }
+ }
+
+ if ($CreateSymbolicLinks) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_symbolic_links'
+ }
+ }
+
+ if ($DebugPrograms) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Debug_programs'
+ }
+ }
+
+ if ($AllowLogOnLocally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Allow_log_on_locally'
+ }
+ }
+
+ if ($ManageAuditingAndSecurityLog) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Manage_auditing_and_security_log'
+ }
+ }
+
+ if ($ActAsPartOfTheOperatingSystem) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Act_as_part_of_the_operating_system'
+ }
+ }
+
+ if ($ProfileSingleProcess) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Profile_single_process'
+ }
+ }
+
+ if ($CreateATokenObject) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_a_token_object'
+ }
+ }
+
+ if ($ModifyFirmwareEnvironmentValues) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Modify_firmware_environment_values'
+ }
+ }
+
+ if ($CreateAPagefile) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_a_pagefile'
+ }
+ }
+
+ if ($DenyLogOnThroughRemoteDesktopServices) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services'
+ {
+ Force = $True
+ Identity = @('*S-1-5-113', '*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_through_Remote_Desktop_Services'
+ }
+ }
+
+ if ($RequireLDAPServerSigning) {
+ SecurityOption 'SecurityRegistry(INF): Domain_controller_LDAP_server_signing_requirements'
+ {
+ Domain_controller_LDAP_server_signing_requirements = 'Require Signing'
+ Name = 'Domain_controller_LDAP_server_signing_requirements'
+ }
+ }
+
+ if ($RefuseMachineAccountPasswordChanges) {
+ SecurityOption 'SecurityRegistry(INF): Domain_controller_Refuse_machine_account_password_changes'
+ {
+ Name = 'Domain_controller_Refuse_machine_account_password_changes'
+ Domain_controller_Refuse_machine_account_password_changes = 'Disabled'
+ }
+ }
+
+ if ($AddWorkstationsToDomain) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Add_workstations_to_domain'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Add_workstations_to_domain'
+ }
+ }
+
+ if ($AllowLogOnThroughRemoteDesktopServices) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_through_Remote_Desktop_Services'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Allow_log_on_through_Remote_Desktop_Services'
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.psd1 b/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.psd1
new file mode 100644
index 0000000..aa75dce
--- /dev/null
+++ b/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_WinSvr_2022_MS_and_DC_v2r2'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/15/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_WinSvr_2022_MS_and_DC_v2r2.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '75d177bc-01b8-43a3-897b-1f21531fa676'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG settings for Windows Server 2022'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.schema.psm1 b/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.schema.psm1
new file mode 100644
index 0000000..02a2297
--- /dev/null
+++ b/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.schema.psm1
@@ -0,0 +1,2231 @@
+configuration DoD_WinSvr_2022_MS_and_DC_v2r2
+{
+
+ param(
+ [string]$EnterpriseAdmins,
+ [string]$DomainAdmins,
+ [bool]$EnumerateAdministrators = $true,
+ [bool]$NoAutorun = $true,
+ [bool]$NoDriveTypeAutoRun = $true,
+ [bool]$PreXPSP2ShellProtocolBehavior = $true,
+ [bool]$PasswordComplexity = $true,
+ [bool]$PasswordLength = $true,
+ [bool]$PasswordAgeDays = $true,
+ [bool]$DisableAutomaticRestartSignOn = $true,
+ [bool]$LocalAccountTokenFilterPolicy = $true,
+ [bool]$ProcessCreationIncludeCmdLine_Enabled = $true,
+ [bool]$DisableEnclosureDownload = $true,
+ [bool]$AllowBasicAuthInClear = $true,
+ [bool]$DCSettingIndex = $true,
+ [bool]$ACSettingIndex = $true,
+ [bool]$DisableInventory = $true,
+ [bool]$AllowProtectedCreds = $true,
+ [bool]$AllowTelemetry = $true,
+ [bool]$DODownloadMode = $true,
+ [bool]$EnableVirtualizationBasedSecurity = $true,
+ [bool]$RequirePlatformSecurityFeatures = $true,
+ [bool]$HypervisorEnforcedCodeIntegrity = $true,
+ [bool]$HVCIMATRequired = $true,
+ [bool]$LsaCfgFlags = $true,
+ [bool]$ConfigureSystemGuardLaunch = $true,
+ [bool]$MaxSizeApplicationLog = $true,
+ [bool]$MaxSizeSecurityLog = $true,
+ [bool]$MaxSizeSystemLog = $true,
+ [bool]$NoAutoplayfornonVolume = $true,
+ [bool]$NoDataExecutionPrevention = $true,
+ [bool]$NoHeapTerminationOnCorruption = $true,
+ [bool]$NoBackgroundPolicy = $true,
+ [bool]$NoGPOListChanges = $true,
+ [bool]$EnableUserControl = $true,
+ [bool]$AlwaysInstallElevated = $true,
+ [bool]$SafeForScripting = $true,
+ [bool]$AllowInsecureGuestAuth = $true,
+ [bool]$HardenedPathsSYSVOL = $true,
+ [bool]$HardenedPathsNETLOGON = $true,
+ [bool]$NoLockScreenSlideshow = $true,
+ [bool]$EnableScriptBlockLogging = $true,
+ [bool]$EnableScriptBlockInvocationLogging = $true,
+ [bool]$EnableTranscripting = $true,
+ [bool]$SetOutputDirectory = $true,
+ [bool]$EnableInvocationHeader = $true,
+ [bool]$DontDisplayNetworkSelectionUI = $true,
+ [bool]$EnableSmartScreen = $true,
+ [bool]$BlockShellSmartScreen = $true,
+ [bool]$EnumerateLocalUsers = $true,
+ [bool]$AllowIndexingEncryptedStoresOrItems = $true,
+ [bool]$AllowBasic = $true,
+ [bool]$AllowUnencryptedTraffic = $true,
+ [bool]$AllowDigest = $true,
+ [bool]$AllowBasicWinRMService = $true,
+ [bool]$AllowUnencryptedTrafficService = $true,
+ [bool]$DisableRunAs = $true,
+ [bool]$DisableWebPnPDownload = $true,
+ [bool]$DisableHTTPPrinting = $true,
+ [bool]$RestrictRemoteClients = $true,
+ [bool]$DisablePasswordSaving = $true,
+ [bool]$fDisableCdm = $true,
+ [bool]$fPromptForPassword = $true,
+ [bool]$fEncryptRPCTraffic = $true,
+ [bool]$MinEncryptionLevel = $true,
+ [bool]$UseLogonCredential = $true,
+ [bool]$DriverLoadPolicy = $true,
+ [bool]$SMB1 = $true,
+ [bool]$StartMrxSmb10 = $true,
+ [bool]$NoNameReleaseOnDemand = $true,
+ [bool]$DisableIPSourceRouting = $true,
+ [bool]$EnableICMPRedirect = $true,
+ [bool]$DisableIPSourceRoutingIPv6 = $true,
+ [bool]$AuditCredentialValidationSuccess = $true,
+ [bool]$AuditCredentialValidationFailure = $true,
+ [bool]$AuditOtherAccountManagementEventsSuccess = $true,
+ [bool]$AuditOtherAccountManagementEventsFailure = $true,
+ [bool]$AuditSecurityGroupManagementSuccess = $true,
+ [bool]$AuditSecurityGroupManagementFailure = $true,
+ [bool]$AuditUserAccountManagementSuccess = $true,
+ [bool]$AuditUserAccountManagementFailure = $true,
+ [bool]$AuditPnpActivitySuccess = $true,
+ [bool]$AuditPnpActivityFailure = $true,
+ [bool]$AuditProcessCreationSuccess = $true,
+ [bool]$AuditProcessCreationFailure = $true,
+ [bool]$AuditAccountLockoutFailure = $true,
+ [bool]$AuditAccountLockoutSuccess = $true,
+ [bool]$AuditGroupMembershipSuccess = $true,
+ [bool]$AuditGroupMembershipFailure = $true,
+ [bool]$AuditLogoffSuccess = $true,
+ [bool]$AuditLogoffFailure = $true,
+ [bool]$AuditLogonSuccess = $true,
+ [bool]$AuditLogonFailure = $true,
+ [bool]$AuditSpecialLogonSuccess = $true,
+ [bool]$AuditSpecialLogonFailure = $true,
+ [bool]$AuditOtherObjectAccessEventsSuccess = $true,
+ [bool]$AuditOtherObjectAccessEventsFailure = $true,
+ [bool]$AuditRemovableStorageSuccess = $true,
+ [bool]$AuditRemovableStorageFailure = $true,
+ [bool]$AuditPolicyChangeSuccess = $true,
+ [bool]$AuditPolicyChangeFailure = $true,
+ [bool]$AuditAuthenticationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthenticationPolicyChangeFailure = $true,
+ [bool]$AuditAuthorizationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthorizationPolicyChangeFailure = $true,
+ [bool]$AuditSensitivePrivilegeUseSuccess = $true,
+ [bool]$AuditSensitivePrivilegeUseFailure = $true,
+ [bool]$AuditIpsecDriverSuccess = $true,
+ [bool]$AuditIpsecDriverFailure = $true,
+ [bool]$AuditOtherSystemEventsSuccess = $true,
+ [bool]$AuditOtherSystemEventsFailure = $true,
+ [bool]$AuditSecurityStateChangeSuccess = $true,
+ [bool]$AuditSecurityStateChangeFailure = $true,
+ [bool]$AuditSecuritySystemExtensionSuccess = $true,
+ [bool]$AuditSecuritySystemExtensionFailure = $true,
+ [bool]$AuditSystemIntegritySuccess = $true,
+ [bool]$AuditSystemIntegrityFailure = $true,
+ [bool]$AuditComputerAccountManagementSuccess = $true,
+ [bool]$AuditComputerAccountManagementFailure = $true,
+ [bool]$AuditDirectoryServiceAccessSuccess = $true,
+ [bool]$AuditDirectoryServiceAccessFailure = $true,
+ [bool]$AuditDirectoryServiceChangesSuccess = $true,
+ [bool]$AuditDirectoryServiceChangesFailure = $true,
+ [bool]$RestrictClientsToSAM = $true,
+ [bool]$RestrictAnonymousAccess = $true,
+ [bool]$RequireStrongSessionKey = $true,
+ [bool]$ElevateUIAccessApplications = $true,
+ [bool]$MinimumSessionSecurityNTLM = $true,
+ [bool]$ConfigureKerberosEncryptionTypes = $true,
+ [bool]$DigitallySignCommunications = $true,
+ [bool]$UseFIPSCompliantAlgorithms = $true,
+ [bool]$LanManagerAuthenticationLevel = $true,
+ [bool]$AllowLocalSystemNTLM = $true,
+ [bool]$InteractiveLogonMessageTitle = $true,
+ [bool]$DigitallySignSecureChannelData = $true,
+ [bool]$AllowUIAccessElevateWithoutSecureDesktop = $true,
+ [bool]$SmartCardRemovalBehavior = $true,
+ [bool]$LimitLocalAccountBlankPasswords = $true,
+ [bool]$VirtualizeFileAndRegistryWriteFailures = $true,
+ [bool]$InteractiveLogonMessageText = $true,
+ [string]$InteractiveLogonMessageText_Input,
+ [bool]$LetEveryonePermissionsApplyToAnonymousUsers = $true,
+ [bool]$DigitallyEncryptSecureChannelData = $true,
+ [bool]$ElevationPromptBehavior = $true,
+ [bool]$DigitallySignCommunicationsAlwaysServer = $true,
+ [bool]$ForceStrongKeyProtection = $true,
+ [bool]$DigitallySignCommunicationsAlwaysClient = $true,
+ [bool]$DisableMachineAccountPasswordChanges = $true,
+ [bool]$RunAllAdministratorsInAdminApprovalMode = $true,
+ [bool]$DigitallySignCommunicationsIfServerAgrees = $true,
+ [bool]$DetectApplicationInstallationsPromptForElevation = $true,
+ [bool]$DoNotAllowAnonymousEnumerationOfSAMAccounts = $true,
+ [bool]$AllowLocalSystemNullSessionFallback = $true,
+ [bool]$AdminApprovalModeForBuiltInAdmin = $true,
+ [bool]$SendUnencryptedPasswordToThirdPartySMBServers = $true,
+ [bool]$PreviousLogonsToCache = $true,
+ [bool]$MaximumMachineAccountPasswordAge = $true,
+ [bool]$DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares = $true,
+ [bool]$ForceAuditPolicySubcategorySettings = $true,
+ [bool]$StrengthenDefaultPermissionsOfInternalSystemObjects = $true,
+ [bool]$Allow_PKUL2U_Authentication = $true,
+ [bool]$Machine_Inactivity_Limit = $true,
+ [bool]$Do_Not_Store_LM_Hash = $true,
+ [bool]$Encrypt_Secure_Channel_Data = $true,
+ [bool]$LDAP_Client_Signing_Requirements = $true,
+ [bool]$UAC_Elevation_Prompt_Behavior = $true,
+ [bool]$Lockout_Duration = $true,
+ [bool]$Lockout_Bad_Count = $true,
+ [bool]$Reset_Lockout_Count = $true,
+ [bool]$Rename_Guest_Account = $true,
+ [bool]$Minimum_Password_Age = $true,
+ [bool]$Password_Complexity = $true,
+ [bool]$Password_History_Size = $true,
+ [bool]$LSA_Anonymous_Name_Lookup = $true,
+ [bool]$Minimum_Password_Length = $true,
+ [bool]$Rename_Administrator_Account = $true,
+ [bool]$Enable_Guest_Account = $true,
+ [bool]$Maximum_Password_Age = $true,
+ [bool]$Clear_Text_Password = $true,
+ [bool]$Trusted_For_Delegation = $true,
+ [bool]$Access_From_Network = $true,
+ [bool]$Backup_Files_And_Directories = $true,
+ [bool]$Impersonate_Client_After_Authentication = $true,
+ [bool]$Perform_Volume_Maintenance_Tasks = $true,
+ [bool]$Load_Unload_Device_Drivers = $true,
+ [bool]$Take_Ownership_Of_Files = $true,
+ [bool]$Create_Permanent_Shared_Objects = $true,
+ [bool]$Deny_Access_From_Network = $true,
+ [bool]$Create_Global_Objects = $true,
+ [bool]$Deny_Log_On_As_Batch_Job = $true,
+ [bool]$Restore_Files_And_Directories = $true,
+ [bool]$Lock_Pages_In_Memory = $true,
+ [bool]$Deny_Log_On_As_Service = $true,
+ [bool]$Increase_Scheduling_Priority = $true,
+ [bool]$Force_Shutdown_From_Remote_System = $true,
+ [bool]$Generate_Security_Audits = $true,
+ [bool]$Deny_Log_On_Locally = $true,
+ [bool]$Create_Symbolic_Links = $true,
+ [bool]$Debug_Programs = $true,
+ [bool]$Allow_Log_On_Locally = $true,
+ [bool]$Manage_Auditing_And_Security_Log = $true,
+ [bool]$Act_As_Part_Of_Operating_System = $true,
+ [bool]$Profile_Single_Process = $true,
+ [bool]$Create_Token_Object = $true,
+ [bool]$Access_Credential_Manager = $true,
+ [bool]$Modify_Firmware_Environment_Values = $true,
+ [bool]$Create_Pagefile = $true,
+ [bool]$Deny_Log_On_Through_RDS = $true,
+ [bool]$Add_Workstations_To_Domain = $true,
+ [bool]$Allow_Log_On_Through_RDS = $true,
+ [bool]$LDAP_Server_Signing_Requirements = $true,
+ [bool]$Refuse_Machine_Account_Password_Changes = $true,
+ [bool]$Ticket_Validate_Client = $true,
+ [bool]$Max_Renew_Age = $true
+ )
+
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($EnumerateAdministrators) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateAdministrators'
+ ValueData = 0
+ }
+ }
+
+ if ($NoAutorun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutorun'
+ ValueData = 1
+ }
+ }
+
+ if ($NoDriveTypeAutoRun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDriveTypeAutoRun'
+ ValueData = 255
+ }
+ }
+
+ if ($PreXPSP2ShellProtocolBehavior) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreXPSP2ShellProtocolBehavior'
+ ValueData = 0
+ }
+ }
+
+ if ($PasswordComplexity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordComplexity'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordComplexity'
+ ValueData = 4
+ }
+ }
+
+ if ($PasswordLength) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordLength'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordLength'
+ ValueData = 14
+ }
+ }
+
+ if ($PasswordAgeDays) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordAgeDays'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordAgeDays'
+ ValueData = 60
+ }
+ }
+
+ if ($DisableAutomaticRestartSignOn) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableAutomaticRestartSignOn'
+ ValueData = 1
+ }
+ }
+
+ if ($LocalAccountTokenFilterPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LocalAccountTokenFilterPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($ProcessCreationIncludeCmdLine_Enabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ProcessCreationIncludeCmdLine_Enabled'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableEnclosureDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableEnclosureDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowBasicAuthInClear) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasicAuthInClear'
+ ValueData = 0
+ }
+ }
+
+ if ($DCSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex'
+ {
+ Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DCSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($ACSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex'
+ {
+ Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ACSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableInventory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\AppCompat'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableInventory'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowProtectedCreds) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CredentialsDelegation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowProtectedCreds'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowTelemetry) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DataCollection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowTelemetry'
+ ValueData = 1
+ }
+ }
+
+ if ($DODownloadMode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeliveryOptimization\DODownloadMode'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeliveryOptimization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DODownloadMode'
+ ValueData = 2
+ }
+ }
+
+ if ($EnableVirtualizationBasedSecurity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableVirtualizationBasedSecurity'
+ ValueData = 1
+ }
+ }
+
+ if ($RequirePlatformSecurityFeatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RequirePlatformSecurityFeatures'
+ ValueData = 1
+ }
+ }
+
+ if ($HypervisorEnforcedCodeIntegrity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HypervisorEnforcedCodeIntegrity'
+ ValueData = 3
+ }
+ }
+
+ if ($HVCIMATRequired) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HVCIMATRequired'
+ ValueData = 0
+ }
+ }
+
+ if ($LsaCfgFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LsaCfgFlags'
+ ValueData = 1
+ }
+ }
+
+ if ($ConfigureSystemGuardLaunch) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ConfigureSystemGuardLaunch'
+ ValueData = 0
+ }
+ }
+
+ if ($MaxSizeApplicationLog) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\Application'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($MaxSizeSecurityLog) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\Security'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 196608
+ }
+ }
+
+ if ($MaxSizeSystemLog) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($NoAutoplayfornonVolume) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutoplayfornonVolume'
+ ValueData = 1
+ }
+ }
+
+ if ($NoDataExecutionPrevention) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDataExecutionPrevention'
+ ValueData = 0
+ }
+ }
+
+ if ($NoHeapTerminationOnCorruption) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoHeapTerminationOnCorruption'
+ ValueData = 0
+ }
+ }
+
+ if ($NoBackgroundPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoBackgroundPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($NoGPOListChanges) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoGPOListChanges'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableUserControl) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableUserControl'
+ ValueData = 0
+ }
+ }
+
+ if ($AlwaysInstallElevated) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AlwaysInstallElevated'
+ ValueData = 0
+ }
+ }
+ if ($SafeForScripting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\SafeForScripting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SafeForScripting'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowInsecureGuestAuth) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\LanmanWorkstation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowInsecureGuestAuth'
+ ValueData = 0
+ }
+ }
+
+ if ($HardenedPathsSYSVOL) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\SYSVOL'
+ ValueData = 'RequireMutualAuthentication=1, RequireIntegrity=1'
+ }
+ }
+
+ if ($HardenedPathsNETLOGON) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\NETLOGON'
+ ValueData = 'RequireMutualAuthentication=1, RequireIntegrity=1'
+ }
+ }
+
+ if ($NoLockScreenSlideshow) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Personalization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoLockScreenSlideshow'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableScriptBlockLogging) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockLogging'
+ ValueData = 1
+ }
+ }
+
+ if (-not $EnableScriptBlockInvocationLogging) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockInvocationLogging'
+ ValueData = ''
+ }
+ }
+
+ if ($EnableTranscripting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableTranscripting'
+ ValueData = 1
+ }
+ }
+
+ if ($SetOutputDirectory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'OutputDirectory'
+ ValueData = 'C:\ProgramData\PS_Transcript'
+ }
+ }
+
+ if (-not $EnableInvocationHeader) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableInvocationHeader'
+ ValueData = ''
+ }
+ }
+
+ if ($DontDisplayNetworkSelectionUI) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DontDisplayNetworkSelectionUI'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableSmartScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableSmartScreen'
+ ValueData = 1
+ }
+ }
+
+ if ($BlockShellSmartScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ShellSmartScreenLevel'
+ ValueData = 'Block'
+ }
+ }
+
+ if ($EnumerateLocalUsers) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateLocalUsers'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowIndexingEncryptedStoresOrItems) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Windows Search'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowIndexingEncryptedStoresOrItems'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowBasic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowUnencryptedTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if (-not $AllowDigest) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDigest'
+ ValueData = 0
+ }
+ }
+
+ if (-not $AllowBasicWinRMService) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if (-not $AllowUnencryptedTrafficService) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableRunAs) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableRunAs'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableWebPnPDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWebPnPDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableHTTPPrinting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableHTTPPrinting'
+ ValueData = 1
+ }
+ }
+
+ if ($RestrictRemoteClients) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Rpc'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RestrictRemoteClients'
+ ValueData = 1
+ }
+ }
+
+ if ($DisablePasswordSaving) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePasswordSaving'
+ ValueData = 1
+ }
+ }
+
+ if ($fDisableCdm) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fDisableCdm'
+ ValueData = 1
+ }
+ }
+
+ if ($fPromptForPassword) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fPromptForPassword'
+ ValueData = 1
+ }
+ }
+
+ if ($fEncryptRPCTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fEncryptRPCTraffic'
+ ValueData = 1
+ }
+ }
+
+ if ($MinEncryptionLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinEncryptionLevel'
+ ValueData = 3
+ }
+ }
+
+ if (-not $UseLogonCredential) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseLogonCredential'
+ ValueData = 0
+ }
+ }
+
+ if ($DriverLoadPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Policies\EarlyLaunch'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DriverLoadPolicy'
+ ValueData = 3
+ }
+ }
+
+ if (-not $SMB1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SMB1'
+ ValueData = 0
+ }
+ }
+
+ if ($StartMrxSmb10) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\MrxSmb10'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Start'
+ ValueData = 4
+ }
+ }
+
+ if ($NoNameReleaseOnDemand) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Netbt\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoNameReleaseOnDemand'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableIPSourceRouting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if (-not $EnableICMPRedirect) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableICMPRedirect'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableIPSourceRoutingIPv6) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($AuditCredentialValidationSuccess) {
+ AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditCredentialValidationFailure) {
+ AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherAccountManagementEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Account Management Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Account Management Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditOtherAccountManagementEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Account Management Events (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Other Account Management Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityGroupManagementSuccess) {
+ AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security Group Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditSecurityGroupManagementFailure) {
+ AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security Group Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditUserAccountManagementSuccess) {
+ AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditUserAccountManagementFailure) {
+ AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPnpActivitySuccess) {
+ AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditPnpActivityFailure) {
+ AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditProcessCreationSuccess) {
+ AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Process Creation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditProcessCreationFailure) {
+ AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Process Creation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAccountLockoutFailure) {
+ AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Account Lockout'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if (-not $AuditAccountLockoutSuccess) {
+ AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Account Lockout'
+ AuditFlag = 'Success'
+ }
+ }
+ if ($AuditGroupMembershipSuccess) {
+ AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Group Membership'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditGroupMembershipFailure) {
+ AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Group Membership'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogoffSuccess) {
+ AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logoff'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditLogoffFailure) {
+ AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Logoff'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogonSuccess) {
+ AuditPolicySubcategory 'Audit Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogonFailure) {
+ AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSpecialLogonSuccess) {
+ AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Special Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditSpecialLogonFailure) {
+ AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Special Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+ if ($AuditOtherObjectAccessEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherObjectAccessEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditRemovableStorageSuccess) {
+ AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditRemovableStorageFailure) {
+ AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthenticationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditAuthenticationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthorizationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditAuthorizationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseSuccess) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseFailure) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditIpsecDriverSuccess) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditIpsecDriverFailure) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherSystemEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherSystemEventsFailure) {
+ AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityStateChangeSuccess) {
+ AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security State Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditSecurityStateChangeFailure) {
+ AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security State Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecuritySystemExtensionSuccess) {
+ AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security System Extension'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditSecuritySystemExtensionFailure) {
+ AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security System Extension'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSystemIntegritySuccess) {
+ AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSystemIntegrityFailure) {
+ AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditComputerAccountManagementSuccess) {
+ AuditPolicySubcategory 'Audit Computer Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Computer Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditComputerAccountManagementFailure) {
+ AuditPolicySubcategory 'Audit Computer Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Computer Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDirectoryServiceAccessSuccess) {
+ AuditPolicySubcategory 'Audit Directory Service Access (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Access'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditDirectoryServiceAccessFailure) {
+ AuditPolicySubcategory 'Audit Directory Service Access (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Access'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDirectoryServiceChangesSuccess) {
+ AuditPolicySubcategory 'Audit Directory Service Changes (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Directory Service Changes'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if (-not $AuditDirectoryServiceChangesFailure) {
+ AuditPolicySubcategory 'Audit Directory Service Changes (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Directory Service Changes'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($RestrictClientsToSAM) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+ {
+
+ Name = 'Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+
+ Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = @(
+
+ MSFT_RestrictedRemoteSamSecurityDescriptor
+
+ {
+
+ Permission = 'Allow'
+
+ Identity = 'Administrators'
+
+ }
+
+ )
+
+ }
+ }
+
+ if ($RestrictAnonymousAccess) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ {
+ Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled'
+ Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ }
+ }
+
+ if ($RequireStrongSessionKey) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ {
+ Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled'
+ }
+ }
+
+ if ($ElevateUIAccessApplications) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ {
+ User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled'
+ Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ }
+ }
+
+ if ($MinimumSessionSecurityNTLM) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked'
+ }
+ }
+
+ if ($ConfigureKerberosEncryptionTypes) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ {
+ Network_security_Configure_encryption_types_allowed_for_Kerberos = 'AES256_HMAC_SHA1'
+ Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ }
+ }
+
+ if ($DigitallySignCommunications) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_if_client_agrees'
+ {
+ Name = 'Microsoft_network_server_Digitally_sign_communications_if_client_agrees'
+ Microsoft_network_server_Digitally_sign_communications_if_client_agrees = 'Enabled'
+ }
+ }
+
+ if ($UseFIPSCompliantAlgorithms) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ {
+ System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing = 'Enabled'
+ Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ }
+ }
+
+ if ($LanManagerAuthenticationLevel) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level'
+ {
+ Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM'
+ Name = 'Network_security_LAN_Manager_authentication_level'
+ }
+ }
+
+ if ($AllowLocalSystemNTLM) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM'
+ {
+ Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM = 'Enabled'
+ Name = 'Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM'
+ }
+ }
+
+ if ($InteractiveLogonMessageTitle) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ {
+ Name = 'Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ Interactive_logon_Message_title_for_users_attempting_to_log_on = 'US Department of Defense Warning Statement'
+ }
+ }
+
+ if ($DigitallySignSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ {
+ Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled'
+ Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ }
+ }
+
+ if (-not $AllowUIAccessElevateWithoutSecureDesktop) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop'
+ {
+ User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop = 'Disabled'
+ Name = 'User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop'
+ }
+ }
+
+ if ($SmartCardRemovalBehavior) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior'
+ {
+ Interactive_logon_Smart_card_removal_behavior = 'Lock workstation'
+ Name = 'Interactive_logon_Smart_card_removal_behavior'
+ }
+ }
+
+ if ($LimitLocalAccountBlankPasswords) {
+ SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ {
+ Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled'
+ }
+ }
+
+ if ($VirtualizeFileAndRegistryWriteFailures) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ {
+ User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled'
+ Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ }
+ }
+
+ if ($InteractiveLogonMessageText) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ {
+ Interactive_logon_Message_text_for_users_attempting_to_log_on = $InteractiveLogonMessageText_Input
+ Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ }
+ }
+
+ if (-not $LetEveryonePermissionsApplyToAnonymousUsers) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ {
+ Network_access_Let_Everyone_permissions_apply_to_anonymous_users = 'Disabled'
+ Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ }
+ }
+
+ if ($DigitallyEncryptSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ {
+ Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled'
+ }
+ }
+
+ if (-not $ElevationPromptBehavior) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ {
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request'
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ }
+ }
+
+ if ($DigitallySignCommunicationsAlwaysServer) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always'
+ {
+ Microsoft_network_server_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_server_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($ForceStrongKeyProtection) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer'
+ {
+ Name = 'System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer'
+ System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer = 'User must enter a password each time they use a key'
+ }
+ }
+
+ if ($DigitallySignCommunicationsAlwaysClient) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always'
+ {
+ Microsoft_network_client_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_client_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($MinimumSessionSecurityNTLM) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked'
+ }
+ }
+
+ if (-not $DisableMachineAccountPasswordChanges) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes'
+ {
+ Domain_member_Disable_machine_account_password_changes = 'Disabled'
+ Name = 'Domain_member_Disable_machine_account_password_changes'
+ }
+ }
+
+ if ($RunAllAdministratorsInAdminApprovalMode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ {
+ User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled'
+ Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ }
+ }
+
+ if ($DigitallySignCommunicationsIfServerAgrees) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_if_server_agrees'
+ {
+ Name = 'Microsoft_network_client_Digitally_sign_communications_if_server_agrees'
+ Microsoft_network_client_Digitally_sign_communications_if_server_agrees = 'Enabled'
+ }
+ }
+
+ if ($DetectApplicationInstallationsPromptForElevation) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ {
+ User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled'
+ Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ }
+ }
+
+ if ($DoNotAllowAnonymousEnumerationOfSAMAccounts) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled'
+ }
+ }
+
+ if (-not $AllowLocalSystemNullSessionFallback) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback'
+ {
+ Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback'
+ Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled'
+ }
+ }
+
+ if ($AdminApprovalModeForBuiltInAdmin) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ {
+ User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled'
+ Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ }
+ }
+
+ if (-not $SendUnencryptedPasswordToThirdPartySMBServers) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ {
+ Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled'
+ Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ }
+ }
+
+ if ($PreviousLogonsToCache) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ {
+ Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available = '4'
+ Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ }
+ }
+
+ if ($MaximumMachineAccountPasswordAge) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age'
+ {
+ Name = 'Domain_member_Maximum_machine_account_password_age'
+ Domain_member_Maximum_machine_account_password_age = '30'
+ }
+ }
+
+ if ($DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled'
+ }
+ }
+
+ if ($ForceAuditPolicySubcategorySettings) {
+ SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ {
+ Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled'
+ }
+ }
+
+ if ($StrengthenDefaultPermissionsOfInternalSystemObjects) {
+ SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ {
+ System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled'
+ Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ }
+ }
+
+ if ($Allow_PKUL2U_Authentication) {
+ SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ {
+ Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities = 'Disabled'
+ Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ }
+ }
+
+ if ($Machine_Inactivity_Limit) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit'
+ {
+ Name = 'Interactive_logon_Machine_inactivity_limit'
+ Interactive_logon_Machine_inactivity_limit = '900'
+ }
+ }
+
+ if ($Do_Not_Store_LM_Hash) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ {
+ Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled'
+ }
+ }
+
+ if ($Encrypt_Secure_Channel_Data) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ {
+ Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled'
+ Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ }
+ }
+
+ if ($LDAP_Client_Signing_Requirements) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements'
+ {
+ Name = 'Network_security_LDAP_client_signing_requirements'
+ Network_security_LDAP_client_signing_requirements = 'Negotiate Signing'
+ }
+ }
+
+ if ($UAC_Elevation_Prompt_Behavior) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ {
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop'
+ }
+ }
+
+ if ($Lockout_Duration) {
+ AccountPolicy 'SecuritySetting(INF): LockoutDuration'
+ {
+ Account_lockout_duration = 15
+ Name = 'Account_lockout_duration'
+ }
+ }
+
+ if ($Lockout_Bad_Count) {
+ AccountPolicy 'SecuritySetting(INF): LockoutBadCount'
+ {
+ Account_lockout_threshold = 3
+ Name = 'Account_lockout_threshold'
+ }
+ }
+ if ($Reset_Lockout_Count) {
+ AccountPolicy 'SecuritySetting(INF): ResetLockoutCount'
+ {
+ Reset_account_lockout_counter_after = 15
+ Name = 'Reset_account_lockout_counter_after'
+ }
+ }
+
+ if ($Rename_Guest_Account) {
+ SecurityOption 'SecuritySetting(INF): NewGuestName'
+ {
+ Name = 'Accounts_Rename_guest_account'
+ Accounts_Rename_guest_account = 'Visitor'
+ }
+ }
+
+ if ($Minimum_Password_Age) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge'
+ {
+ Name = 'Minimum_Password_Age'
+ Minimum_Password_Age = 1
+ }
+ }
+
+ if ($Password_Complexity) {
+ AccountPolicy 'SecuritySetting(INF): PasswordComplexity'
+ {
+ Password_must_meet_complexity_requirements = 'Enabled'
+ Name = 'Password_must_meet_complexity_requirements'
+ }
+ }
+
+ if ($Password_History_Size) {
+ AccountPolicy 'SecuritySetting(INF): PasswordHistorySize'
+ {
+ Name = 'Enforce_password_history'
+ Enforce_password_history = 24
+ }
+ }
+
+ if ($LSA_Anonymous_Name_Lookup) {
+ SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup'
+ {
+ Network_access_Allow_anonymous_SID_Name_translation = 'Disabled'
+ Name = 'Network_access_Allow_anonymous_SID_Name_translation'
+ }
+ }
+
+ if ($Minimum_Password_Length) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength'
+ {
+ Name = 'Minimum_Password_Length'
+ Minimum_Password_Length = 14
+ }
+ }
+
+ if ($Rename_Administrator_Account) {
+ SecurityOption 'SecuritySetting(INF): NewAdministratorName'
+ {
+ Accounts_Rename_administrator_account = 'X_Admin'
+ Name = 'Accounts_Rename_administrator_account'
+ }
+ }
+
+ if ($Enable_Guest_Account) {
+ SecurityOption 'SecuritySetting(INF): EnableGuestAccount'
+ {
+ Name = 'Accounts_Guest_account_status'
+ Accounts_Guest_account_status = 'Disabled'
+ }
+ }
+
+ if ($Maximum_Password_Age) {
+ AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge'
+ {
+ Maximum_Password_Age = 60
+ Name = 'Maximum_Password_Age'
+ }
+ }
+
+ if ($Clear_Text_Password) {
+ AccountPolicy 'SecuritySetting(INF): ClearTextPassword'
+ {
+ Name = 'Store_passwords_using_reversible_encryption'
+ Store_passwords_using_reversible_encryption = 'Disabled'
+ }
+ }
+
+ if ($Trusted_For_Delegation) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ }
+ }
+
+ if ($Access_From_Network) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-11', '*S-1-5-32-544')
+ Policy = 'Access_this_computer_from_the_network'
+ }
+ }
+
+ if ($Backup_Files_And_Directories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Back_up_files_and_directories'
+ }
+ }
+
+ if ($Impersonate_Client_After_Authentication) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication'
+ {
+ Force = $True
+ Identity = @('*S-1-5-6', '*S-1-5-20', '*S-1-5-19', '*S-1-5-32-544')
+ Policy = 'Impersonate_a_client_after_authentication'
+ }
+ }
+
+ if ($Perform_Volume_Maintenance_Tasks) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Perform_volume_maintenance_tasks'
+ }
+ }
+
+ if ($Load_Unload_Device_Drivers) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Load_and_unload_device_drivers'
+ }
+ }
+
+ if ($Take_Ownership_Of_Files) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Take_ownership_of_files_or_other_objects'
+ }
+ }
+
+ if ($Create_Permanent_Shared_Objects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_permanent_shared_objects'
+ }
+ }
+
+ if ($Deny_Access_From_Network) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins, '*S-1-5-32-546', '*S-1-5-114')
+ Policy = 'Deny_access_to_this_computer_from_the_network'
+ }
+ }
+
+ if ($Create_Global_Objects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544', '*S-1-5-19', '*S-1-5-20', '*S-1-5-6')
+ Policy = 'Create_global_objects'
+ }
+ }
+
+ if ($Deny_Log_On_As_Batch_Job) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins, '*S-1-5-32-546')
+ Policy = 'Deny_log_on_as_a_batch_job'
+ }
+ }
+
+ if ($Restore_Files_And_Directories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Restore_files_and_directories'
+ }
+ }
+
+ if ($Lock_Pages_In_Memory) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Lock_pages_in_memory'
+ }
+ }
+
+ if ($Deny_Log_On_As_Service) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins)
+ Policy = 'Deny_log_on_as_a_service'
+ }
+ }
+
+ if ($Increase_Scheduling_Priority) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Increase_scheduling_priority'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Increase_scheduling_priority'
+ }
+ }
+
+ if ($Force_Shutdown_From_Remote_System) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Force_shutdown_from_a_remote_system'
+ }
+ }
+
+ if ($Generate_Security_Audits) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Generate_security_audits'
+ {
+ Force = $True
+ Identity = @('*S-1-5-20', '*S-1-5-19')
+ Policy = 'Generate_security_audits'
+ }
+ }
+
+ if ($Deny_Log_On_Locally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins, '*S-1-5-32-546')
+ Policy = 'Deny_log_on_locally'
+ }
+ }
+
+ if ($Create_Symbolic_Links) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_symbolic_links'
+ }
+ }
+
+ if ($Debug_Programs) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Debug_programs'
+ }
+ }
+
+ if ($Allow_Log_On_Locally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Allow_log_on_locally'
+ }
+ }
+
+ if ($Manage_Auditing_And_Security_Log) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Manage_auditing_and_security_log'
+ }
+ }
+
+ if ($Act_As_Part_Of_Operating_System) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Act_as_part_of_the_operating_system'
+ }
+ }
+
+ if ($Profile_Single_Process) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Profile_single_process'
+ }
+ }
+
+ if ($Create_Token_Object) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_a_token_object'
+ }
+ }
+
+ if ($Access_Credential_Manager) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Access_Credential_Manager_as_a_trusted_caller'
+ }
+ }
+
+ if ($Modify_Firmware_Environment_Values) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Modify_firmware_environment_values'
+ }
+ }
+
+ if ($Create_Pagefile) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_a_pagefile'
+ }
+ }
+
+ if ($Deny_Log_On_Through_RDS) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins, '*S-1-5-32-546', '*S-1-5-113')
+ Policy = 'Deny_log_on_through_Remote_Desktop_Services'
+ }
+ }
+
+ if ($Add_Workstations_To_Domain) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Add_workstations_to_domain'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Add_workstations_to_domain'
+ }
+ }
+
+ if ($Allow_Log_On_Through_RDS) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_through_Remote_Desktop_Services'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Allow_log_on_through_Remote_Desktop_Services'
+ }
+ }
+
+ if ($LDAP_Server_Signing_Requirements) {
+ SecurityOption 'SecurityRegistry(INF): Domain_controller_LDAP_server_signing_requirements'
+ {
+ Domain_controller_LDAP_server_signing_requirements = 'Require Signing'
+ Name = 'Domain_controller_LDAP_server_signing_requirements'
+ }
+ }
+
+ if ($Refuse_Machine_Account_Password_Changes) {
+ SecurityOption 'SecurityRegistry(INF): Domain_controller_Refuse_machine_account_password_changes'
+ {
+ Name = 'Domain_controller_Refuse_machine_account_password_changes'
+ Domain_controller_Refuse_machine_account_password_changes = 'Disabled'
+ }
+ }
+
+ if ($Ticket_Validate_Client) {
+ AccountPolicy 'SecuritySetting(INF): TicketValidateClient'
+ {
+ Enforce_user_logon_restrictions = 'Enabled'
+ Name = 'Enforce_user_logon_restrictions'
+ }
+ }
+
+ if ($Max_Renew_Age) {
+ AccountPolicy 'SecuritySetting(INF): MaxRenewAge'
+ {
+ Maximum_lifetime_for_user_ticket_renewal = 8
+ Name = 'Maximum_lifetime_for_user_ticket_renewal'
+ }
+ }
+
+
+}
+
diff --git a/DSCResources/XOAP_DSCResource/XOAP_DSCResource.psd1 b/DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.psd1
similarity index 92%
rename from DSCResources/XOAP_DSCResource/XOAP_DSCResource.psd1
rename to DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.psd1
index 964076a..1b832e2 100644
--- a/DSCResources/XOAP_DSCResource/XOAP_DSCResource.psd1
+++ b/DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.psd1
@@ -1,15 +1,15 @@
#
-# Module manifest for module 'XOAP_DSCResource'
+# Module manifest for module 'DoD_Windows_10_v3r2'
#
# Generated by: XOAP.io
#
-# Generated on: 10/11/2023
+# Generated on: 1/14/2025
#
@{
# Script module or binary module file associated with this manifest.
-RootModule = 'XOAP_DSCResource.schema.psm1'
+RootModule = 'DoD_Windows_10_v3r2.schema.psm1'
# Version number of this module.
ModuleVersion = '0.0.1'
@@ -18,7 +18,7 @@ ModuleVersion = '0.0.1'
# CompatiblePSEditions = @()
# ID used to uniquely identify this module
-GUID = '09a6295a-d863-47d9-b8ac-22fedaf9fcfc'
+GUID = '156fd995-0ceb-43a2-a398-6c336e0f7277'
# Author of this module
Author = 'XOAP.io'
@@ -27,13 +27,13 @@ Author = 'XOAP.io'
CompanyName = 'RIS AG'
# Copyright statement for this module
-Copyright = '(c) XOAP.io. All rights reserved.'
