diff --git a/DSCResources/Bitlocker/Bitlocker.psd1 b/DSCResources/Bitlocker/Bitlocker.psd1 index f5c06ba..ee303c6 100644 --- a/DSCResources/Bitlocker/Bitlocker.psd1 +++ b/DSCResources/Bitlocker/Bitlocker.psd1 @@ -12,7 +12,7 @@ RootModule = 'Bitlocker.schema.psm1' # Version number of this module. -ModuleVersion = '1.0.0' +ModuleVersion = '0.0.1' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/DSCResources/Bitlocker/Bitlocker.schema.psm1 b/DSCResources/Bitlocker/Bitlocker.schema.psm1 index 56618de..31a11c3 100644 --- a/DSCResources/Bitlocker/Bitlocker.schema.psm1 +++ b/DSCResources/Bitlocker/Bitlocker.schema.psm1 @@ -35,7 +35,7 @@ https://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7 https://www.powershellgallery.com/packages/WindowsDefender/1.0.0.4 #> -Configuration Windows_11_v22H2_Security_Baseline_Bitlocker +Configuration Bitlocker { Import-DSCResource -ModuleName 'PSDesiredStateConfiguration' @@ -43,104 +43,100 @@ Configuration Windows_11_v22H2_Security_Baseline_Bitlocker Import-DSCResource -ModuleName 'AuditPolicyDSC' -ModuleVersion '1.4.0.0' Import-DSCResource -ModuleName 'SecurityPolicyDSC' -ModuleVersion '2.10.0.0' - Node Windows_11_v22H2_Security_Baseline_Bitlocker - { - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseEnhancedPin' - { - ValueName = 'UseEnhancedPin' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\FVE' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\RDVDenyCrossOrg' - { - ValueName = 'RDVDenyCrossOrg' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\FVE' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\DisableExternalDMAUnderLock' - { - ValueName = 'DisableExternalDMAUnderLock' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\FVE' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab\DCSettingIndex' - { - ValueName = 'DCSettingIndex' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab\ACSettingIndex' - { - ValueName = 'ACSettingIndex' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses' - { - ValueName = 'DenyDeviceClasses' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClassesRetroactive' - { - ValueName = 'DenyDeviceClassesRetroactive' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions' - } - - <#RegistryPolicyFile 'DELVALS_\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses' - { - ValueName = '' - Exclusive = $True - ValueData = '' - Ensure = 'Present' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses' - }#> - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses\1' - { - ValueName = '1' - ValueData = '{d48179be-ec20-11d1-b6b8-00c04fa372a7}' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Policies\Microsoft\FVE\RDVDenyWriteAccess' - { - ValueName = 'RDVDenyWriteAccess' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\System\CurrentControlSet\Policies\Microsoft\FVE' - } - - RefreshRegistryPolicy 'ActivateClientSideExtension' - { - IsSingleInstance = 'Yes' - } + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseEnhancedPin' + { + ValueName = 'UseEnhancedPin' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\FVE' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\RDVDenyCrossOrg' + { + ValueName = 'RDVDenyCrossOrg' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\FVE' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\DisableExternalDMAUnderLock' + { + ValueName = 'DisableExternalDMAUnderLock' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\FVE' } -} + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab\DCSettingIndex' + { + ValueName = 'DCSettingIndex' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab\ACSettingIndex' + { + ValueName = 'ACSettingIndex' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses' + { + ValueName = 'DenyDeviceClasses' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClassesRetroactive' + { + ValueName = 'DenyDeviceClassesRetroactive' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions' + } + + <#RegistryPolicyFile 'DELVALS_\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses' + { + ValueName = '' + Exclusive = $True + ValueData = '' + Ensure = 'Present' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses' + }#> + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses\1' + { + ValueName = '1' + ValueData = '{d48179be-ec20-11d1-b6b8-00c04fa372a7}' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Policies\Microsoft\FVE\RDVDenyWriteAccess' + { + ValueName = 'RDVDenyWriteAccess' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\System\CurrentControlSet\Policies\Microsoft\FVE' + } + + RefreshRegistryPolicy 'ActivateClientSideExtension' + { + IsSingleInstance = 'Yes' + } +} diff --git a/DSCResources/Computer/Computer.psd1 b/DSCResources/Computer/Computer.psd1 index 0e76140..dcf753b 100644 --- a/DSCResources/Computer/Computer.psd1 +++ b/DSCResources/Computer/Computer.psd1 @@ -12,7 +12,7 @@ RootModule = 'Computer.schema.psm1' # Version number of this module. -ModuleVersion = '1.0.0' +ModuleVersion = '0.0.1' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/DSCResources/Computer/Computer.schema.psm1 b/DSCResources/Computer/Computer.schema.psm1 index 528e1de..d3e691b 100644 --- a/DSCResources/Computer/Computer.schema.psm1 +++ b/DSCResources/Computer/Computer.schema.psm1 @@ -35,7 +35,7 @@ https://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7 https://www.powershellgallery.com/packages/WindowsDefender/1.0.0.4 #> -Configuration Windows_11_v22H2_Security_Baseline_Computer +Configuration Computer { Import-DSCResource -ModuleName 'PSDesiredStateConfiguration' @@ -43,1713 +43,1709 @@ Configuration Windows_11_v22H2_Security_Baseline_Computer Import-DSCResource -ModuleName 'AuditPolicyDSC' -ModuleVersion '1.4.0.0' Import-DSCResource -ModuleName 'SecurityPolicyDSC' -ModuleVersion '2.10.0.0' - Node Windows_11_v22H2_Security_Baseline_Computer - { - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\WcmSvc\wifinetworkmanager\config\AutoConnectAllowedOEM' - { - ValueName = 'AutoConnectAllowedOEM' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\WcmSvc\wifinetworkmanager\config' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators' - { - ValueName = 'EnumerateAdministrators' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun' - { - ValueName = 'NoDriveTypeAutoRun' - ValueData = 255 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices' - { - ValueName = 'NoWebServices' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun' - { - ValueName = 'NoAutorun' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional' - { - ValueName = 'MSAOptional' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn' - { - ValueName = 'DisableAutomaticRestartSignOn' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy' - { - ValueName = 'LocalAccountTokenFilterPolicy' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableMPR' - { - ValueName = 'EnableMPR' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\AllowEncryptionOracle' - { - ValueName = 'AllowEncryptionOracle' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing' - { - ValueName = 'EnhancedAntiSpoofing' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Biometrics\FacialFeatures' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload' - { - ValueName = 'DisableEnclosureDownload' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex' - { - ValueName = 'DCSettingIndex' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex' - { - ValueName = 'ACSettingIndex' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppPrivacy\LetAppsActivateWithVoiceAboveLock' - { - ValueName = 'LetAppsActivateWithVoiceAboveLock' - ValueData = 2 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\AppPrivacy' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CloudContent\DisableWindowsConsumerFeatures' - { - ValueName = 'DisableWindowsConsumerFeatures' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CloudContent' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds' - { - ValueName = 'AllowProtectedCreds' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize' - { - ValueName = 'MaxSize' - ValueData = 32768 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize' - { - ValueName = 'MaxSize' - ValueData = 196608 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize' - { - ValueName = 'MaxSize' - ValueData = 32768 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume' - { - ValueName = 'NoAutoplayfornonVolume' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\GameDVR\AllowGameDVR' - { - ValueName = 'AllowGameDVR' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\GameDVR' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' - { - ValueName = 'NoGPOListChanges' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' - { - ValueName = 'NoBackgroundPolicy' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated' - { - ValueName = 'AlwaysInstallElevated' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Installer' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl' - { - ValueName = 'EnableUserControl' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Installer' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Kernel DMA Protection\DeviceEnumerationPolicy' - { - ValueName = 'DeviceEnumerationPolicy' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Kernel DMA Protection' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' - { - ValueName = 'AllowInsecureGuestAuth' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI' - { - ValueName = 'NC_ShowSharedAccessUI' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Network Connections' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\\*\SYSVOL' - { - ValueName = '\\*\SYSVOL' - ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\\*\NETLOGON' - { - ValueName = '\\*\NETLOGON' - ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenCamera' - { - ValueName = 'NoLockScreenCamera' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow' - { - ValueName = 'NoLockScreenSlideshow' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging' - { - ValueName = 'EnableScriptBlockLogging' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' - } - - RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging' - { - ValueName = 'EnableScriptBlockInvocationLogging' - ValueData = '' - Ensure = 'Absent' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\AllowDomainPINLogon' - { - ValueName = 'AllowDomainPINLogon' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers' - { - ValueName = 'EnumerateLocalUsers' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen' - { - ValueName = 'EnableSmartScreen' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel' - { - ValueName = 'ShellSmartScreenLevel' - ValueData = 'Block' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\AllowCustomSSPsAPs' - { - ValueName = 'AllowCustomSSPsAPs' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fBlockNonDomain' - { - ValueName = 'fBlockNonDomain' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems' - { - ValueName = 'AllowIndexingEncryptedStoresOrItems' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\Windows Search' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest' - { - ValueName = 'AllowDigest' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic' - { - ValueName = 'AllowUnencryptedTraffic' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic' - { - ValueName = 'AllowBasic' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic' - { - ValueName = 'AllowUnencryptedTraffic' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs' - { - ValueName = 'DisableRunAs' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic' - { - ValueName = 'AllowBasic' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components\NotifyMalicious' - { - ValueName = 'NotifyMalicious' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components\NotifyPasswordReuse' - { - ValueName = 'NotifyPasswordReuse' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components\NotifyUnsafeApp' - { - ValueName = 'NotifyUnsafeApp' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components\ServiceEnabled' - { - ValueName = 'ServiceEnabled' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast' - { - ValueName = 'EnableMulticast' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient\EnableNetbios' - { - ValueName = 'EnableNetbios' - ValueData = 2 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload' - { - ValueName = 'DisableWebPnPDownload' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RedirectionGuardPolicy' - { - ValueName = 'RedirectionGuardPolicy' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\CopyFilesPolicy' - { - ValueName = 'CopyFilesPolicy' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint\RestrictDriverInstallationToAdministrators' - { - ValueName = 'RestrictDriverInstallationToAdministrators' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\RpcUseNamedPipeProtocol' - { - ValueName = 'RpcUseNamedPipeProtocol' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\RpcAuthentication' - { - ValueName = 'RpcAuthentication' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\RpcProtocols' - { - ValueName = 'RpcProtocols' - ValueData = 5 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\ForceKerberosForRpc' - { - ValueName = 'ForceKerberosForRpc' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\RpcTcpPort' - { - ValueName = 'RpcTcpPort' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients' - { - ValueName = 'RestrictRemoteClients' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Rpc' - } - - RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\fUseMailto' - { - ValueName = 'fUseMailto' - ValueData = '' - Ensure = 'Absent' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp' - { - ValueName = 'fAllowToGetHelp' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowFullControl' - { - ValueName = 'fAllowFullControl' - ValueData = '' - Ensure = 'Absent' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiry' - { - ValueName = 'MaxTicketExpiry' - ValueData = '' - Ensure = 'Absent' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiryUnits' - { - ValueName = 'MaxTicketExpiryUnits' - ValueData = '' - Ensure = 'Absent' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel' - { - ValueName = 'MinEncryptionLevel' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword' - { - ValueName = 'fPromptForPassword' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm' - { - ValueName = 'fDisableCdm' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving' - { - ValueName = 'DisablePasswordSaving' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic' - { - ValueName = 'fEncryptRPCTraffic' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PolicyVersion' - { - ValueName = 'PolicyVersion' - ValueData = 538 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction' - { - ValueName = 'DefaultOutboundAction' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableNotifications' - { - ValueName = 'DisableNotifications' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall' - { - ValueName = 'EnableFirewall' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction' - { - ValueName = 'DefaultInboundAction' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogDroppedPackets' - { - ValueName = 'LogDroppedPackets' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFileSize' - { - ValueName = 'LogFileSize' - ValueData = 16384 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogSuccessfulConnections' - { - ValueName = 