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
# Description of the functionality provided by this module
-Description = 'Short description of the DSC resource.'
+Description = 'Apply STIG settings for Windows 10 '
# Minimum version of the Windows PowerShell engine required by this module
-PowerShellVersion = '5.1'
+# PowerShellVersion = ''
# Name of the Windows PowerShell host required by this module
# PowerShellHostName = ''
@@ -118,4 +118,7 @@ PrivateData = @{
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''
+
}
+
+
diff --git a/DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.schema.psm1 b/DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.schema.psm1
new file mode 100644
index 0000000..0278542
--- /dev/null
+++ b/DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.schema.psm1
@@ -0,0 +1,2758 @@
+configuration DoD_Windows_10_v3r2
+{
+
+ param(
+ [string]$EnterpriseAdmins,
+ [string]$DomainAdmins,
+ [bool]$BatFile_SuppressionPolicy = $true,
+ [bool]$CmdFile_SuppressionPolicy = $true,
+ [bool]$ExeFile_SuppressionPolicy = $true,
+ [bool]$MscFile_SuppressionPolicy = $true,
+ [bool]$AutoConnectAllowedOEM = $true,
+ [bool]$EnumerateAdministrators = $true,
+ [bool]$NoWebServices = $true,
+ [bool]$NoAutorun = $true,
+ [bool]$NoDriveTypeAutoRun = $true,
+ [bool]$NoStartBanner = $true,
+ [bool]$PreXPSP2ShellProtocolBehavior = $true,
+ [bool]$PasswordComplexity = $true,
+ [bool]$PasswordLength = $true,
+ [bool]$PasswordAgeDays = $true,
+ [bool]$MSAOptional = $true,
+ [bool]$DisableAutomaticRestartSignOn = $true,
+ [bool]$LocalAccountTokenFilterPolicy = $true,
+ [bool]$ProcessCreationIncludeCmdLine_Enabled = $true,
+ [bool]$DevicePKInitEnabled = $true,
+ [bool]$DevicePKInitBehavior = $true,
+ [bool]$EnhancedAntiSpoofing = $true,
+ [bool]$EccCurves = $true,
+ [bool]$UseAdvancedStartup = $true,
+ [bool]$EnableBDEWithNoTPM = $true,
+ [bool]$UseTPM = $true,
+ [bool]$UseTPMPIN = $true,
+ [bool]$UseTPMKey = $true,
+ [bool]$UseTPMKeyPIN = $true,
+ [bool]$MinimumPIN = $true,
+ [bool]$DisableEnclosureDownload = $true,
+ [bool]$AllowBasicAuthInClear = $true,
+ [bool]$NotifyDisableIEOptions = $true,
+ [bool]$PreventCertErrorOverrides = $true,
+ [bool]$FormSuggest_Passwords = $true,
+ [bool]$EnabledV9 = $true,
+ [bool]$PreventOverrideAppRepUnknown = $true,
+ [bool]$PreventOverride = $true,
+ [bool]$RequireSecurityDevice = $true,
+ [bool]$ExcludeSecurityDevices_TPM12 = $true,
+ [bool]$MinimumPINLength = $true,
+ [bool]$DCSettingIndex = $true,
+ [bool]$ACSettingIndex = $true,
+ [bool]$DisableInventory = $true,
+ [bool]$LetAppsActivateWithVoiceAboveLock = $true,
+ [bool]$DisableWindowsConsumerFeatures = $true,
+ [bool]$AllowProtectedCreds = $true,
+ [bool]$AllowTelemetry = $true,
+ [bool]$LimitEnhancedDiagnosticDataWindowsAnalytics = $true,
+ [bool]$DODownloadMode = $true,
+ [bool]$EnableVirtualizationBasedSecurity = $true,
+ [bool]$RequirePlatformSecurityFeatures = $true,
+ [bool]$HypervisorEnforcedCodeIntegrity = $true,
+ [bool]$HVCIMATRequired = $true,
+ [bool]$LsaCfgFlags = $true,
+ [bool]$ConfigureSystemGuardLaunch = $true,
+ [bool]$MaxSize_Application = $true,
+ [bool]$MaxSize_Security = $true,
+ [bool]$MaxSize_System = $true,
+ [bool]$NoAutoplayfornonVolume = $true,
+ [bool]$NoDataExecutionPrevention = $true,
+ [bool]$NoHeapTerminationOnCorruption = $true,
+ [bool]$AllowGameDVR = $true,
+ [bool]$NoBackgroundPolicy = $true,
+ [bool]$NoGPOListChanges = $true,
+ [bool]$EnableUserControl = $true,
+ [bool]$AlwaysInstallElevated = $true,
+ [bool]$SafeForScripting = $true,
+ [bool]$DeviceEnumerationPolicy = $true,
+ [bool]$AllowInsecureGuestAuth = $true,
+ [bool]$NC_ShowSharedAccessUI = $true,
+ [bool]$HardenedPaths_SYSVOL = $true,
+ [bool]$HardenedPaths_NETLOGON = $true,
+ [bool]$NoLockScreenCamera = $true,
+ [bool]$NoLockScreenSlideshow = $true,
+ [bool]$EnableScriptBlockLogging = $true,
+ [bool]$EnableScriptBlockInvocationLogging = $true,
+ [bool]$EnableTranscripting = $true,
+ [bool]$OutputDirectory = $true,
+ [bool]$EnableInvocationHeader = $true,
+ [bool]$DontDisplayNetworkSelectionUI = $true,
+ [bool]$EnumerateLocalUsers = $true,
+ [bool]$EnableSmartScreen = $true,
+ [bool]$ShellSmartScreenLevel = $true,
+ [bool]$AllowDomainPINLogon = $true,
+ [bool]$fBlockNonDomain = $true,
+ [bool]$fMinimizeConnections = $true,
+ [bool]$AllowIndexingEncryptedStoresOrItems = $true,
+ [bool]$AllowBasic_Client = $true,
+ [bool]$AllowUnencryptedTraffic_Client = $true,
+ [bool]$AllowDigest_Client = $true,
+ [bool]$AllowBasic_Service = $true,
+ [bool]$AllowUnencryptedTraffic_Service = $true,
+ [bool]$DisableRunAs = $true,
+ [bool]$DisableWebPnPDownload = $true,
+ [bool]$DisableHTTPPrinting = $true,
+ [bool]$RestrictRemoteClients = $true,
+ [bool]$fAllowToGetHelp = $true,
+ [bool]$fAllowFullControl = $true,
+ [bool]$MaxTicketExpiry = $true,
+ [bool]$MaxTicketExpiryUnits = $true,
+ [bool]$fUseMailto = $true,
+ [bool]$DisablePasswordSaving = $true,
+ [bool]$fDisableCdm = $true,
+ [bool]$fPromptForPassword = $true,
+ [bool]$fEncryptRPCTraffic = $true,
+ [bool]$MinEncryptionLevel = $true,
+ [bool]$AllowWindowsInkWorkspace = $true,
+ [bool]$UseLogonCredential = $true,
+ [bool]$DisableExceptionChainValidation = $true,
+ [bool]$DriverLoadPolicy = $true,
+ [bool]$SMB1 = $true,
+ [bool]$Start_MrxSmb10 = $true,
+ [bool]$NoNameReleaseOnDemand = $true,
+ [bool]$DisableIPSourceRouting = $true,
+ [bool]$EnableICMPRedirect = $true,
+ [bool]$DisableIPSourceRouting_Tcpip6 = $true,
+ [bool]$AuditCredentialValidationSuccess = $true,
+ [bool]$AuditCredentialValidationFailure = $true,
+ [bool]$AuditSecurityGroupManagementSuccess = $true,
+ [bool]$AuditSecurityGroupManagementFailure = $true,
+ [bool]$AuditUserAccountManagementSuccess = $true,
+ [bool]$AuditUserAccountManagementFailure = $true,
+ [bool]$AuditPNPActivitySuccess = $true,
+ [bool]$AuditPNPActivityFailure = $true,
+ [bool]$AuditProcessCreationSuccess = $true,
+ [bool]$AuditProcessCreationFailure = $true,
+ [bool]$AuditAccountLockoutFailure = $true,
+ [bool]$AuditAccountLockoutSuccess = $true,
+ [bool]$AuditGroupMembershipSuccess = $true,
+ [bool]$AuditGroupMembershipFailure = $true,
+ [bool]$AuditLogoffSuccess = $true,
+ [bool]$AuditLogoffFailure = $true,
+ [bool]$AuditLogonSuccess = $true,
+ [bool]$AuditLogonFailure = $true,
+ [bool]$AuditOtherLogonLogoffEventsSuccess = $true,
+ [bool]$AuditOtherLogonLogoffEventsFailure = $true,
+ [bool]$AuditSpecialLogonSuccess = $true,
+ [bool]$AuditSpecialLogonFailure = $true,
+ [bool]$AuditDetailedFileShareFailure = $true,
+ [bool]$AuditDetailedFileShareSuccess = $true,
+ [bool]$AuditFileShareSuccess = $true,
+ [bool]$AuditFileShareFailure = $true,
+ [bool]$AuditOtherObjectAccessEventsSuccess = $true,
+ [bool]$AuditOtherObjectAccessEventsFailure = $true,
+ [bool]$AuditRemovableStorageSuccess = $true,
+ [bool]$AuditRemovableStorageFailure = $true,
+ [bool]$AuditPolicyChangeSuccess = $true,
+ [bool]$AuditPolicyChangeFailure = $true,
+ [bool]$AuditAuthenticationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthenticationPolicyChangeFailure = $true,
+ [bool]$AuditAuthorizationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthorizationPolicyChangeFailure = $true,
+ [bool]$AuditMPSSVCRuleLevelPolicyChangeSuccess = $true,
+ [bool]$AuditMPSSVCRuleLevelPolicyChangeFailure = $true,
+ [bool]$AuditOtherPolicyChangeEventsFailure = $true,
+ [bool]$AuditOtherPolicyChangeEventsSuccess = $true,
+ [bool]$AuditSensitivePrivilegeUseSuccess = $true,
+ [bool]$AuditSensitivePrivilegeUseFailure = $true,
+ [bool]$AuditIPsecDriverFailure = $true,
+ [bool]$AuditIPsecDriverSuccess = $true,
+ [bool]$AuditOtherSystemEventsSuccess = $true,
+ [bool]$AuditOtherSystemEventsFailure = $true,
+ [bool]$AuditSecurityStateChangeSuccess = $true,
+ [bool]$AuditSecurityStateChangeFailure = $true,
+ [bool]$AuditSecuritySystemExtensionSuccess = $true,
+ [bool]$AuditSecuritySystemExtensionFailure = $true,
+ [bool]$AuditSystemIntegritySuccess = $true,
+ [bool]$AuditSystemIntegrityFailure = $true,
+ [bool]$EnableComputerAndUserAccountsToBeTrustedForDelegation = $true,
+ [bool]$AccessThisComputerFromTheNetwork = $true,
+ [bool]$BackupFilesAndDirectories = $true,
+ [bool]$Impersonate_a_client_after_authentication = $true,
+ [bool]$Perform_volume_maintenance_tasks = $true,
+ [bool]$Load_and_unload_device_drivers = $true,
+ [bool]$Lock_pages_in_memory = $true,
+ [bool]$Take_ownership_of_files_or_other_objects = $true,
+ [bool]$Create_permanent_shared_objects = $true,
+ [bool]$Deny_access_to_this_computer_from_the_network = $true,
+ [bool]$Create_global_objects = $true,
+ [bool]$Deny_log_on_as_a_batch_job = $true,
+ [bool]$Restore_files_and_directories = $true,
+ [bool]$Access_Credential_Manager_as_a_trusted_caller = $true,
+ [bool]$Deny_log_on_as_a_service = $true,
+ [bool]$Force_shutdown_from_a_remote_system = $true,
+ [bool]$Deny_log_on_locally = $true,
+ [bool]$Create_symbolic_links = $true,
+ [bool]$Debug_programs = $true,
+ [bool]$Allow_log_on_locally = $true,
+ [bool]$Manage_auditing_and_security_log = $true,
+ [bool]$Act_as_part_of_the_operating_system = $true,
+ [bool]$Profile_single_process = $true,
+ [bool]$Create_a_token_object = $true,
+ [bool]$Change_the_system_time = $true,
+ [bool]$Modify_firmware_environment_values = $true,
+ [bool]$Create_a_pagefile = $true,
+ [bool]$Deny_log_on_through_Remote_Desktop_Services = $true,
+ [bool]$Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = $true,
+ [bool]$Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = $true,
+ [bool]$Domain_member_Require_strong_Windows_2000_or_later_session_key = $true,
+ [bool]$User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = $true,
+ [bool]$Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = $true,
+ [bool]$Network_security_Configure_encryption_types_allowed_for_Kerberos = $true,
+ [bool]$System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing = $true,
+ [bool]$Network_security_LAN_Manager_authentication_level = $true,
+ [bool]$Domain_member_Disable_machine_account_password_changes = $true,
+ [bool]$Interactive_logon_Message_title_for_users_attempting_to_log_on = $true,
+ [bool]$Domain_member_Digitally_sign_secure_channel_data_when_possible = $true,
+ [bool]$Interactive_logon_Smart_card_removal_behavior = $true,
+ [bool]$Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = $true,
+ [bool]$User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = $true,
+ [bool]$Interactive_logon_Message_text_for_users_attempting_to_log_on = $true,
+ [bool]$Domain_member_Digitally_encrypt_secure_channel_data_when_possible = $true,
+ [bool]$User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = $true,
+ [bool]$Microsoft_network_server_Digitally_sign_communications_always = $true,
+ [bool]$Microsoft_network_client_Digitally_sign_communications_always = $true,
+ [bool]$Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = $true,
+ [bool]$User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = $true,
+ [bool]$User_Account_Control_Detect_application_installations_and_prompt_for_elevation = $true,
+ [bool]$Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = $true,
+ [bool]$Network_security_Allow_LocalSystem_NULL_session_fallback = $true,
+ [bool]$User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = $true,
+ [bool]$Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = $true,
+ [bool]$Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available = $true,
+ [bool]$Domain_member_Maximum_machine_account_password_age = $true,
+ [bool]$Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = $true,
+ [bool]$Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = $true,
+ [bool]$System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = $true,
+ [bool]$Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities = $true,
+ [bool]$Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = $true,
+ [bool]$Interactive_logon_Machine_inactivity_limit = $true,
+ [bool]$Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = $true,
+ [bool]$Network_access_Let_Everyone_permissions_apply_to_anonymous_users = $true,
+ [bool]$Network_security_LDAP_client_signing_requirements = $true,
+ [bool]$User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = $true,
+ [bool]$Account_lockout_duration = $true,
+ [bool]$Account_lockout_threshold = $true,
+ [bool]$Reset_account_lockout_counter_after = $true,
+ [bool]$Accounts_Rename_guest_account = $true,
+ [bool]$Minimum_Password_Age = $true,
+ [bool]$Password_must_meet_complexity_requirements = $true,
+ [bool]$Enforce_password_history = $true,
+ [bool]$Network_access_Allow_anonymous_SID_Name_translation = $true,
+ [bool]$Minimum_Password_Length = $true,
+ [bool]$Accounts_Administrator_account_status = $true,
+ [bool]$Accounts_Rename_administrator_account = $true,
+ [bool]$Accounts_Guest_account_status = $true,
+ [bool]$Maximum_Password_Age = $true,
+ [bool]$Store_passwords_using_reversible_encryption = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($BatFile_SuppressionPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Classes\batfile\shell\runasuser\SuppressionPolicy'
+ {
+ Key = '\Software\Classes\batfile\shell\runasuser'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SuppressionPolicy'
+ ValueData = 4096
+ }
+ }
+
+ if ($CmdFile_SuppressionPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Classes\cmdfile\shell\runasuser\SuppressionPolicy'
+ {
+ Key = '\Software\Classes\cmdfile\shell\runasuser'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SuppressionPolicy'
+ ValueData = 4096
+ }
+ }
+
+ if ($ExeFile_SuppressionPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Classes\exefile\shell\runasuser\SuppressionPolicy'
+ {
+ Key = '\Software\Classes\exefile\shell\runasuser'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SuppressionPolicy'
+ ValueData = 4096
+ }
+ }
+
+ if ($MscFile_SuppressionPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Classes\mscfile\shell\runasuser\SuppressionPolicy'
+ {
+ Key = '\Software\Classes\mscfile\shell\runasuser'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SuppressionPolicy'
+ ValueData = 4096
+ }
+ }
+
+ if ($AutoConnectAllowedOEM) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\wcmsvc\wifinetworkmanager\config\AutoConnectAllowedOEM'
+ {
+ Key = '\Software\Microsoft\wcmsvc\wifinetworkmanager\config'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AutoConnectAllowedOEM'
+ ValueData = 0
+ }
+ }
+
+ if ($EnumerateAdministrators) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateAdministrators'
+ ValueData = 0
+ }
+ }
+
+ if ($NoWebServices) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoWebServices'
+ ValueData = 1
+ }
+ }
+
+ if ($NoAutorun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutorun'
+ ValueData = 1
+ }
+ }
+
+ if ($NoDriveTypeAutoRun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDriveTypeAutoRun'
+ ValueData = 255
+ }
+ }
+
+ if ($NoStartBanner) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartBanner'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoStartBanner'
+ ValueData = 1
+ }
+ }
+
+ if ($PreXPSP2ShellProtocolBehavior) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreXPSP2ShellProtocolBehavior'
+ ValueData = 0
+ }
+ }
+
+ if ($PasswordComplexity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordComplexity'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordComplexity'
+ ValueData = 4
+ }
+ }
+
+ if ($PasswordLength) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordLength'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordLength'
+ ValueData = 14
+ }
+ }
+
+ if ($PasswordAgeDays) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordAgeDays'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordAgeDays'
+ ValueData = 60
+ }
+ }
+
+ if ($MSAOptional) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MSAOptional'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableAutomaticRestartSignOn) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableAutomaticRestartSignOn'
+ ValueData = 1
+ }
+ }
+
+ if ($LocalAccountTokenFilterPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LocalAccountTokenFilterPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($ProcessCreationIncludeCmdLine_Enabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ProcessCreationIncludeCmdLine_Enabled'
+ ValueData = 1
+ }
+ }
+
+ if ($DevicePKInitEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DevicePKInitEnabled'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DevicePKInitEnabled'
+ ValueData = 1
+ }
+ }
+
+ if ($DevicePKInitBehavior) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DevicePKInitBehavior'
+ {
+ Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DevicePKInitBehavior'
+ ValueData = 0
+ }
+ }
+
+ if ($EnhancedAntiSpoofing) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing'
+ {
+ Key = '\Software\Policies\Microsoft\Biometrics\FacialFeatures'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnhancedAntiSpoofing'
+ ValueData = 1
+ }
+ }
+
+ if ($EccCurves) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Cryptography\Configuration\SSL\00010002\EccCurves'
+ {
+ Key = '\Software\Policies\Microsoft\Cryptography\Configuration\SSL\00010002'
+ ValueType = 'MultiString'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EccCurves'
+ ValueData = 'NistP384NistP256'
+ }
+ }
+
+ if ($UseAdvancedStartup) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseAdvancedStartup'
+ {
+ Key = '\Software\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseAdvancedStartup'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableBDEWithNoTPM) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\EnableBDEWithNoTPM'
+ {
+ Key = '\Software\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableBDEWithNoTPM'
+ ValueData = 1
+ }
+ }
+
+ if ($UseTPM) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseTPM'
+ {
+ Key = '\Software\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseTPM'
+ ValueData = 2
+ }
+ }
+
+ if ($UseTPMPIN) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseTPMPIN'
+ {
+ Key = '\Software\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseTPMPIN'
+ ValueData = 1
+ }
+ }
+
+ if ($UseTPMKey) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseTPMKey'
+ {
+ Key = '\Software\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseTPMKey'
+ ValueData = 2
+ }
+ }
+
+ if ($UseTPMKeyPIN) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseTPMKeyPIN'
+ {
+ Key = '\Software\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseTPMKeyPIN'
+ ValueData = 2
+ }
+ }
+
+ if ($MinimumPIN) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\MinimumPIN'
+ {
+ Key = '\Software\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinimumPIN'
+ ValueData = 6
+ }
+ }
+
+ if ($DisableEnclosureDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableEnclosureDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowBasicAuthInClear) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasicAuthInClear'
+ ValueData = 0
+ }
+ }
+
+ if ($NotifyDisableIEOptions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\NotifyDisableIEOptions'
+ {
+ Key = '\Software\Policies\Microsoft\Internet Explorer\Main'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NotifyDisableIEOptions'
+ ValueData = 0
+ }
+ }
+
+ if ($PreventCertErrorOverrides) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings\PreventCertErrorOverrides'
+ {
+ Key = '\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventCertErrorOverrides'
+ ValueData = 1
+ }
+ }
+
+ if ($FormSuggest_Passwords) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\Main\FormSuggest Passwords'
+ {
+ Key = '\Software\Policies\Microsoft\MicrosoftEdge\Main'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'FormSuggest Passwords'
+ ValueData = 'no'
+ }
+ }
+
+ if ($EnabledV9) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\EnabledV9'
+ {
+ Key = '\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnabledV9'
+ ValueData = 1
+ }
+ }
+
+ if ($PreventOverrideAppRepUnknown) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\PreventOverrideAppRepUnknown'
+ {
+ Key = '\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventOverrideAppRepUnknown'
+ ValueData = 1
+ }
+ }
+
+ if ($PreventOverride) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\PreventOverride'
+ {
+ Key = '\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreventOverride'
+ ValueData = 1
+ }
+ }
+
+ if ($RequireSecurityDevice) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\PassportForWork\RequireSecurityDevice'
+ {
+ Key = '\Software\Policies\Microsoft\PassportForWork'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RequireSecurityDevice'
+ ValueData = 1
+ }
+ }
+
+ if ($ExcludeSecurityDevices_TPM12) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices\TPM12'
+ {
+ Key = '\Software\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'TPM12'
+ ValueData = 0
+ }
+ }
+
+ if ($MinimumPINLength) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\PassportForWork\PINComplexity\MinimumPINLength'
+ {
+ Key = '\Software\Policies\Microsoft\PassportForWork\PINComplexity'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinimumPINLength'
+ ValueData = 6
+ }
+ }
+
+ if ($DCSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex'
+ {
+ Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DCSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($ACSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex'
+ {
+ Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ACSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableInventory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\AppCompat'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableInventory'
+ ValueData = 1
+ }
+ }
+
+ if ($LetAppsActivateWithVoiceAboveLock) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppPrivacy\LetAppsActivateWithVoiceAboveLock'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\AppPrivacy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LetAppsActivateWithVoiceAboveLock'
+ ValueData = 2
+ }
+ }
+
+ if ($DisableWindowsConsumerFeatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CloudContent\DisableWindowsConsumerFeatures'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CloudContent'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWindowsConsumerFeatures'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowProtectedCreds) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\CredentialsDelegation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowProtectedCreds'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowTelemetry) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DataCollection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowTelemetry'
+ ValueData = 2
+ }
+ }
+
+ if ($LimitEnhancedDiagnosticDataWindowsAnalytics) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\LimitEnhancedDiagnosticDataWindowsAnalytics'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DataCollection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LimitEnhancedDiagnosticDataWindowsAnalytics'
+ ValueData = 1
+ }
+ }
+
+ if ($DODownloadMode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeliveryOptimization\DODownloadMode'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeliveryOptimization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DODownloadMode'
+ ValueData = 2
+ }
+ }
+
+ if ($EnableVirtualizationBasedSecurity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableVirtualizationBasedSecurity'
+ ValueData = 1
+ }
+ }
+
+ if ($RequirePlatformSecurityFeatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RequirePlatformSecurityFeatures'
+ ValueData = 1
+ }
+ }
+
+ if ($HypervisorEnforcedCodeIntegrity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HypervisorEnforcedCodeIntegrity'
+ ValueData = 1
+ }
+ }
+
+ if ($HVCIMATRequired) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HVCIMATRequired'
+ ValueData = 0
+ }
+ }
+
+ if ($LsaCfgFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LsaCfgFlags'
+ ValueData = 1
+ }
+ }
+
+ if ($ConfigureSystemGuardLaunch) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ConfigureSystemGuardLaunch'
+ ValueData = 0
+ }
+ }
+
+ if ($MaxSize_Application) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\Application'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($MaxSize_Security) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\Security'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 1024000
+ }
+ }
+
+ if ($MaxSize_System) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\EventLog\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($NoAutoplayfornonVolume) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutoplayfornonVolume'
+ ValueData = 1
+ }
+ }
+
+ if ($NoDataExecutionPrevention) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDataExecutionPrevention'
+ ValueData = 0
+ }
+ }
+
+ if ($NoHeapTerminationOnCorruption) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoHeapTerminationOnCorruption'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowGameDVR) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\GameDVR\AllowGameDVR'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\GameDVR'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowGameDVR'
+ ValueData = 0
+ }
+ }
+
+ if ($NoBackgroundPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoBackgroundPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($NoGPOListChanges) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoGPOListChanges'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableUserControl) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableUserControl'
+ ValueData = 0
+ }
+ }
+
+ if ($AlwaysInstallElevated) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AlwaysInstallElevated'
+ ValueData = 0
+ }
+ }
+
+ if ($SafeForScripting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\SafeForScripting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SafeForScripting'
+ ValueData = 0
+ }
+ }
+
+ if ($DeviceEnumerationPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Kernel DMA Protection\DeviceEnumerationPolicy'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Kernel DMA Protection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DeviceEnumerationPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowInsecureGuestAuth) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\LanmanWorkstation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowInsecureGuestAuth'
+ ValueData = 0
+ }
+ }
+
+ if ($NC_ShowSharedAccessUI) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Network Connections'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NC_ShowSharedAccessUI'
+ ValueData = 0
+ }
+ }
+
+ if ($HardenedPaths_SYSVOL) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\SYSVOL'
+ ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1'
+ }
+ }
+
+ if ($HardenedPaths_NETLOGON) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\NETLOGON'
+ ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1'
+ }
+ }
+
+ if ($NoLockScreenCamera) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenCamera'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Personalization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoLockScreenCamera'
+ ValueData = 1
+ }
+ }
+
+ if ($NoLockScreenSlideshow) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Personalization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoLockScreenSlideshow'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableScriptBlockLogging) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockLogging'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableScriptBlockInvocationLogging) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockInvocationLogging'
+ ValueData = ''
+ }
+ }
+
+ if ($EnableTranscripting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableTranscripting'
+ ValueData = 1
+ }
+ }
+
+ if ($OutputDirectory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'OutputDirectory'
+ ValueData = 'C:\ProgramData\PS_Transcript'
+ }
+ }
+
+ if ($EnableInvocationHeader) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableInvocationHeader'
+ ValueData = ''
+ }
+ }
+
+ if ($DontDisplayNetworkSelectionUI) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DontDisplayNetworkSelectionUI'
+ ValueData = 1
+ }
+ }
+
+ if ($EnumerateLocalUsers) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateLocalUsers'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableSmartScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableSmartScreen'
+ ValueData = 1
+ }
+ }
+
+ if ($ShellSmartScreenLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ShellSmartScreenLevel'
+ ValueData = 'Block'
+ }
+ }
+
+ if ($AllowDomainPINLogon) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\AllowDomainPINLogon'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDomainPINLogon'
+ ValueData = 0
+ }
+ }
+
+ if ($fBlockNonDomain) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fBlockNonDomain'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fBlockNonDomain'
+ ValueData = 1
+ }
+ }
+
+ if ($fMinimizeConnections) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fMinimizeConnections'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fMinimizeConnections'
+ ValueData = 3
+ }
+ }
+
+ if ($EnumerateLocalUsers) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateLocalUsers'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableSmartScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableSmartScreen'
+ ValueData = 1
+ }
+ }
+
+ if ($ShellSmartScreenLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ShellSmartScreenLevel'
+ ValueData = 'Block'
+ }
+ }
+
+ if ($AllowDomainPINLogon) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\AllowDomainPINLogon'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDomainPINLogon'
+ ValueData = 0
+ }
+ }
+
+ if ($fBlockNonDomain) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fBlockNonDomain'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fBlockNonDomain'
+ ValueData = 1
+ }
+ }
+
+ if ($fMinimizeConnections) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fMinimizeConnections'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fMinimizeConnections'
+ ValueData = 3
+ }
+ }
+
+ if ($AllowIndexingEncryptedStoresOrItems) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\Windows Search'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowIndexingEncryptedStoresOrItems'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowBasic_Client) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowUnencryptedTraffic_Client) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowDigest_Client) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDigest'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowBasic_Service) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowUnencryptedTraffic_Service) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableRunAs) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs'
+ {
+ Key = '\Software\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableRunAs'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableWebPnPDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWebPnPDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableHTTPPrinting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableHTTPPrinting'
+ ValueData = 1
+ }
+ }
+
+ if ($RestrictRemoteClients) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Rpc'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RestrictRemoteClients'
+ ValueData = 1
+ }
+ }
+
+ if ($fAllowToGetHelp) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fAllowToGetHelp'
+ ValueData = 0
+ }
+ }
+
+ if ($fAllowFullControl) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowFullControl'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fAllowFullControl'
+ ValueData = ''
+ }
+ }
+
+ if ($MaxTicketExpiry) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiry'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxTicketExpiry'
+ ValueData = ''
+ }
+ }
+
+ if ($MaxTicketExpiryUnits) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiryUnits'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxTicketExpiryUnits'
+ ValueData = ''
+ }
+ }
+
+ if ($fUseMailto) {
+ RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\fUseMailto'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fUseMailto'
+ ValueData = ''
+ }
+ }
+
+ if ($DisablePasswordSaving) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePasswordSaving'
+ ValueData = 1
+ }
+ }
+
+ if ($fDisableCdm) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fDisableCdm'
+ ValueData = 1
+ }
+ }
+
+ if ($fPromptForPassword) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fPromptForPassword'
+ ValueData = 1
+ }
+ }
+
+ if ($fEncryptRPCTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fEncryptRPCTraffic'
+ ValueData = 1
+ }
+ }
+
+ if ($MinEncryptionLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel'
+ {
+ Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinEncryptionLevel'
+ ValueData = 3
+ }
+ }
+
+ if ($AllowWindowsInkWorkspace) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace\AllowWindowsInkWorkspace'
+ {
+ Key = '\Software\Policies\Microsoft\WindowsInkWorkspace'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowWindowsInkWorkspace'
+ ValueData = 1
+ }
+ }
+
+ if ($UseLogonCredential) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential'
+ {
+ Key = '\System\CurrentControlSet\Control\SecurityProviders\WDigest'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseLogonCredential'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableExceptionChainValidation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation'
+ {
+ Key = '\System\CurrentControlSet\Control\Session Manager\kernel'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableExceptionChainValidation'
+ ValueData = 0
+ }
+ }
+
+ if ($DriverLoadPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy'
+ {
+ Key = '\System\CurrentControlSet\Policies\EarlyLaunch'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DriverLoadPolicy'
+ ValueData = 3
+ }
+ }
+
+ if ($SMB1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters\SMB1'
+ {
+ Key = '\System\CurrentControlSet\Services\LanmanServer\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SMB1'
+ ValueData = 0
+ }
+ }
+
+ if ($Start_MrxSmb10) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\MrxSmb10\Start'
+ {
+ Key = '\System\CurrentControlSet\Services\MrxSmb10'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Start'
+ ValueData = 4
+ }
+ }
+
+ if ($NoNameReleaseOnDemand) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand'
+ {
+ Key = '\System\CurrentControlSet\Services\Netbt\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoNameReleaseOnDemand'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableIPSourceRouting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\System\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($EnableICMPRedirect) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect'
+ {
+ Key = '\System\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableICMPRedirect'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableIPSourceRouting_Tcpip6) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\System\CurrentControlSet\Services\Tcpip6\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($AuditCredentialValidationSuccess) {
+ AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditCredentialValidationFailure) {
+ AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityGroupManagementSuccess) {
+ AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security Group Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSecurityGroupManagementFailure) {
+ AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security Group Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditUserAccountManagementSuccess) {
+ AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditUserAccountManagementFailure) {
+ AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPNPActivitySuccess) {
+ AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditPNPActivityFailure) {
+ AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditProcessCreationSuccess) {
+ AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Process Creation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditProcessCreationFailure) {
+ AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Process Creation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAccountLockoutFailure) {
+ AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Account Lockout'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAccountLockoutSuccess) {
+ AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Account Lockout'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditGroupMembershipSuccess) {
+ AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Group Membership'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditGroupMembershipFailure) {
+ AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Group Membership'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogoffSuccess) {
+ AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logoff'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogoffFailure) {
+ AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Logoff'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogonSuccess) {
+ AuditPolicySubcategory 'Audit Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogonFailure) {
+ AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherLogonLogoffEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Logon/Logoff Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherLogonLogoffEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Logon/Logoff Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSpecialLogonSuccess) {
+ AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Special Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSpecialLogonFailure) {
+ AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Special Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDetailedFileShareFailure) {
+ AuditPolicySubcategory 'Audit Detailed File Share (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Detailed File Share'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDetailedFileShareSuccess) {
+ AuditPolicySubcategory 'Audit Detailed File Share (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Detailed File Share'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditFileShareSuccess) {
+ AuditPolicySubcategory 'Audit File Share (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'File Share'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditFileShareFailure) {
+ AuditPolicySubcategory 'Audit File Share (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'File Share'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherObjectAccessEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherObjectAccessEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditRemovableStorageSuccess) {
+ AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditRemovableStorageFailure) {
+ AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthenticationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditAuthenticationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthorizationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditAuthorizationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditMPSSVCRuleLevelPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'MPSSVC Rule-Level Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditMPSSVCRuleLevelPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'MPSSVC Rule-Level Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherPolicyChangeEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Policy Change Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Policy Change Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherPolicyChangeEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Policy Change Events (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Other Policy Change Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseSuccess) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseFailure) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditIPsecDriverFailure) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditIPsecDriverSuccess) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherSystemEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherSystemEventsFailure) {
+ AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityStateChangeSuccess) {
+ AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security State Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSecurityStateChangeFailure) {
+ AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security State Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecuritySystemExtensionSuccess) {
+ AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security System Extension'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSecuritySystemExtensionFailure) {
+ AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security System Extension'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSystemIntegritySuccess) {
+ AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSystemIntegrityFailure) {
+ AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($EnableComputerAndUserAccountsToBeTrustedForDelegation) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ }
+ }
+
+ if ($AccessThisComputerFromTheNetwork) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-555', '*S-1-5-32-544')
+ Policy = 'Access_this_computer_from_the_network'
+ }
+ }
+
+ if ($BackupFilesAndDirectories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Back_up_files_and_directories'
+ }
+ }
+
+ if ($Impersonate_a_client_after_authentication) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication'
+ {
+ Force = $True
+ Identity = @('*S-1-5-6', '*S-1-5-20', '*S-1-5-19', '*S-1-5-32-544')
+ Policy = 'Impersonate_a_client_after_authentication'
+ }
+ }
+
+ if ($Perform_volume_maintenance_tasks) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Perform_volume_maintenance_tasks'
+ }
+ }
+
+ if ($Load_and_unload_device_drivers) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Load_and_unload_device_drivers'
+ }
+ }
+
+ if ($Lock_pages_in_memory) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Lock_pages_in_memory'
+ }
+ }
+
+ if ($Take_ownership_of_files_or_other_objects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Take_ownership_of_files_or_other_objects'
+ }
+ }
+
+ if ($Create_permanent_shared_objects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_permanent_shared_objects'
+ }
+ }
+
+ if ($Deny_access_to_this_computer_from_the_network) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-113', '*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_access_to_this_computer_from_the_network'
+ }
+ }
+
+ if ($Create_global_objects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-6', '*S-1-5-20', '*S-1-5-19', '*S-1-5-32-544')
+ Policy = 'Create_global_objects'
+ }
+ }
+
+ if ($Deny_log_on_as_a_batch_job) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job'
+ {
+ Force = $True
+ Identity = @($EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_as_a_batch_job'
+ }
+ }
+
+ if ($Restore_files_and_directories) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Restore_files_and_directories'
+ }
+ }
+
+ if ($Access_Credential_Manager_as_a_trusted_caller) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Access_Credential_Manager_as_a_trusted_caller'
+ }
+ }
+
+ if ($Deny_log_on_as_a_service) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins)
+ Policy = 'Deny_log_on_as_a_service'
+ }
+ }
+
+ if ($Force_shutdown_from_a_remote_system) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Force_shutdown_from_a_remote_system'
+ }
+ }
+
+ if ($Deny_log_on_locally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_locally'
+ }
+ }
+
+ if ($Create_symbolic_links) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_symbolic_links'
+ }
+ }
+
+ if ($Debug_programs) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Debug_programs'
+ }
+ }
+
+ if ($Allow_log_on_locally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-545', '*S-1-5-32-544')
+ Policy = 'Allow_log_on_locally'
+ }
+ }
+
+ if ($Manage_auditing_and_security_log) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Manage_auditing_and_security_log'
+ }
+ }
+
+ if ($Act_as_part_of_the_operating_system) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Act_as_part_of_the_operating_system'
+ }
+ }
+
+ if ($Profile_single_process) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Profile_single_process'
+ }
+ }
+
+ if ($Create_a_token_object) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_a_token_object'
+ }
+ }
+
+ if ($Change_the_system_time) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Change_the_system_time'
+ {
+ Force = $True
+ Identity = @('*S-1-5-80-3169285310-278349998-1452333686-3865143136-4212226833', '*S-1-5-19', '*S-1-5-32-544')
+ Policy = 'Change_the_system_time'
+ }
+ }
+
+ if ($Modify_firmware_environment_values) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Modify_firmware_environment_values'
+ }
+ }
+
+ if ($Create_a_pagefile) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_a_pagefile'
+ }
+ }
+
+ if ($Deny_log_on_through_Remote_Desktop_Services) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services'
+ {
+ Force = $True
+ Identity = @('*S-1-5-113', '*S-1-5-32-546', $EnterpriseAdmins, $DomainAdmins)
+ Policy = 'Deny_log_on_through_Remote_Desktop_Services'
+ }
+ }
+
+ if ($Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+ {
+
+ Name = 'Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+
+ Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = @(
+
+ MSFT_RestrictedRemoteSamSecurityDescriptor
+
+ {
+
+ Permission = 'Allow'
+
+ Identity = 'Administrators'
+
+ }
+
+ )
+
+ }
+ }
+
+ if ($Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ {
+ Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled'
+ Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ }
+ }
+
+ if ($Domain_member_Require_strong_Windows_2000_or_later_session_key) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ {
+ Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled'
+ }
+ }
+
+ if ($User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ {
+ User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled'
+ Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ }
+ }
+
+ if ($Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked'
+ }
+ }
+
+ if ($Network_security_Configure_encryption_types_allowed_for_Kerberos) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ {
+ Network_security_Configure_encryption_types_allowed_for_Kerberos = '2147483640'
+ Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ }
+ }
+
+ if ($System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ {
+ System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing = 'Enabled'
+ Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ }
+ }
+
+ if ($Network_security_LAN_Manager_authentication_level) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level'
+ {
+ Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM'
+ Name = 'Network_security_LAN_Manager_authentication_level'
+ }
+ }
+
+ if ($Domain_member_Disable_machine_account_password_changes) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes'
+ {
+ Domain_member_Disable_machine_account_password_changes = 'Disabled'
+ Name = 'Domain_member_Disable_machine_account_password_changes'
+ }
+ }
+
+ if ($Interactive_logon_Message_title_for_users_attempting_to_log_on) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ {
+ Name = 'Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ Interactive_logon_Message_title_for_users_attempting_to_log_on = 'US Department of Defense Warning Statement'
+ }
+ }
+
+ if ($Domain_member_Digitally_sign_secure_channel_data_when_possible) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ {
+ Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled'
+ Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ }
+ }
+
+ if ($Interactive_logon_Smart_card_removal_behavior) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior'
+ {
+ Interactive_logon_Smart_card_removal_behavior = 'Lock workstation'
+ Name = 'Interactive_logon_Smart_card_removal_behavior'
+ }
+ }
+
+ if ($Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only) {
+ SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ {
+ Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled'
+ }
+ }
+
+ if ($User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ {
+ User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled'
+ Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ }
+ }
+
+ if ($Interactive_logon_Message_text_for_users_attempting_to_log_on) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ {
+ Interactive_logon_Message_text_for_users_attempting_to_log_on = 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: The USG routinely intercepts and monitors communications on this IS for purposes including but not limited to penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. At any time, the USG may inspect and seize data stored on this IS. Communications using or data stored on this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications or work product related to personal representation or services by attorneys, psychotherapists, or clergy and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'
+ Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ }
+ }
+
+ if ($Domain_member_Digitally_encrypt_secure_channel_data_when_possible) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ {
+ Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled'
+ }
+ }
+
+ if ($User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ {
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request'
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ }
+ }
+
+ if ($Microsoft_network_server_Digitally_sign_communications_always) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always'
+ {
+ Microsoft_network_server_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_server_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($Microsoft_network_client_Digitally_sign_communications_always) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always'
+ {
+ Microsoft_network_client_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_client_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked'
+ }
+ }
+
+ if ($User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ {
+ User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled'
+ Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ }
+ }
+
+ if ($User_Account_Control_Detect_application_installations_and_prompt_for_elevation) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ {
+ User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled'
+ Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ }
+ }
+
+ if ($Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled'
+ }
+ }
+
+ if ($Network_security_Allow_LocalSystem_NULL_session_fallback) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback'
+ {
+ Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback'
+ Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled'
+ }
+ }
+
+ if ($User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ {
+ User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled'
+ Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ }
+ }
+
+ if ($Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ {
+ Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled'
+ Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ }
+ }
+
+ if ($Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ {
+ Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available = '10'
+ Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ }
+ }
+
+ if ($Domain_member_Maximum_machine_account_password_age) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age'
+ {
+ Name = 'Domain_member_Maximum_machine_account_password_age'
+ Domain_member_Maximum_machine_account_password_age = '30'
+ }
+ }
+
+ if ($Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled'
+ }
+ }
+
+ if ($Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings) {
+ SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ {
+ Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled'
+ }
+ }
+
+ if ($System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links) {
+ SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ {
+ System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled'
+ Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ }
+ }
+
+ if ($Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities) {
+ SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ {
+ Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities = 'Disabled'
+ Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ }
+ }
+
+ if ($Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ {
+ Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled'
+ Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ }
+ }
+
+ if ($Interactive_logon_Machine_inactivity_limit) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit'
+ {
+ Name = 'Interactive_logon_Machine_inactivity_limit'
+ Interactive_logon_Machine_inactivity_limit = '900'
+ }
+ }
+
+ if ($Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ {
+ Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled'
+ }
+ }
+
+ if ($Network_access_Let_Everyone_permissions_apply_to_anonymous_users) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ {
+ Network_access_Let_Everyone_permissions_apply_to_anonymous_users = 'Disabled'
+ Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ }
+ }
+
+ if ($Network_security_LDAP_client_signing_requirements) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements'
+ {
+ Name = 'Network_security_LDAP_client_signing_requirements'
+ Network_security_LDAP_client_signing_requirements = 'Negotiate Signing'
+ }
+ }
+
+ if ($User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ {
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop'
+ }
+ }
+ if ($Account_lockout_duration) {
+ AccountPolicy 'SecuritySetting(INF): LockoutDuration'
+ {
+ Account_lockout_duration = 15
+ Name = 'Account_lockout_duration'
+ }
+ }
+
+ if ($Account_lockout_threshold) {
+ AccountPolicy 'SecuritySetting(INF): LockoutBadCount'
+ {
+ Account_lockout_threshold = 3
+ Name = 'Account_lockout_threshold'
+ }
+ }
+
+ if ($Reset_account_lockout_counter_after) {
+ AccountPolicy 'SecuritySetting(INF): ResetLockoutCount'
+ {
+ Reset_account_lockout_counter_after = 15
+ Name = 'Reset_account_lockout_counter_after'
+ }
+ }
+
+ if ($Accounts_Rename_guest_account) {
+ SecurityOption 'SecuritySetting(INF): NewGuestName'
+ {
+ Name = 'Accounts_Rename_guest_account'
+ Accounts_Rename_guest_account = 'Visitor'
+ }
+ }
+
+ if ($Minimum_Password_Age) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge'
+ {
+ Name = 'Minimum_Password_Age'
+ Minimum_Password_Age = 1
+ }
+ }
+
+ if ($Password_must_meet_complexity_requirements) {
+ AccountPolicy 'SecuritySetting(INF): PasswordComplexity'
+ {
+ Password_must_meet_complexity_requirements = 'Enabled'
+ Name = 'Password_must_meet_complexity_requirements'
+ }
+ }
+
+ if ($Enforce_password_history) {
+ AccountPolicy 'SecuritySetting(INF): PasswordHistorySize'
+ {
+ Name = 'Enforce_password_history'
+ Enforce_password_history = 24
+ }
+ }
+ if ($Network_access_Allow_anonymous_SID_Name_translation) {
+ SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup'
+ {
+ Network_access_Allow_anonymous_SID_Name_translation = 'Disabled'
+ Name = 'Network_access_Allow_anonymous_SID_Name_translation'
+ }
+ }
+
+ if ($Minimum_Password_Length) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength'
+ {
+ Name = 'Minimum_Password_Length'
+ Minimum_Password_Length = 14
+ }
+ }
+
+ if ($Accounts_Administrator_account_status) {
+ SecurityOption 'SecuritySetting(INF): EnableAdminAccount'
+ {
+ Accounts_Administrator_account_status = 'Disabled'
+ Name = 'Accounts_Administrator_account_status'
+ }
+ }
+
+ if ($Accounts_Rename_administrator_account) {
+ SecurityOption 'SecuritySetting(INF): NewAdministratorName'
+ {
+ Accounts_Rename_administrator_account = 'X_Admin'
+ Name = 'Accounts_Rename_administrator_account'
+ }
+ }
+
+ if ($Accounts_Guest_account_status) {
+ SecurityOption 'SecuritySetting(INF): EnableGuestAccount'
+ {
+ Name = 'Accounts_Guest_account_status'
+ Accounts_Guest_account_status = 'Disabled'
+ }
+ }
+
+ if ($Maximum_Password_Age) {
+ AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge'
+ {
+ Maximum_Password_Age = 60
+ Name = 'Maximum_Password_Age'
+ }
+ }
+
+ if ($Store_passwords_using_reversible_encryption) {
+ AccountPolicy 'SecuritySetting(INF): ClearTextPassword'
+ {
+ Name = 'Store_passwords_using_reversible_encryption'
+ Store_passwords_using_reversible_encryption = 'Disabled'
+ }
+ }
+}
+
diff --git a/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.psd1 b/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.psd1
new file mode 100644
index 0000000..da8b1ff
--- /dev/null
+++ b/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Windows_11_v2r2'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/14/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Windows_11_v2r2.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '835822b9-10a0-4bb4-a949-2997143fc084'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG configuration for Windows 11'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.schema.psm1 b/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.schema.psm1
new file mode 100644
index 0000000..3f502ad
--- /dev/null
+++ b/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.schema.psm1
@@ -0,0 +1,2633 @@
+configuration DoD_Windows_11_v2r2
+{
+
+ param(
+ [string]$EnterpriseAdmins,
+ [string]$DomainAdmins,
+ [bool]$SuppressionPolicy_BatFile = $true,
+ [bool]$SuppressionPolicy_CmdFile = $true,
+ [bool]$SuppressionPolicy_ExeFile = $true,
+ [bool]$SuppressionPolicy_MscFile = $true,
+ [bool]$AutoConnectAllowedOEM = $true,
+ [bool]$EnumerateAdministrators = $true,
+ [bool]$NoStartBanner = $true,
+ [bool]$NoWebServices = $true,
+ [bool]$NoAutorun = $true,
+ [bool]$NoDriveTypeAutoRun = $true,
+ [bool]$PreXPSP2ShellProtocolBehavior = $true,
+ [bool]$PasswordComplexity = $true,
+ [bool]$PasswordLength = $true,
+ [bool]$PasswordAgeDays = $true,
+ [bool]$LocalAccountTokenFilterPolicy = $true,
+ [bool]$MSAOptional = $true,
+ [bool]$DisableAutomaticRestartSignOn = $true,
+ [bool]$ProcessCreationIncludeCmdLine_Enabled = $true,
+ [bool]$DevicePKInitEnabled = $true,
+ [bool]$DevicePKInitBehavior = $true,
+ [bool]$EnhancedAntiSpoofing = $true,
+ [bool]$EccCurves = $true,
+ [bool]$UseAdvancedStartup = $true,
+ [bool]$EnableBDEWithNoTPM = $true,
+ [bool]$UseTPM = $true,
+ [bool]$UseTPMPIN = $true,
+ [bool]$UseTPMKey = $true,
+ [bool]$UseTPMKeyPIN = $true,
+ [bool]$MinimumPIN = $true,
+ [bool]$DisableEnclosureDownload = $true,
+ [bool]$AllowBasicAuthInClear = $true,
+ [bool]$NotifyDisableIEOptions = $true,
+ [bool]$RequireSecurityDevice = $true,
+ [bool]$TPM12 = $true,
+ [bool]$MinimumPINLength = $true,
+ [bool]$DCSettingIndex = $true,
+ [bool]$ACSettingIndex = $true,
+ [bool]$DisableInventory = $true,
+ [bool]$LetAppsActivateWithVoiceAboveLock = $true,
+ [bool]$DisableWindowsConsumerFeatures = $true,
+ [bool]$AllowProtectedCreds = $true,
+ [bool]$LimitEnhancedDiagnosticDataWindowsAnalytics = $true,
+ [bool]$AllowTelemetry = $true,
+ [bool]$DODownloadMode = $true,
+ [bool]$EnableVirtualizationBasedSecurity = $true,
+ [bool]$RequirePlatformSecurityFeatures = $true,
+ [bool]$HypervisorEnforcedCodeIntegrity = $true,
+ [bool]$HVCIMATRequired = $true,
+ [bool]$LsaCfgFlags = $true,
+ [bool]$ConfigureSystemGuardLaunch = $true,
+ [bool]$MaxSizeApplicationLog = $true,
+ [bool]$MaxSizeSecurityLog = $true,
+ [bool]$MaxSizeSystemLog = $true,
+ [bool]$NoAutoplayForNonVolume = $true,
+ [bool]$NoDataExecutionPrevention = $true,
+ [bool]$NoHeapTerminationOnCorruption = $true,
+ [bool]$AllowGameDVR = $true,
+ [bool]$NoBackgroundPolicy = $true,
+ [bool]$NoGPOListChanges = $true,
+ [bool]$EnableUserControl = $true,
+ [bool]$AlwaysInstallElevated = $true,
+ [bool]$SafeForScripting = $true,
+ [bool]$DeviceEnumerationPolicy = $true,
+ [bool]$AllowInsecureGuestAuth = $true,
+ [bool]$NC_ShowSharedAccessUI = $true,
+ [bool]$HardenedPaths_SYSVOL = $true,
+ [bool]$HardenedPaths_NETLOGON = $true,
+ [bool]$NoLockScreenCamera = $true,
+ [bool]$NoLockScreenSlideshow = $true,
+ [bool]$EnableScriptBlockLogging = $true,
+ [bool]$EnableScriptBlockInvocationLogging = $true,
+ [bool]$EnableTranscripting = $true,
+ [bool]$OutputDirectory = $true,
+ [bool]$EnableInvocationHeader = $true,
+ [bool]$DontDisplayNetworkSelectionUI = $true,
+ [bool]$EnumerateLocalUsers = $true,
+ [bool]$EnableSmartScreen = $true,
+ [bool]$ShellSmartScreenLevel = $true,
+ [bool]$AllowDomainPINLogon = $true,
+ [bool]$fMinimizeConnections = $true,
+ [bool]$fBlockNonDomain = $true,
+ [bool]$AllowIndexingEncryptedStoresOrItems = $true,
+ [bool]$AllowBasicClient = $true,
+ [bool]$AllowUnencryptedTraffic = $true,
+ [bool]$AllowDigest = $true,
+ [bool]$AllowBasicService = $true,
+ [bool]$DisableRunAs = $true,
+ [bool]$DisableWebPnPDownload = $true,
+ [bool]$DisableHTTPPrinting = $true,
+ [bool]$RestrictRemoteClients = $true,
+ [bool]$fAllowToGetHelp = $true,
+ [bool]$fAllowFullControl = $true,
+ [bool]$MaxTicketExpiry = $true,
+ [bool]$MaxTicketExpiryUnits = $true,
+ [bool]$fUseMailto = $true,
+ [bool]$DisablePasswordSaving = $true,
+ [bool]$fDisableCdm = $true,
+ [bool]$fPromptForPassword = $true,
+ [bool]$fEncryptRPCTraffic = $true,
+ [bool]$MinEncryptionLevel = $true,
+ [bool]$AllowWindowsInkWorkspace = $true,
+ [bool]$UseLogonCredential = $true,
+ [bool]$DisableExceptionChainValidation = $true,
+ [bool]$DriverLoadPolicy = $true,
+ [bool]$SMB1 = $true,
+ [bool]$StartMrxSmb10 = $true,
+ [bool]$NoNameReleaseOnDemand = $true,
+ [bool]$DisableIPSourceRouting = $true,
+ [bool]$EnableICMPRedirect = $true,
+ [bool]$DisableIPSourceRoutingIPv6 = $true,
+ [bool]$AuditCredentialValidation = $true,
+ [bool]$AuditCredentialValidationFailure = $true,
+ [bool]$AuditSecurityGroupManagementSuccess = $true,
+ [bool]$AuditSecurityGroupManagementFailure = $true,
+ [bool]$AuditUserAccountManagementSuccess = $true,
+ [bool]$AuditUserAccountManagementFailure = $true,
+ [bool]$AuditPNPActivitySuccess = $true,
+ [bool]$AuditPNPActivityFailure = $true,
+ [bool]$AuditProcessCreationSuccess = $true,
+ [bool]$AuditProcessCreationFailure = $true,
+ [bool]$AuditAccountLockoutFailure = $true,
+ [bool]$AuditAccountLockoutSuccess = $true,
+ [bool]$AuditGroupMembershipSuccess = $true,
+ [bool]$AuditGroupMembershipFailure = $true,
+ [bool]$AuditLogoffSuccess = $true,
+ [bool]$AuditLogoffFailure = $true,
+ [bool]$AuditLogonSuccess = $true,
+ [bool]$AuditLogonFailure = $true,
+ [bool]$AuditOtherLogonLogoffEventsSuccess = $true,
+ [bool]$AuditOtherLogonLogoffEventsFailure = $true,
+ [bool]$AuditSpecialLogonSuccess = $true,
+ [bool]$AuditSpecialLogonFailure = $true,
+ [bool]$AuditDetailedFileShareFailure = $true,
+ [bool]$AuditDetailedFileShareSuccess = $true,
+ [bool]$AuditFileShareSuccess = $true,
+ [bool]$AuditFileShareFailure = $true,
+ [bool]$AuditOtherObjectAccessEventsSuccess = $true,
+ [bool]$AuditOtherObjectAccessEventsFailure = $true,
+ [bool]$AuditRemovableStorageSuccess = $true,
+ [bool]$AuditRemovableStorageFailure = $true,
+ [bool]$AuditAuditPolicyChangeSuccess = $true,
+ [bool]$AuditAuditPolicyChangeFailure = $true,
+ [bool]$AuditAuthenticationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthenticationPolicyChangeFailure = $true,
+ [bool]$AuditAuthorizationPolicyChangeSuccess = $true,
+ [bool]$AuditAuthorizationPolicyChangeFailure = $true,
+ [bool]$AuditMPSSVCRuleLevelPolicyChangeSuccess = $true,
+ [bool]$AuditMPSSVCRuleLevelPolicyChangeFailure = $true,
+ [bool]$AuditOtherPolicyChangeEventsSuccess = $true,
+ [bool]$AuditOtherPolicyChangeEventsFailure = $true,
+ [bool]$AuditSensitivePrivilegeUseSuccess = $true,
+ [bool]$AuditSensitivePrivilegeUseFailure = $true,
+ [bool]$AuditIPsecDriverFailure = $true,
+ [bool]$AuditIPsecDriverSuccess = $true,
+ [bool]$AuditOtherSystemEventsSuccess = $true,
+ [bool]$AuditOtherSystemEventsFailure = $true,
+ [bool]$AuditSecurityStateChangeSuccess = $true,
+ [bool]$AuditSecurityStateChangeFailure = $true,
+ [bool]$AuditSecuritySystemExtensionSuccess = $true,
+ [bool]$AuditSecuritySystemExtensionFailure = $true,
+ [bool]$AuditSystemIntegritySuccess = $true,
+ [bool]$AuditSystemIntegrityFailure = $true,
+ [bool]$UserRightsAssignmentDelegation = $true,
+ [bool]$UserRightsAssignmentNetworkAccess = $true,
+ [bool]$UserRightsAssignmentBackupFiles = $true,
+ [bool]$UserRightsAssignmentRestoreFiles = $true,
+ [bool]$UserRightsAssignmentVolumeMaintenance = $true,
+ [bool]$UserRightsAssignmentLoadUnloadDrivers = $true,
+ [bool]$UserRightsAssignmentLockPages = $true,
+ [bool]$UserRightsAssignmentTakeOwnership = $true,
+ [bool]$UserRightsAssignmentCreatePermanentSharedObjects = $true,
+ [bool]$UserRightsAssignmentDenyNetworkAccess = $true,
+ [bool]$UserRightsAssignmentCreateGlobalObjects = $true,
+ [bool]$UserRightsAssignmentDenyLogOnAsBatchJob = $true,
+ [bool]$UserRightsAssignmentAccessCredentialManager = $true,
+ [bool]$UserRightsAssignmentImpersonateClient = $true,
+ [bool]$UserRightsAssignmentDenyLogOnAsService = $true,
+ [bool]$UserRightsAssignmentForceShutdownRemote = $true,
+ [bool]$UserRightsAssignmentDenyLogOnLocally = $true,
+ [bool]$UserRightsAssignmentCreateSymbolicLinks = $true,
+ [bool]$UserRightsAssignmentDebugPrograms = $true,
+ [bool]$UserRightsAssignmentAllowLogOnLocally = $true,
+ [bool]$UserRightsAssignmentManageAuditing = $true,
+ [bool]$UserRightsAssignmentActAsPartOfOS = $true,
+ [bool]$UserRightsAssignmentProfileSingleProcess = $true,
+ [bool]$UserRightsAssignmentCreateTokenObject = $true,
+ [bool]$UserRightsAssignmentChangeSystemTime = $true,
+ [bool]$UserRightsAssignmentModifyFirmwareValues = $true,
+ [bool]$UserRightsAssignmentCreatePagefile = $true,
+ [bool]$UserRightsAssignmentDenyLogOnThroughRDS = $true,
+ [bool]$NetworkAccessRestrictClients = $true,
+ [bool]$RestrictAnonymousAccess = $true,
+ [bool]$StrongSessionKey = $true,
+ [bool]$ElevateUIAccessApps = $true,
+ [bool]$MinimumSessionSecurityNTLM = $true,
+ [bool]$AllowLocalSystemNullSessionFallback = $true,
+ [bool]$SystemCryptographyFIPS = $true,
+ [bool]$LANManagerAuthenticationLevel = $true,
+ [bool]$DisableMachineAccountPasswordChanges = $true,
+ [bool]$InteractiveLogonMessageTitle = $true,
+ [bool]$DigitallySignSecureChannelData = $true,
+ [bool]$LimitLocalAccountUseOfBlankPasswords = $true,
+ [bool]$VirtualizeFileAndRegistryFailures = $true,
+ [bool]$InteractiveLogonMachineInactivityLimit = $true,
+ [bool]$InteractiveLogonMessageText = $true,
+ [bool]$DigitallyEncryptSecureChannelData = $true,
+ [bool]$UACStandardUserElevationPrompt = $true,
+ [bool]$UACAdminApprovalMode = $true,
+ [bool]$NetworkServerDigitallySignCommunications = $true,
+ [bool]$NetworkClientDigitallySignCommunications = $true,
+ [bool]$MinimumSessionSecurityNTLMSP = $true,
+ [bool]$UACRunAllAdminsInAdminApprovalMode = $true,
+ [bool]$UACDetectApplicationInstallations = $true,
+ [bool]$DoNotAllowAnonymousEnumeration = $true,
+ [bool]$ConfigureEncryptionTypesKerberos = $true,
+ [bool]$NetworkClientSendUnencryptedPassword = $true,
+ [bool]$InteractiveLogonPreviousLogonsCache = $true,
+ [bool]$MaxMachineAccountPasswordAge = $true,
+ [bool]$DoNotAllowAnonymousEnumerationShares = $true,
+ [bool]$ForceAuditPolicySubcategorySettings = $true,
+ [bool]$StrengthenDefaultPermissions = $true,
+ [bool]$AllowPKU2UAuthenticationRequests = $true,
+ [bool]$DigitallyEncryptOrSignSecureChannelData = $true,
+ [bool]$SmartCardRemovalBehavior = $true,
+ [bool]$DoNotStoreLANManagerHash = $true,
+ [bool]$EveryonePermissionsForAnonymousUsers = $true,
+ [bool]$LDAPClientSigningRequirements = $true,
+ [bool]$UACAdminElevationPromptBehavior = $true,
+ [bool]$AccountLockoutDuration = $true,
+ [bool]$AccountLockoutThreshold = $true,
+ [bool]$ResetLockoutCount = $true,
+ [bool]$RenameGuestAccount = $true,
+ [bool]$MinimumPasswordAge = $true,
+ [bool]$PasswordHistorySize = $true,
+ [bool]$AnonymousNameLookup = $true,
+ [bool]$MinimumPasswordLength = $true,
+ [bool]$EnableAdminAccount = $true,
+ [bool]$NewAdministratorName = $true,
+ [bool]$EnableGuestAccount = $true,
+ [bool]$MaximumPasswordAge = $true,
+ [bool]$ClearTextPassword = $true
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($SuppressionPolicy_BatFile) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Classes\batfile\shell\runasuser\SuppressionPolicy'
+ {
+ Key = '\SOFTWARE\Classes\batfile\shell\runasuser'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SuppressionPolicy'
+ ValueData = 4096
+ }
+ }
+
+ if ($SuppressionPolicy_CmdFile) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Classes\cmdfile\shell\runasuser\SuppressionPolicy'
+ {
+ Key = '\SOFTWARE\Classes\cmdfile\shell\runasuser'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SuppressionPolicy'
+ ValueData = 4096
+ }
+ }
+
+ if ($SuppressionPolicy_ExeFile) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicy'
+ {
+ Key = '\SOFTWARE\Classes\exefile\shell\runasuser'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SuppressionPolicy'
+ ValueData = 4096
+ }
+ }
+
+ if ($SuppressionPolicy_MscFile) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Classes\mscfile\shell\runasuser\SuppressionPolicy'
+ {
+ Key = '\SOFTWARE\Classes\mscfile\shell\runasuser'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SuppressionPolicy'
+ ValueData = 4096
+ }
+ }
+
+ if ($AutoConnectAllowedOEM) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\wcmsvc\wifinetworkmanager\config\AutoConnectAllowedOEM'
+ {
+ Key = '\SOFTWARE\Microsoft\wcmsvc\wifinetworkmanager\config'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AutoConnectAllowedOEM'
+ ValueData = 0
+ }
+ }
+
+ if ($EnumerateAdministrators) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateAdministrators'
+ ValueData = 0
+ }
+ }
+
+ if ($NoStartBanner) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartBanner'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoStartBanner'
+ ValueData = 1
+ }
+ }
+
+ if ($NoWebServices) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoWebServices'
+ ValueData = 1
+ }
+ }
+
+ if ($NoAutorun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutorun'
+ ValueData = 1
+ }
+ }
+
+ if ($NoDriveTypeAutoRun) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDriveTypeAutoRun'
+ ValueData = 255
+ }
+ }
+
+ if ($PreXPSP2ShellProtocolBehavior) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PreXPSP2ShellProtocolBehavior'
+ ValueData = 0
+ }
+ }
+
+ if ($PasswordComplexity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordComplexity'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordComplexity'
+ ValueData = 4
+ }
+ }
+
+ if ($PasswordLength) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordLength'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordLength'
+ ValueData = 14
+ }
+ }
+
+ if ($PasswordAgeDays) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordAgeDays'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PasswordAgeDays'
+ ValueData = 60
+ }
+ }
+
+ if ($LocalAccountTokenFilterPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LocalAccountTokenFilterPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($MSAOptional) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MSAOptional'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableAutomaticRestartSignOn) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableAutomaticRestartSignOn'
+ ValueData = 1
+ }
+ }
+
+ if ($ProcessCreationIncludeCmdLine_Enabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ProcessCreationIncludeCmdLine_Enabled'
+ ValueData = 1
+ }
+ }
+
+ if ($DevicePKInitEnabled) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DevicePKInitEnabled'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DevicePKInitEnabled'
+ ValueData = 1
+ }
+ }
+
+ if ($DevicePKInitBehavior) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DevicePKInitBehavior'
+ {
+ Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DevicePKInitBehavior'
+ ValueData = 0
+ }
+ }
+
+ if ($EnhancedAntiSpoofing) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnhancedAntiSpoofing'
+ ValueData = 1
+ }
+ }
+
+ if ($EccCurves) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002\EccCurves'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002'
+ ValueType = 'MultiString'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EccCurves'
+ ValueData = 'NistP384NistP256'
+ }
+ }
+
+ if ($UseAdvancedStartup) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseAdvancedStartup'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseAdvancedStartup'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableBDEWithNoTPM) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\EnableBDEWithNoTPM'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableBDEWithNoTPM'
+ ValueData = 1
+ }
+ }
+
+ if ($UseTPM) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseTPM'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseTPM'
+ ValueData = 2
+ }
+ }
+
+ if ($UseTPMPIN) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseTPMPIN'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseTPMPIN'
+ ValueData = 1
+ }
+ }
+
+ if ($UseTPMKey) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseTPMKey'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseTPMKey'
+ ValueData = 2
+ }
+ }
+
+ if ($UseTPMKeyPIN) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseTPMKeyPIN'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseTPMKeyPIN'
+ ValueData = 2
+ }
+ }
+
+ if ($MinimumPIN) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\MinimumPIN'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\FVE'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinimumPIN'
+ ValueData = 6
+ }
+ }
+
+ if ($DisableEnclosureDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableEnclosureDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowBasicAuthInClear) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasicAuthInClear'
+ ValueData = 0
+ }
+ }
+
+ if ($NotifyDisableIEOptions) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\NotifyDisableIEOptions'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Internet Explorer\Main'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NotifyDisableIEOptions'
+ ValueData = 0
+ }
+ }
+
+ if ($RequireSecurityDevice) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork\RequireSecurityDevice'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\PassportForWork'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RequireSecurityDevice'
+ ValueData = 1
+ }
+ }
+
+ if ($TPM12) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices\TPM12'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'TPM12'
+ ValueData = 0
+ }
+ }
+
+ if ($MinimumPINLength) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity\MinimumPINLength'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinimumPINLength'
+ ValueData = 6
+ }
+ }
+
+ if ($DCSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DCSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($ACSettingIndex) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ACSettingIndex'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableInventory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\DisableInventory'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\AppCompat'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableInventory'
+ ValueData = 1
+ }
+ }
+
+ if ($LetAppsActivateWithVoiceAboveLock) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy\LetAppsActivateWithVoiceAboveLock'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LetAppsActivateWithVoiceAboveLock'
+ ValueData = 2
+ }
+ }
+
+ if ($DisableWindowsConsumerFeatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent\DisableWindowsConsumerFeatures'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\CloudContent'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWindowsConsumerFeatures'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowProtectedCreds) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowProtectedCreds'
+ ValueData = 1
+ }
+ }
+
+ if ($LimitEnhancedDiagnosticDataWindowsAnalytics) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\LimitEnhancedDiagnosticDataWindowsAnalytics'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\DataCollection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LimitEnhancedDiagnosticDataWindowsAnalytics'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowTelemetry) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\DataCollection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowTelemetry'
+ ValueData = 1
+ }
+ }
+
+ if ($DODownloadMode) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DODownloadMode'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DODownloadMode'
+ ValueData = 2
+ }
+ }
+
+ if ($EnableVirtualizationBasedSecurity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableVirtualizationBasedSecurity'
+ ValueData = 1
+ }
+ }
+
+ if ($RequirePlatformSecurityFeatures) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RequirePlatformSecurityFeatures'
+ ValueData = 1
+ }
+ }
+
+ if ($HypervisorEnforcedCodeIntegrity) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HypervisorEnforcedCodeIntegrity'
+ ValueData = 1
+ }
+ }
+
+ if ($HVCIMATRequired) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'HVCIMATRequired'
+ ValueData = 0
+ }
+ }
+
+ if ($LsaCfgFlags) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LsaCfgFlags'
+ ValueData = 1
+ }
+ }
+
+ if ($ConfigureSystemGuardLaunch) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ConfigureSystemGuardLaunch'
+ ValueData = 0
+ }
+ }
+
+ if ($MaxSizeApplicationLog) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($MaxSizeSecurityLog) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 1024000
+ }
+ }
+
+ if ($MaxSizeSystemLog) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\System\MaxSize'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\EventLog\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxSize'
+ ValueData = 32768
+ }
+ }
+
+ if ($NoAutoplayForNonVolume) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoAutoplayfornonVolume'
+ ValueData = 1
+ }
+ }
+
+ if ($NoDataExecutionPrevention) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoDataExecutionPrevention'
+ ValueData = 0
+ }
+ }
+
+ if ($NoHeapTerminationOnCorruption) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Explorer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoHeapTerminationOnCorruption'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowGameDVR) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR\AllowGameDVR'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\GameDVR'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowGameDVR'
+ ValueData = 0
+ }
+ }
+
+ if ($NoBackgroundPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoBackgroundPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($NoGPOListChanges) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoGPOListChanges'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableUserControl) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\EnableUserControl'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableUserControl'
+ ValueData = 0
+ }
+ }
+
+ if ($AlwaysInstallElevated) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AlwaysInstallElevated'
+ ValueData = 0
+ }
+ }
+
+ if ($SafeForScripting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\SafeForScripting'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Installer'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SafeForScripting'
+ ValueData = 0
+ }
+ }
+
+ if ($DeviceEnumerationPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection\DeviceEnumerationPolicy'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DeviceEnumerationPolicy'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowInsecureGuestAuth) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowInsecureGuestAuth'
+ ValueData = 0
+ }
+ }
+
+ if ($NC_ShowSharedAccessUI) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Network Connections'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NC_ShowSharedAccessUI'
+ ValueData = 0
+ }
+ }
+
+ if ($HardenedPaths_SYSVOL) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\SYSVOL'
+ ValueData = 'RequireMutualAuthentication=1, RequireIntegrity=1'
+ }
+ }
+
+ if ($HardenedPaths_NETLOGON) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = '\\*\NETLOGON'
+ ValueData = 'RequireMutualAuthentication=1, RequireIntegrity=1'
+ }
+ }
+
+ if ($NoLockScreenCamera) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization\NoLockScreenCamera'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Personalization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoLockScreenCamera'
+ ValueData = 1
+ }
+ }
+
+ if ($NoLockScreenSlideshow) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Personalization'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoLockScreenSlideshow'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableScriptBlockLogging) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockLogging'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableScriptBlockInvocationLogging) {
+ RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableScriptBlockInvocationLogging'
+ ValueData = ''
+ }
+ }
+
+ if ($EnableTranscripting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableTranscripting'
+ ValueData = 1
+ }
+ }
+
+ if ($OutputDirectory) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'OutputDirectory'
+ ValueData = 'C:\ProgramData\PS_Transcript'
+ }
+ }
+
+ if ($EnableInvocationHeader) {
+ RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableInvocationHeader'
+ ValueData = ''
+ }
+ }
+
+ if ($DontDisplayNetworkSelectionUI) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DontDisplayNetworkSelectionUI'
+ ValueData = 1
+ }
+ }
+
+ if ($EnumerateLocalUsers) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\EnumerateLocalUsers'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnumerateLocalUsers'
+ ValueData = 0
+ }
+ }
+
+ if ($EnableSmartScreen) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\EnableSmartScreen'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableSmartScreen'
+ ValueData = 1
+ }
+ }
+
+ if ($ShellSmartScreenLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\ShellSmartScreenLevel'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\System'
+ ValueType = 'String'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'ShellSmartScreenLevel'
+ ValueData = 'Block'
+ }
+ }
+
+ if ($AllowDomainPINLogon) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\AllowDomainPINLogon'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\System'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDomainPINLogon'
+ ValueData = 0
+ }
+ }
+
+ if ($fMinimizeConnections) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fMinimizeConnections'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fMinimizeConnections'
+ ValueData = 3
+ }
+ }
+
+ if ($fBlockNonDomain) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fBlockNonDomain'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fBlockNonDomain'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowIndexingEncryptedStoresOrItems) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\Windows Search'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowIndexingEncryptedStoresOrItems'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowBasicClient) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\AllowBasic'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowUnencryptedTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowDigest) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\AllowDigest'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowDigest'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowBasicService) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\AllowBasic'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowBasic'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowUnencryptedTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowUnencryptedTraffic'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableRunAs) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableRunAs'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableWebPnPDownload) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableWebPnPDownload'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableHTTPPrinting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Printers'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableHTTPPrinting'
+ ValueData = 1
+ }
+ }
+
+ if ($RestrictRemoteClients) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Rpc'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'RestrictRemoteClients'
+ ValueData = 1
+ }
+ }
+
+ if ($fAllowToGetHelp) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fAllowToGetHelp'
+ ValueData = 0
+ }
+ }
+
+ if ($fAllowFullControl) {
+ RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fAllowFullControl'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fAllowFullControl'
+ ValueData = ''
+ }
+ }
+
+ if ($MaxTicketExpiry) {
+ RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiry'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxTicketExpiry'
+ ValueData = ''
+ }
+ }
+
+ if ($MaxTicketExpiryUnits) {
+ RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiryUnits'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MaxTicketExpiryUnits'
+ ValueData = ''
+ }
+ }
+
+ if ($fUseMailto) {
+ RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fUseMailto'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'String'
+ Ensure = 'Absent'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fUseMailto'
+ ValueData = ''
+ }
+ }
+
+ if ($DisablePasswordSaving) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisablePasswordSaving'
+ ValueData = 1
+ }
+ }
+
+ if ($fDisableCdm) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fDisableCdm'
+ ValueData = 1
+ }
+ }
+
+ if ($fPromptForPassword) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fPromptForPassword'
+ ValueData = 1
+ }
+ }
+
+ if ($fEncryptRPCTraffic) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'fEncryptRPCTraffic'
+ ValueData = 1
+ }
+ }
+
+ if ($MinEncryptionLevel) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'MinEncryptionLevel'
+ ValueData = 3
+ }
+ }
+
+ if ($AllowWindowsInkWorkspace) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsInkWorkspace\AllowWindowsInkWorkspace'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsInkWorkspace'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowWindowsInkWorkspace'
+ ValueData = 1
+ }
+ }
+
+ if ($UseLogonCredential) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'UseLogonCredential'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableExceptionChainValidation) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Control\Session Manager\kernel'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableExceptionChainValidation'
+ ValueData = 0
+ }
+ }
+
+ if ($DriverLoadPolicy) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Policies\EarlyLaunch'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DriverLoadPolicy'
+ ValueData = 3
+ }
+ }
+
+ if ($SMB1) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'SMB1'
+ ValueData = 0
+ }
+ }
+
+ if ($StartMrxSmb10) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\MrxSmb10'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'Start'
+ ValueData = 4
+ }
+ }
+
+ if ($NoNameReleaseOnDemand) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Netbt\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'NoNameReleaseOnDemand'
+ ValueData = 1
+ }
+ }
+
+ if ($DisableIPSourceRouting) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($EnableICMPRedirect) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableICMPRedirect'
+ ValueData = 0
+ }
+ }
+
+ if ($DisableIPSourceRoutingIPv6) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting'
+ {
+ Key = '\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DisableIPSourceRouting'
+ ValueData = 2
+ }
+ }
+
+ if ($AuditCredentialValidation) {
+ AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditCredentialValidationFailure) {
+ AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Credential Validation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityGroupManagementSuccess) {
+ AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security Group Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSecurityGroupManagementFailure) {
+ AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security Group Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditUserAccountManagementSuccess) {
+ AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditUserAccountManagementFailure) {
+ AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'User Account Management'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditPNPActivitySuccess) {
+ AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditPNPActivityFailure) {
+ AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Plug and Play Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditProcessCreationSuccess) {
+ AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Process Creation'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditProcessCreationFailure) {
+ AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Process Creation'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAccountLockoutFailure) {
+ AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Account Lockout'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAccountLockoutSuccess) {
+ AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Account Lockout'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditGroupMembershipSuccess) {
+ AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Group Membership'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditGroupMembershipFailure) {
+ AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Group Membership'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogoffSuccess) {
+ AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logoff'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogoffFailure) {
+ AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Logoff'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditLogonSuccess) {
+ AuditPolicySubcategory 'Audit Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditLogonFailure) {
+ AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherLogonLogoffEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Logon/Logoff Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherLogonLogoffEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Logon/Logoff Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSpecialLogonSuccess) {
+ AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Special Logon'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSpecialLogonFailure) {
+ AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Special Logon'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDetailedFileShareFailure) {
+ AuditPolicySubcategory 'Audit Detailed File Share (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Detailed File Share'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditDetailedFileShareSuccess) {
+ AuditPolicySubcategory 'Audit Detailed File Share (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Detailed File Share'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditFileShareSuccess) {
+ AuditPolicySubcategory 'Audit File Share (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'File Share'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditFileShareFailure) {
+ AuditPolicySubcategory 'Audit File Share (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'File Share'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherObjectAccessEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherObjectAccessEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Object Access Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditRemovableStorageSuccess) {
+ AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditRemovableStorageFailure) {
+ AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Removable Storage'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuditPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditAuditPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Audit Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthenticationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditAuthenticationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authentication Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditAuthorizationPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditAuthorizationPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Authorization Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditMPSSVCRuleLevelPolicyChangeSuccess) {
+ AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'MPSSVC Rule-Level Policy Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditMPSSVCRuleLevelPolicyChangeFailure) {
+ AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'MPSSVC Rule-Level Policy Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditOtherPolicyChangeEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other Policy Change Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Policy Change Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherPolicyChangeEventsFailure) {
+ AuditPolicySubcategory 'Audit Other Policy Change Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other Policy Change Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseSuccess) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSensitivePrivilegeUseFailure) {
+ AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Sensitive Privilege Use'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditIPsecDriverFailure) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditIPsecDriverSuccess) {
+ AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'IPsec Driver'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherSystemEventsSuccess) {
+ AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditOtherSystemEventsFailure) {
+ AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Other System Events'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecurityStateChangeSuccess) {
+ AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security State Change'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSecurityStateChangeFailure) {
+ AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security State Change'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSecuritySystemExtensionSuccess) {
+ AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'Security System Extension'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSecuritySystemExtensionFailure) {
+ AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion'
+ {
+ Ensure = 'Absent'
+ Name = 'Security System Extension'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($AuditSystemIntegritySuccess) {
+ AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Success'
+ }
+ }
+
+ if ($AuditSystemIntegrityFailure) {
+ AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion'
+ {
+ Ensure = 'Present'
+ Name = 'System Integrity'
+ AuditFlag = 'Failure'
+ }
+ }
+
+ if ($UserRightsAssignmentDelegation) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation'
+ }
+ }
+
+ if ($UserRightsAssignmentNetworkAccess) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-555', '*S-1-5-32-544')
+ Policy = 'Access_this_computer_from_the_network'
+ }
+ }
+
+ if ($UserRightsAssignmentBackupFiles) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Back_up_files_and_directories'
+ }
+ }
+
+ if ($UserRightsAssignmentRestoreFiles) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Restore_files_and_directories'
+ }
+ }
+
+ if ($UserRightsAssignmentVolumeMaintenance) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Perform_volume_maintenance_tasks'
+ }
+ }
+
+ if ($UserRightsAssignmentLoadUnloadDrivers) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Load_and_unload_device_drivers'
+ }
+ }
+
+ if ($UserRightsAssignmentLockPages) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Lock_pages_in_memory'
+ }
+ }
+
+ if ($UserRightsAssignmentTakeOwnership) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Take_ownership_of_files_or_other_objects'
+ }
+ }
+
+ if ($UserRightsAssignmentCreatePermanentSharedObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_permanent_shared_objects'
+ }
+ }
+
+ if ($UserRightsAssignmentDenyNetworkAccess) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins, '*S-1-5-32-546', '*S-1-5-113')
+ Policy = 'Deny_access_to_this_computer_from_the_network'
+ }
+ }
+
+ if ($UserRightsAssignmentCreateGlobalObjects) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects'
+ {
+ Force = $True
+ Identity = @('*S-1-5-6', '*S-1-5-20', '*S-1-5-19', '*S-1-5-32-544')
+ Policy = 'Create_global_objects'
+ }
+ }
+
+ if ($UserRightsAssignmentDenyLogOnAsBatchJob) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins)
+ Policy = 'Deny_log_on_as_a_batch_job'
+ }
+ }
+
+ if ($UserRightsAssignmentAccessCredentialManager) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Access_Credential_Manager_as_a_trusted_caller'
+ }
+ }
+
+ if ($UserRightsAssignmentImpersonateClient) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544', '*S-1-5-19', '*S-1-5-20', '*S-1-5-6')
+ Policy = 'Impersonate_a_client_after_authentication'
+ }
+ }
+
+ if ($UserRightsAssignmentDenyLogOnAsService) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins)
+ Policy = 'Deny_log_on_as_a_service'
+ }
+ }
+
+ if ($UserRightsAssignmentForceShutdownRemote) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Force_shutdown_from_a_remote_system'
+ }
+ }
+
+ if ($UserRightsAssignmentDenyLogOnLocally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins, '*S-1-5-32-546')
+ Policy = 'Deny_log_on_locally'
+ }
+ }
+
+ if ($UserRightsAssignmentCreateSymbolicLinks) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_symbolic_links'
+ }
+ }
+
+ if ($UserRightsAssignmentDebugPrograms) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Debug_programs'
+ }
+ }
+
+ if ($UserRightsAssignmentAllowLogOnLocally) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-545', '*S-1-5-32-544')
+ Policy = 'Allow_log_on_locally'
+ }
+ }
+
+ f ($UserRightsAssignmentManageAuditing) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Manage_auditing_and_security_log'
+ }
+ }
+
+ if ($UserRightsAssignmentActAsPartOfOS) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Act_as_part_of_the_operating_system'
+ }
+ }
+
+ if ($UserRightsAssignmentProfileSingleProcess) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Profile_single_process'
+ }
+ }
+
+ if ($UserRightsAssignmentCreateTokenObject) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object'
+ {
+ Force = $True
+ Identity = @('')
+ Policy = 'Create_a_token_object'
+ }
+ }
+
+ if ($UserRightsAssignmentChangeSystemTime) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Change_the_system_time'
+ {
+ Force = $True
+ Identity = @('*S-1-5-19', '*S-1-5-32-544')
+ Policy = 'Change_the_system_time'
+ }
+ }
+
+ if ($UserRightsAssignmentModifyFirmwareValues) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Modify_firmware_environment_values'
+ }
+ }
+
+ if ($UserRightsAssignmentCreatePagefile) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile'
+ {
+ Force = $True
+ Identity = @('*S-1-5-32-544')
+ Policy = 'Create_a_pagefile'
+ }
+ }
+
+ if ($UserRightsAssignmentDenyLogOnThroughRDS) {
+ UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services'
+ {
+ Force = $True
+ Identity = @($DomainAdmins, $EnterpriseAdmins, '*S-1-5-32-546', '*S-1-5-113')
+ Policy = 'Deny_log_on_through_Remote_Desktop_Services'
+ }
+ }
+
+ if ($NetworkAccessRestrictClients) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+ {
+
+ Name = 'Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM'
+
+ Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = @(
+
+ MSFT_RestrictedRemoteSamSecurityDescriptor
+
+ {
+
+ Permission = 'Allow'
+
+ Identity = 'Administrators'
+
+ }
+
+ )
+
+ }
+ }
+
+ if ($RestrictAnonymousAccess) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ {
+ Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled'
+ Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares'
+ }
+ }
+
+ if ($StrongSessionKey) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ {
+ Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key'
+ Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled'
+ }
+ }
+
+ if ($ElevateUIAccessApps) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ {
+ User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled'
+ Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations'
+ }
+ }
+
+ if ($MinimumSessionSecurityNTLM) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked'
+ }
+ }
+
+ if ($AllowLocalSystemNullSessionFallback) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback'
+ {
+ Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback'
+ Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled'
+ }
+ }
+
+ if ($SystemCryptographyFIPS) {
+ SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ {
+ System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing = 'Enabled'
+ Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing'
+ }
+ }
+
+ if ($LANManagerAuthenticationLevel) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level'
+ {
+ Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM'
+ Name = 'Network_security_LAN_Manager_authentication_level'
+ }
+ }
+
+ if ($DisableMachineAccountPasswordChanges) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes'
+ {
+ Domain_member_Disable_machine_account_password_changes = 'Disabled'
+ Name = 'Domain_member_Disable_machine_account_password_changes'
+ }
+ }
+
+ if ($InteractiveLogonMessageTitle) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ {
+ Name = 'Interactive_logon_Message_title_for_users_attempting_to_log_on'
+ Interactive_logon_Message_title_for_users_attempting_to_log_on = 'US Department of Defense Warning Statement'
+ }
+ }
+
+ if ($DigitallySignSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ {
+ Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled'
+ Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible'
+ }
+ }
+
+ if ($LimitLocalAccountUseOfBlankPasswords) {
+ SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ {
+ Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only'
+ Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled'
+ }
+ }
+
+ if ($VirtualizeFileAndRegistryFailures) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ {
+ User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled'
+ Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations'
+ }
+ }
+
+ if ($InteractiveLogonMachineInactivityLimit) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit'
+ {
+ Name = 'Interactive_logon_Machine_inactivity_limit'
+ Interactive_logon_Machine_inactivity_limit = '900'
+ }
+ }
+
+ if ($InteractiveLogonMessageText) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ {
+ Interactive_logon_Message_text_for_users_attempting_to_log_on = 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.,By using this IS (which includes any device attached to this IS), you consent to the following conditions:,-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.,-At any time, the USG may inspect and seize data stored on this IS.,-Communications using or data stored on this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.,-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.,-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications or work product related to personal representation or services by attorneys, psychotherapists, or clergy and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'
+ Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on'
+ }
+ }
+
+ if ($DigitallyEncryptSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ {
+ Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible'
+ Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled'
+ }
+ }
+
+ if ($UACStandardUserElevationPrompt) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ {
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request'
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users'
+ }
+ }
+
+ if ($UACAdminApprovalMode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ {
+ User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled'
+ Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account'
+ }
+ }
+
+ if ($NetworkServerDigitallySignCommunications) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always'
+ {
+ Microsoft_network_server_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_server_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($NetworkClientDigitallySignCommunications) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always'
+ {
+ Microsoft_network_client_Digitally_sign_communications_always = 'Enabled'
+ Name = 'Microsoft_network_client_Digitally_sign_communications_always'
+ }
+ }
+
+ if ($MinimumSessionSecurityNTLMSP) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ {
+ Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients'
+ Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked'
+ }
+ }
+
+ if ($UACRunAllAdminsInAdminApprovalMode) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ {
+ User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled'
+ Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode'
+ }
+ }
+
+ if ($UACDetectApplicationInstallations) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ {
+ User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled'
+ Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation'
+ }
+ }
+
+ if ($DoNotAllowAnonymousEnumeration) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled'
+ }
+ }
+
+ if ($ConfigureEncryptionTypesKerberos) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ {
+ Network_security_Configure_encryption_types_allowed_for_Kerberos = '2147483640'
+ Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos'
+ }
+ }
+
+ if ($NetworkClientSendUnencryptedPassword) {
+ SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ {
+ Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled'
+ Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers'
+ }
+ }
+
+ if ($InteractiveLogonPreviousLogonsCache) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ {
+ Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available = '10'
+ Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available'
+ }
+ }
+
+ if ($MaxMachineAccountPasswordAge) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age'
+ {
+ Name = 'Domain_member_Maximum_machine_account_password_age'
+ Domain_member_Maximum_machine_account_password_age = '30'
+ }
+ }
+
+ if ($DoNotAllowAnonymousEnumerationShares) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ {
+ Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares'
+ Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled'
+ }
+ }
+
+ if ($ForceAuditPolicySubcategorySettings) {
+ SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ {
+ Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings'
+ Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled'
+ }
+ }
+
+ if ($StrengthenDefaultPermissions) {
+ SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ {
+ System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled'
+ Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links'
+ }
+ }
+
+ if ($AllowPKU2UAuthenticationRequests) {
+ SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ {
+ Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities = 'Disabled'
+ Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities'
+ }
+ }
+
+ if ($DigitallyEncryptOrSignSecureChannelData) {
+ SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ {
+ Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled'
+ Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always'
+ }
+ }
+
+ if ($SmartCardRemovalBehavior) {
+ SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior'
+ {
+ Interactive_logon_Smart_card_removal_behavior = 'Lock workstation'
+ Name = 'Interactive_logon_Smart_card_removal_behavior'
+ }
+ }
+
+ if ($DoNotStoreLANManagerHash) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ {
+ Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change'
+ Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled'
+ }
+ }
+
+ if ($EveryonePermissionsForAnonymousUsers) {
+ SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ {
+ Network_access_Let_Everyone_permissions_apply_to_anonymous_users = 'Disabled'
+ Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users'
+ }
+ }
+
+ if ($LDAPClientSigningRequirements) {
+ SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements'
+ {
+ Name = 'Network_security_LDAP_client_signing_requirements'
+ Network_security_LDAP_client_signing_requirements = 'Negotiate Signing'
+ }
+ }
+
+ if ($UACAdminElevationPromptBehavior) {
+ SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ {
+ Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode'
+ User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop'
+ }
+ }
+
+ if ($AccountLockoutDuration) {
+ AccountPolicy 'SecuritySetting(INF): LockoutDuration'
+ {
+ Account_lockout_duration = 15
+ Name = 'Account_lockout_duration'
+ }
+ }
+
+ if ($AccountLockoutThreshold) {
+ AccountPolicy 'SecuritySetting(INF): LockoutBadCount'
+ {
+ Account_lockout_threshold = 3
+ Name = 'Account_lockout_threshold'
+ }
+ }
+
+ if ($ResetLockoutCount) {
+ AccountPolicy 'SecuritySetting(INF): ResetLockoutCount'
+ {
+ Reset_account_lockout_counter_after = 15
+ Name = 'Reset_account_lockout_counter_after'
+ }
+ }
+
+ if ($RenameGuestAccount) {
+ SecurityOption 'SecuritySetting(INF): NewGuestName'
+ {
+ Name = 'Accounts_Rename_guest_account'
+ Accounts_Rename_guest_account = 'Visitor'
+ }
+ }
+
+ if ($MinimumPasswordAge) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge'
+ {
+ Name = 'Minimum_Password_Age'
+ Minimum_Password_Age = 1
+ }
+ }
+
+ if ($PasswordComplexity) {
+ AccountPolicy 'SecuritySetting(INF): PasswordComplexity'
+ {
+ Password_must_meet_complexity_requirements = 'Enabled'
+ Name = 'Password_must_meet_complexity_requirements'
+ }
+ }
+
+ if ($PasswordHistorySize) {
+ AccountPolicy 'SecuritySetting(INF): PasswordHistorySize'
+ {
+ Name = 'Enforce_password_history'
+ Enforce_password_history = 24
+ }
+ }
+
+ if ($AnonymousNameLookup) {
+ SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup'
+ {
+ Network_access_Allow_anonymous_SID_Name_translation = 'Disabled'
+ Name = 'Network_access_Allow_anonymous_SID_Name_translation'
+ }
+ }
+
+ if ($MinimumPasswordLength) {
+ AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength'
+ {
+ Name = 'Minimum_Password_Length'
+ Minimum_Password_Length = 14
+ }
+ }
+
+ if ($EnableAdminAccount) {
+ SecurityOption 'SecuritySetting(INF): EnableAdminAccount'
+ {
+ Accounts_Administrator_account_status = 'Disabled'
+ Name = 'Accounts_Administrator_account_status'
+ }
+ }
+
+ if ($NewAdministratorName) {
+ SecurityOption 'SecuritySetting(INF): NewAdministratorName'
+ {
+ Accounts_Rename_administrator_account = 'X_Admin'
+ Name = 'Accounts_Rename_administrator_account'
+ }
+ }
+
+ if ($EnableGuestAccount) {
+ SecurityOption 'SecuritySetting(INF): EnableGuestAccount'
+ {
+ Name = 'Accounts_Guest_account_status'
+ Accounts_Guest_account_status = 'Disabled'
+ }
+ }
+
+ if ($MaximumPasswordAge) {
+ AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge'
+ {
+ Maximum_Password_Age = 60
+ Name = 'Maximum_Password_Age'
+ }
+ }
+
+ if ($ClearTextPassword) {
+ AccountPolicy 'SecuritySetting(INF): ClearTextPassword'
+ {
+ Name = 'Store_passwords_using_reversible_encryption'
+ Store_passwords_using_reversible_encryption = 'Disabled'
+ }
+ }
+
+}
+
diff --git a/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.psd1 b/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.psd1
new file mode 100644
index 0000000..8b3e8b9
--- /dev/null
+++ b/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.psd1
@@ -0,0 +1,124 @@
+#
+# Module manifest for module 'DoD_Windows_Defender_Firewall_v2r2'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/15/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'DoD_Windows_Defender_Firewall_v2r2.schema.psm1'
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = 'd4f3c474-9bac-4446-a824-2e248a07de31'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'Apply STIG policy for Windows Defender'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.schema.psm1 b/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.schema.psm1
new file mode 100644
index 0000000..97218b0
--- /dev/null
+++ b/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.schema.psm1
@@ -0,0 +1,263 @@
+configuration DoD_Windows_Defender_Firewall_v2r2
+{
+ param(
+ [bool]$PolicyVersion = $true,
+ [bool]$EnableFirewall = $true,
+ [bool]$DefaultOutboundAction = $true,
+ [bool]$DefaultInboundAction = $true,
+ [bool]$LogFileSize = $true,
+ [bool]$LogDroppedPackets_Domain = $true,
+ [bool]$LogSuccessfulConnections_Domain = $true,
+ [bool]$EnableFirewall_Private = $true,
+ [bool]$DefaultOutboundAction_Private = $true,
+ [bool]$DefaultInboundAction_Private = $true,
+ [bool]$LogFileSize_Private = $true,
+ [bool]$LogDroppedPackets_Private = $true,
+ [bool]$LogSuccessfulConnections_Private = $true,
+ [bool]$EnableFirewall_Public = $true,
+ [bool]$DefaultOutboundAction_Public = $true,
+ [bool]$DefaultInboundAction_Public = $true,
+ [bool]$AllowLocalPolicyMerge = $true,
+ [bool]$AllowLocalIPsecPolicyMerge = $true,
+ [bool]$LogFileSize_Public = $true,
+ [bool]$LogDroppedPackets_Public = $true,
+ [bool]$LogSuccessfulConnections_Public = $true
+
+ )
+
+ Import-DSCResource -ModuleName 'GPRegistryPolicyDsc'
+ Import-DSCResource -ModuleName 'AuditPolicyDSC'
+ Import-DSCResource -ModuleName 'SecurityPolicyDSC'
+
+ if ($PolicyVersion) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PolicyVersion'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'PolicyVersion'
+ ValueData = 539
+ }
+ }
+
+ if ($EnableFirewall) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableFirewall'
+ ValueData = 1
+ }
+ }
+
+ if ($DefaultOutboundAction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultOutboundAction'
+ ValueData = 0
+ }
+ }
+
+ if ($DefaultInboundAction) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultInboundAction'
+ ValueData = 1
+ }
+ }
+
+ if ($LogFileSize) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFileSize'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LogFileSize'
+ ValueData = 16384
+ }
+ }
+
+ if ($LogDroppedPackets_Domain) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogDroppedPackets'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LogDroppedPackets'
+ ValueData = 1
+ }
+ }
+
+ if ($LogSuccessfulConnections_Domain) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogSuccessfulConnections'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LogSuccessfulConnections'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableFirewall_Private) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableFirewall'
+ ValueData = 1
+ }
+ }
+
+ if ($DefaultOutboundAction_Private) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultOutboundAction'
+ ValueData = 0
+ }
+ }
+
+ if ($DefaultInboundAction_Private) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultInboundAction'
+ ValueData = 1
+ }
+ }
+
+ if ($LogFileSize_Private) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogFileSize'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LogFileSize'
+ ValueData = 16384
+ }
+ }
+
+ if ($LogDroppedPackets_Private) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogDroppedPackets'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LogDroppedPackets'
+ ValueData = 1
+ }
+ }
+
+ if ($LogSuccessfulConnections_Private) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogSuccessfulConnections'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LogSuccessfulConnections'
+ ValueData = 1
+ }
+ }
+
+ if ($EnableFirewall_Public) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'EnableFirewall'
+ ValueData = 1
+ }
+ }
+
+ if ($DefaultOutboundAction_Public) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultOutboundAction'
+ ValueData = 0
+ }
+ }
+
+ if ($DefaultInboundAction_Public) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'DefaultInboundAction'
+ ValueData = 1
+ }
+ }
+
+ if ($AllowLocalPolicyMerge) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowLocalPolicyMerge'
+ ValueData = 0
+ }
+ }
+
+ if ($AllowLocalIPsecPolicyMerge) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'AllowLocalIPsecPolicyMerge'
+ ValueData = 0
+ }
+ }
+
+ if ($LogFileSize_Public) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogFileSize'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LogFileSize'
+ ValueData = 16384
+ }
+ }
+
+ if ($LogDroppedPackets_Public) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogDroppedPackets'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LogDroppedPackets'
+ ValueData = 1
+ }
+ }
+
+ if ($LogSuccessfulConnections_Public) {
+ RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogSuccessfulConnections'
+ {
+ Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging'
+ ValueType = 'Dword'
+ TargetType = 'ComputerConfiguration'
+ ValueName = 'LogSuccessfulConnections'
+ ValueData = 1
+ }
+ }
+}
+
diff --git a/DSCResources/Services/Services.schema.psm1 b/DSCResources/Services/Services.schema.psm1
deleted file mode 100644
index e4ec3b3..0000000
--- a/DSCResources/Services/Services.schema.psm1
+++ /dev/null
@@ -1,53 +0,0 @@
-<#
-.SYNOPSIS
-Please fill me.
-
-.DESCRIPTION
-Please fill me.
-
-.COMPONENT
-Information about PowerShell Modules to be required.
-Powershell Module: PSDesiredStateConfiguration
-Powershell Module: AuditPolicyDSC
-Powershell Module: SecurityPolicyDSC
-Powershell Module: PowerShellAccessControl
-Powershell Module: WindowsDefender
-
-.EXAMPLE
-Get-DscResource -Module XOAP*
-
-.NOTES
-For more information about advanced functions, call Get-Help with any
-of the topics in the links listed below.
-Module Name : XOAPModuleTemplateDSC
-Resource Name : Services.schema.psm1
-Author : info@XOAP.io
-
-.LINK
-https://www.microsoft.com/en-us/download/details.aspx?id=55319
-
-.LINK
-https://www.powershellgallery.com/packages/BaselineManagement/2.9.0
-
-.LINK
-https://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7b83
-
-.LINK
-https://www.powershellgallery.com/packages/WindowsDefender/1.0.0.4
-#>
-configuration Services
-{
-
- #Import-DSCResource -ModuleName xPSDesiredStateConfiguration
- #
- #xRegistry disableInsecureCipher_a
- #{
- # Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56'
- # ValueName = 'Enabled'
- # ValueData = '0'
- # ValueType = 'Dword'
- # Ensure = 'Present'
- # Force = $true
- #}
-
-}
diff --git a/DSCResources/XOAP_DSCResource/XOAP_DSCResource.schema.psm1 b/DSCResources/XOAP_DSCResource/XOAP_DSCResource.schema.psm1
deleted file mode 100644
index 46bb944..0000000
--- a/DSCResources/XOAP_DSCResource/XOAP_DSCResource.schema.psm1
+++ /dev/null
@@ -1,16 +0,0 @@
-configuration 'XOAP_DSCResource'
-{
-
- Import-DSCResource -ModuleName 'XOAPModuleTemplateDSC' -Name 'XOAP_DSCResource' -ModuleVersion '0.0.1'
-
- <#
- Registry disableInsecureCipher_a
- {
- Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56'
- ValueName = 'Enabled'
- ValueData = '0'
- ValueType = 'Dword'
- Ensure = 'Present'
- Force = $true
- }#>
-}
diff --git a/New-CompositeResource.ps1 b/New-CompositeResource.ps1
deleted file mode 100755
index 5028548..0000000
--- a/New-CompositeResource.ps1
+++ /dev/null
@@ -1,75 +0,0 @@
-#Requires -Modules @{ ModuleName="Plaster"; ModuleVersion="1.1.3" }
-
-[CmdletBinding()]
-param (
- [Parameter(Mandatory=$true)]
- [ValidateNotNullOrEmpty()]
- [string]
- $Module,
- [Parameter(Mandatory=$true)]
- [ValidateNotNullOrEmpty()]
- [string]
- $Version,
- [Parameter(Mandatory=$true)]
- [ValidateNotNullOrEmpty()]
- [string]
- $Ressource,
- [Parameter()]
- [ValidateNotNullOrEmpty()]
- [string]
- $Company = "RIS AG"
-)
-
-$globalPrefix = "XOAP"
-$curDirectory = Resolve-Path .\
-$templatePath = Join-Path $curDirectory "templates"
-$rootModulePath = Resolve-Path .\source
-$Module = "${globalPrefix}${Module}DSC"
-$modulePath = Join-Path $rootModulePath "$Module"
-$moduleVersionPath = Join-Path $modulePath $Version
-$moduleRessources = Join-Path $moduleVersionPath "DSCResources"
-$ressourcePath = Join-Path $moduleRessources $Ressource
-
-
-Write-Output "Checking if module $Module already exists under $moduleVersionPath"
-
-if(Test-Path "$moduleVersionPath")
-{
- Write-Output "Module $Module with version $Version already exists. Continuing."
-}
-else
-{
- Write-Warning "Module $Module with version $Version does not exist. Creating new module. Please provide missing data."
- $template = Join-Path $templatePath "shared_module"
- $moduleData = @{
- project_name = $Module
- version = $Version
- company = $Company
- TemplatePath = "$template"
- DestinationPath = "$moduleVersionPath"
- }
-
- Invoke-Plaster @moduleData
-}
-
-
-Write-Output "Going to check if ressource $Ressource exists under $ressourcePath"
-
-if(Test-Path "$ressourcePath")
-{
- Write-Error "Ressource $Ressource already exists. Aborting"
-}
-else
-{
- Write-Output "Creating new ressource $Ressource for module $Module"
- $template = Join-Path $templatePath "composite_resource"
- $moduleData = @{
- project_name = "${Ressource}"
- version = "0.0.1"
- company = $Company
- TemplatePath = "$template"
- DestinationPath = "$ressourcePath"
- }
-
- Invoke-Plaster @moduleData
-}
diff --git a/Readme.md b/Readme.md
index ef41073..3dc0b46 100644
--- a/Readme.md
+++ b/Readme.md
@@ -1,6 +1,6 @@
-# XOAPModuleTemplateDSC
+# XOAPSTIGOCTOBER2024
-This repository is a template that can be used as a starting point for creating new DSC modules and resources.
+This repository contains the XOAPSTIGOctober2024DSC DSC module.
## Code of Conduct
@@ -16,44 +16,62 @@ A full list of changes in each version can be found in the [change log](CHANGELO
## Documentation
-This script is used to easily create new DSC modules and resources.
+The XOAP STIG October 2024 DSC module contains the following resources:
+
+- DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1
+- DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1
+- DoD_Google_Chrome_v2r10
+- DoD_Internet_Explorer_11_v2r4
+- DoD_Microsoft_Defender_Antivirus_STIG_v2r4
+- DoD_Microsoft_Edge_v2r2
+- DoD_Mozilla_Firefox_v6r5
+- DoD_Office_2019-M365_Apps_v3r1
+- DoD_Office_System_2013_and_Components
+- DoD_Office_System_2016_and_Components
+- DoD_Windows_10_v3r2
+- DoD_Windows_11_v2r2
+- DoD_Windows_Defender_Firewall_v2r2
+- DoD_WinSvr_2012_R2_MS_and_DC_v3r7
+- DoD_WinSvr_2016_MS_and_DC_v2r9
+- DoD_WinSvr_2019_MS_and_DC_v3r2
+- DoD_WinSvr_2022_MS_and_DC_v2r2
-## Prerequisites
-
-Please install Plaster first and make sure it's present.
-```powershell
-Install-Module Plaster
-Import-Module Plaster
-```
-
-## Create new DSC modules
+## Prerequisites
-Modules will be automatically created once you are creating a new DSC resource.
+Be sure that the following DSC modules are installed on your system:
-## Create new DSC resources
+- GPRegistryPolicyDsc (1.2.0)
+- AuditPolicyDSC (1.4.0.0)
+- SecurityPolicyDSC (2.10.0.0)
-DSC resources can easily be deployed via the invocation of
-```powershell
-.\New-CompositeResource.ps1
-```
+### Configuration Examples
-with parameters
+To implement the STIG October 2024 DSC module, add the following resources to your DSC configuration and adjust accordingly:
```powershell
-.\New-CompositeResource.ps1 -Module XOAPModuleTemplateDSC -Version 0.0.1 -Resource ScheduledTasks
-```
-
-The parameter list is as followed:
-
-| Parameter | Description | Note |
-|-----------|----------------------------------------|------|
-| Module | Name of the outer module part | - |
-| Version | Target version of the module | - |
-| Ressource | The name of the ressource /config part | - |
-
-### Examples
-
-You can review the [Examples](/Examples/Resources) directory in the **XOAPModuleTemplateDSC** module
-for some general use scenarios for all the resources that are in the module.
+Import-DSCResource -Module 'XOAPSTIGOctober2024DSC' -Name 'DoD_WinSvr_2022_MS_and_DC_v2r2' -ModuleVersion '1.0.0'
+
+Configuration XOAPSTIGOctober2024DSC
+{
+ param
+ (
+ [Parameter(Mandatory = $false)]
+ EnumerateAdministrators = $true,
+
+ [Parameter(Mandatory = $false)]
+ NoAutorun = $true
+ )
+
+ Node 'localhost'
+ {
+ DoD_WinSvr_2022_MS_and_DC_v2r2 Example
+ {
+ EnumerateAdministrators = $using:EnumerateAdministrators
+ NoAutorun = $using:NoAutorun
+ }
+ }
+}
+
+XOAPSTIGOctober2024DSC -OutputPath 'C:\XOAPSTIGOctober2024Output'
diff --git a/XOAPModuleTemplateDSC.psd1 b/XOAPSTIGOctober2024DSC.psd1
similarity index 87%
rename from XOAPModuleTemplateDSC.psd1
rename to XOAPSTIGOctober2024DSC.psd1
index ce78ae3..a51fc8b 100644
--- a/XOAPModuleTemplateDSC.psd1
+++ b/XOAPSTIGOctober2024DSC.psd1
@@ -1,124 +1,124 @@
-#
-# Module manifest for module 'XOAPAModuleTemplate1DSC'
-#
-# Generated by: Sinisa Sokolic
-#
-# Generated on: 7/25/2023
-#
-
-@{
-
-# Script module or binary module file associated with this manifest.
-# RootModule = ''
-
-# Version number of this module.
-ModuleVersion = '0.0.1'
-
-# Supported PSEditions
-# CompatiblePSEditions = @()
-
-# ID used to uniquely identify this module
-GUID = '9300a1eb-8865-4cf3-abf2-bd2f8f7d861d'
-
-# Author of this module
-Author = 'Sinisa Sokolic'
-
-# Company or vendor of this module
-CompanyName = 'RIS AG'
-
-# Copyright statement for this module
-Copyright = '(c) 2023 XOAP.io. All rights reserved.'
-
-# Description of the functionality provided by this module
-Description = 'Module to configure Azure Virtual Desktop Optimizations on Windows 11. '
-
-# Minimum version of the Windows PowerShell engine required by this module
-PowerShellVersion = '5.1'
-
-# Name of the Windows PowerShell host required by this module
-# PowerShellHostName = ''
-
-# Minimum version of the Windows PowerShell host required by this module
-# PowerShellHostVersion = ''
-
-# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# DotNetFrameworkVersion = ''
-
-# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# CLRVersion = ''
-
-# Processor architecture (None, X86, Amd64) required by this module
-# ProcessorArchitecture = ''
-
-# Modules that must be imported into the global environment prior to importing this module
-# RequiredModules = @()
-
-# Assemblies that must be loaded prior to importing this module
-# RequiredAssemblies = @()
-
-# Script files (.ps1) that are run in the caller's environment prior to importing this module.
-# ScriptsToProcess = @()
-
-# Type files (.ps1xml) to be loaded when importing this module
-# TypesToProcess = @()
-
-# Format files (.ps1xml) to be loaded when importing this module
-# FormatsToProcess = @()
-
-# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
-# NestedModules = @()
-
-# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-FunctionsToExport = @()
-
-# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport = @()
-
-# Variables to export from this module
-VariablesToExport = '*'
-
-# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-AliasesToExport = @()
-
-# DSC resources to export from this module
-# DscResourcesToExport = @()
-
-# List of all modules packaged with this module
-# ModuleList = @()
-
-# List of all files packaged with this module
-# FileList = @()
-
-# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-PrivateData = @{
-
- PSData = @{
-
- # Tags applied to this module. These help with module discovery in online galleries.
- # Tags = @()
-
- # A URL to the license for this module.
- # LicenseUri = ''
-
- # A URL to the main website for this project.
- # ProjectUri = ''
-
- # A URL to an icon representing this module.
- # IconUri = ''
-
- # ReleaseNotes of this module
- # ReleaseNotes = ''
-
- } # End of PSData hashtable
-
-} # End of PrivateData hashtable
-
-# HelpInfo URI of this module
-# HelpInfoURI = ''
-
-# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
-# DefaultCommandPrefix = ''
-
-}
-
-
+#
+# Module manifest for module 'XOAPSTIGOctober2024DSC'
+#
+# Generated by: XOAP.io
+#
+# Generated on: 1/13/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+# RootModule = ''
+
+# Version number of this module.
+ModuleVersion = '1.0.0'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '5dd4ca36-c91e-4330-a9fa-cc108f83bd07'
+
+# Author of this module
+Author = 'XOAP.io'
+
+# Company or vendor of this module
+CompanyName = 'RIS AG'
+
+# Copyright statement for this module
+Copyright = '(c) 2025 XOAP.io. All rights reserved.'
+
+# Description of the functionality provided by this module
+Description = 'DSC Module for using STIG Security Settings'
+
+# Minimum version of the Windows PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = @()
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = @()
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = @()
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+ PSData = @{
+
+ # Tags applied to this module. These help with module discovery in online galleries.
+ # Tags = @()
+
+ # A URL to the license for this module.
+ # LicenseUri = ''
+
+ # A URL to the main website for this project.
+ # ProjectUri = ''
+
+ # A URL to an icon representing this module.
+ # IconUri = ''
+
+ # ReleaseNotes of this module
+ # ReleaseNotes = ''
+
+ } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+
diff --git a/source/readme.txt b/source/readme.txt
deleted file mode 100644
index f23a437..0000000
--- a/source/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Location for created modules
\ No newline at end of file
diff --git a/templates/composite_resource/plasterManifest.xml b/templates/composite_resource/plasterManifest.xml
deleted file mode 100755
index d22610d..0000000
--- a/templates/composite_resource/plasterManifest.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-
-
-
- PowershellDSCResource
- 14f99429-b25c-45e0-be57-e43666652ab5
- 1.0.0
- PowershellDSCResource
-
- XOAP
-
-
-
-
-
-
-
-
-
-
- Creating new module manifest for ${PLASTER_PARAM_project_name}
-
- Copying schema template
-
-
-
diff --git a/templates/composite_resource/resource.schema.psm1.template b/templates/composite_resource/resource.schema.psm1.template
deleted file mode 100644
index 5c0788d..0000000
--- a/templates/composite_resource/resource.schema.psm1.template
+++ /dev/null
@@ -1,7 +0,0 @@
-configuration <%=${PLASTER_PARAM_project_name}%>
-{
-Import-DSCResource -ModuleName xPSDesiredStateConfiguration
-
-
-
-}
diff --git a/templates/shared_module/1-ConfigureScheduledTask.template b/templates/shared_module/1-ConfigureScheduledTask.template
deleted file mode 100644
index 7037be7..0000000
--- a/templates/shared_module/1-ConfigureScheduledTask.template
+++ /dev/null
@@ -1,15 +0,0 @@
-configuration Example
-{
- param
- (
- [string[]]$NodeName = 'localhost'
- )
-
- Import-DSCResource -ModuleName XOAPModuleTemplateDSC
-
- WindowsFeature IIS
- {
- Ensure = "Present"
- Name = "Web-Server"
- }
-}
diff --git a/templates/shared_module/CHANGELOG.md b/templates/shared_module/CHANGELOG.md
deleted file mode 100644
index 74fea6f..0000000
--- a/templates/shared_module/CHANGELOG.md
+++ /dev/null
@@ -1,32 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [unreleased]
-
-- tbd
-
-## [0.0.1] - 2022-06-26
-
-### Changed
-
-- tdb
-
-### Added
-
-- tdb
-
-### Fixed
-
-- tbd
-
-### Removed
-
-- tbd
-
-### Security
-
-- tbd
diff --git a/templates/shared_module/README.md b/templates/shared_module/README.md
deleted file mode 100644
index 1a8d303..0000000
--- a/templates/shared_module/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# <%=${PLASTER_PARAM_project_name}%>
-
-The <%=${PLASTER_PARAM_project_name}%> PowerShell module provides
-DSC resources that can be used to ... (explain what functionality the resources are meant to provide)
-
-## Installation
-
-To manually install the module, download the source code and unzip the contents
-of the \Modules\<%=${PLASTER_PARAM_project_name}%> directory to the
-$env:ProgramFiles\WindowsPowerShell\Modules folder
-
-To install from the PowerShell gallery using PowerShellGet (in PowerShell 5.0)
-run the following command:
-
- Find-Module -Name <%=${PLASTER_PARAM_project_name}%> -Repository PSGallery | Install-Module
-
-To confirm installation, run the below command and ensure you see the
-<%=${PLASTER_PARAM_project_name}%> DSC resources available:
-
- Get-DscResource -Module <%=${PLASTER_PARAM_project_name}%>
-
-## Usage
-
-Include the following in your DSC configuration
-
- Import-DSCResource -ModuleName <%=${PLASTER_PARAM_project_name}%>
-
-### MyResource
-
- MyResource resourceName {
- Ensure = "Present"
- }
-
-## Requirements
-
-The minimum PowerShell version required is 4.0, which ships in Windows 8.1
-or Windows Server 2012R2 (or higher versions). The preferred version is
-PowerShell 5.0 or higher, which ships with Windows 10 or Windows Server 2016.
diff --git a/templates/shared_module/_dummy b/templates/shared_module/_dummy
deleted file mode 100644
index e69de29..0000000
diff --git a/templates/shared_module/_gitignore b/templates/shared_module/_gitignore
deleted file mode 100644
index 6c99b45..0000000
--- a/templates/shared_module/_gitignore
+++ /dev/null
@@ -1,148 +0,0 @@
-# JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
-# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
-
-# User-specific stuff
-.idea/**/workspace.xml
-.idea/**/tasks.xml
-.idea/**/usage.statistics.xml
-.idea/**/dictionaries
-.idea/**/shelf
-
-# AWS User-specific
-.idea/**/aws.xml
-
-# Generated files
-.idea/**/contentModel.xml
-
-# Sensitive or high-churn files
-.idea/**/dataSources/
-.idea/**/dataSources.ids
-.idea/**/dataSources.local.xml
-.idea/**/sqlDataSources.xml
-.idea/**/dynamic.xml
-.idea/**/uiDesigner.xml
-.idea/**/dbnavigator.xml
-
-# Gradle
-.idea/**/gradle.xml
-.idea/**/libraries
-
-# Gradle and Maven with auto-import
-# When using Gradle or Maven with auto-import, you should exclude module files,
-# since they will be recreated, and may cause churn. Uncomment if using
-# auto-import.
-# .idea/artifacts
-# .idea/compiler.xml
-# .idea/jarRepositories.xml
-# .idea/modules.xml
-# .idea/*.iml
-# .idea/modules
-# *.iml
-# *.ipr
-
-# CMake
-cmake-build-*/
-
-# Mongo Explorer plugin
-.idea/**/mongoSettings.xml
-
-# File-based project format
-*.iws
-
-# IntelliJ
-out/
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Cursive Clojure plugin
-.idea/replstate.xml
-
-# SonarLint plugin
-.idea/sonarlint/
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
-# Editor-based Rest Client
-.idea/httpRequests
-
-# Android studio 3.1+ serialized cache file
-.idea/caches/build_file_checksums.ser
-
-# VSCode -----------------------------------------------------------
-
-.vscode/*
-!.vscode/settings.json
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
-!.vscode/*.code-snippets
-
-# Local History for Visual Studio Code
-.history/
-
-# Built Visual Studio Code Extensions
-*.vsix
-
-# Windows -----------------------------------------------------------
-
-# Windows thumbnail cache files
-Thumbs.db
-Thumbs.db:encryptable
-ehthumbs.db
-ehthumbs_vista.db
-
-# Dump file
-*.stackdump
-
-# Folder config file
-[Dd]esktop.ini
-
-# Recycle Bin used on file shares
-$RECYCLE.BIN/
-
-# Windows Installer files
-*.cab
-*.msi
-*.msix
-*.msm
-*.msp
-
-# Windows shortcuts
-*.lnk
-
-# macOS -----------------------------------------------------------
-
-# General
-.DS_Store
-.AppleDouble
-.LSOverride
-
-# Icon must end with two \r
-Icon
-
-# Thumbnails
-._*
-
-# Files that might appear in the root of a volume
-.DocumentRevisions-V100
-.fseventsd
-.Spotlight-V100
-.TemporaryItems
-.Trashes
-.VolumeIcon.icns
-.com.apple.timemachine.donotpresent
-
-# Directories potentially created on remote AFP share
-.AppleDB
-.AppleDesktop
-Network Trash Folder
-Temporary Items
-.apdisk
\ No newline at end of file
diff --git a/templates/shared_module/plasterManifest.xml b/templates/shared_module/plasterManifest.xml
deleted file mode 100755
index b6aa606..0000000
--- a/templates/shared_module/plasterManifest.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
- PowershellDSCModule
- 76d2fef8-679c-44d8-8d99-1d35c77f9c0d
- 1.0.0
- PowershellDSCModule
-
- XOAP
-
-
-
-
-
-
-
-
-
-
-
- Scaffold a PowerShell Module with the files required to run Pester tests.
-
-
-
-
-
-
-
-
-
-
diff --git a/test/Boilerplate.Tests.ps1 b/test/Boilerplate.Tests.ps1
deleted file mode 100644
index de23448..0000000
--- a/test/Boilerplate.Tests.ps1
+++ /dev/null
@@ -1,71 +0,0 @@
-$Global:DSCResourceName = 'My_DSCResource' #<----- Just change this
-
-Import-Module "$($PSScriptRoot)\..\..\DSCResources\$($Global:DSCResourceName)\$($Global:DSCResourceName).psm1" -Force
-
-# Helper function to list the names of mandatory parameters of *-TargetResource functions
-Function Get-MandatoryParameter {
- [CmdletBinding()]
- Param(
- [Parameter(Mandatory=$True)]
- [string]$CommandName
- )
- $GetCommandData = Get-Command "$($Global:DSCResourceName)\$CommandName"
- $MandatoryParameters = $GetCommandData.Parameters.Values | Where-Object { $_.Attributes.Mandatory -eq $True }
- return $MandatoryParameters.Name
-}
-
-# Getting the names of mandatory parameters for each *-TargetResource function
-$GetMandatoryParameter = Get-MandatoryParameter -CommandName "Get-TargetResource"
-$TestMandatoryParameter = Get-MandatoryParameter -CommandName "Test-TargetResource"
-$SetMandatoryParameter = Get-MandatoryParameter -CommandName "Set-TargetResource"
-
-# Splatting parameters values for Get, Test and Set-TargetResource functions
-$GetParams = @{
-
-}
-$TestParams = @{
-
-}
-$SetParams = @{
-
-}
-
-Describe "$($Global:DSCResourceName)\Get-TargetResource" {
-
- $GetReturn = & "$($Global:DSCResourceName)\Get-TargetResource" @GetParams
-
- It "Should return a hashtable" {
- $GetReturn | Should BeOfType System.Collections.Hashtable
- }
- Foreach ($MandatoryParameter in $GetMandatoryParameter) {
-
- It "Should return a hashtable with key named $MandatoryParameter" {
- $GetReturn.ContainsKey($MandatoryParameter) | Should Be $True
- }
- }
-}
-
-Describe "$($Global:DSCResourceName)\Test-TargetResource" {
-
- $TestReturn = & "$($Global:DSCResourceName)\Test-TargetResource" @TestParams
-
- It "Should have the same mandatory parameters as Get-TargetResource" {
- # Does not check for $True or $False but uses the output of Compare-Object.
- # That way, if this test fails Pester will show us the actual difference(s).
- (Compare-Object $GetMandatoryParameter $TestMandatoryParameter).InputObject | Should Be $Null
- }
- It "Should return a boolean" {
- $TestReturn | Should BeOfType System.Boolean
- }
-}
-
-Describe "$($Global:DSCResourceName)\Set-TargetResource" {
-
-$SetReturn = & "$($Global:DSCResourceName)\Set-TargetResource" @SetParams
-
-It "Should have the same mandatory parameters as Test-TargetResource" {
-(Compare-Object $TestMandatoryParameter $SetMandatoryParameter).InputObject | Should Be $Null
-}
-It "Should not return anything" {
-$SetReturn | Should Be $Null
-}
diff --git a/test/integration/default/XOAPModuleTemplateDSC.Tests.ps1 b/test/integration/default/XOAPModuleTemplateDSC.Tests.ps1
deleted file mode 100644
index acf638d..0000000
--- a/test/integration/default/XOAPModuleTemplateDSC.Tests.ps1
+++ /dev/null
@@ -1,12 +0,0 @@
-Describe 'When setting up a webserver' {
- Context 'to start the default website' {
-
- It 'verifies IIS is installed' {
- (Get-WindowsFeature web-server).installed | should be $true
- }
-
- It 'installs a default website' {
- Get-Website 'Default Web Site' | should not be $null
- }
- }
-}
diff --git a/test/module.test.ps1 b/test/module.test.ps1
deleted file mode 100644
index 3a0dca9..0000000
--- a/test/module.test.ps1
+++ /dev/null
@@ -1,13 +0,0 @@
-Configuration 'XOAPModuleTemplateDSC'
-{
- Import-DSCResource -Module 'XOAPModuleTemplateDSC' -Name 'XOAP_DSCResource' -ModuleVersion '0.0.1'
-
-
- Node 'XOAPModuleTemplateDSC'
- {
- XOAP_DSCResource 'XOAP_DSCResource'
- {
- }
- }
-}
-XOAPModuleTemplateDSC -OutputPath 'C:\XOAPModuleTemplateDSC'