'LogSuccessfulConnections' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall' - { - ValueName = 'EnableFirewall' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableNotifications' - { - ValueName = 'DisableNotifications' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction' - { - ValueName = 'DefaultInboundAction' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction' - { - ValueName = 'DefaultOutboundAction' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogSuccessfulConnections' - { - ValueName = 'LogSuccessfulConnections' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogDroppedPackets' - { - ValueName = 'LogDroppedPackets' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogFileSize' - { - ValueName = 'LogFileSize' - ValueData = 16384 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction' - { - ValueName = 'DefaultOutboundAction' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall' - { - ValueName = 'EnableFirewall' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableNotifications' - { - ValueName = 'DisableNotifications' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge' - { - ValueName = 'AllowLocalIPsecPolicyMerge' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge' - { - ValueName = 'AllowLocalPolicyMerge' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction' - { - ValueName = 'DefaultInboundAction' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogFileSize' - { - ValueName = 'LogFileSize' - ValueData = 16384 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogDroppedPackets' - { - ValueName = 'LogDroppedPackets' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogSuccessfulConnections' - { - ValueName = 'LogSuccessfulConnections' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace\AllowWindowsInkWorkspace' - { - ValueName = 'AllowWindowsInkWorkspace' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft Services\AdmPwd\AdmPwdEnabled' - { - ValueName = 'AdmPwdEnabled' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft Services\AdmPwd' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL' - { - ValueName = 'RunAsPPL' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Print\RpcAuthnLevelPrivacyEnabled' - { - ValueName = 'RpcAuthnLevelPrivacyEnabled' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\Print' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential' - { - ValueName = 'UseLogonCredential' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation' - { - ValueName = 'DisableExceptionChainValidation' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy' - { - ValueName = 'DriverLoadPolicy' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1' - { - ValueName = 'SMB1' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start' - { - ValueName = 'Start' - ValueData = 4 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand' - { - ValueName = 'NoNameReleaseOnDemand' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NodeType' - { - ValueName = 'NodeType' - ValueData = 2 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect' - { - ValueName = 'EnableICMPRedirect' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting' - { - ValueName = 'DisableIPSourceRouting' - ValueData = 2 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting' - { - ValueName = 'DisableIPSourceRouting' - ValueData = 2 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' - } - - AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion' - { - Name = 'Credential Validation' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion' - { - Name = 'Credential Validation' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion' - { - Name = 'Security Group Management' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion' - { - Name = 'Security Group Management' - Ensure = 'Absent' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion' - { - Name = 'User Account Management' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion' - { - Name = 'User Account Management' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion' - { - Name = 'Plug and Play Events' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion' - { - Name = 'Plug and Play Events' - Ensure = 'Absent' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion' - { - Name = 'Process Creation' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion' - { - Name = 'Process Creation' - Ensure = 'Absent' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion' - { - Name = 'Account Lockout' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion' - { - Name = 'Account Lockout' - Ensure = 'Absent' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion' - { - Name = 'Group Membership' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion' - { - Name = 'Group Membership' - Ensure = 'Absent' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Logon (Success) - Inclusion' - { - Name = 'Logon' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion' - { - Name = 'Logon' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Success) - Inclusion' - { - Name = 'Other Logon/Logoff Events' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Failure) - Inclusion' - { - Name = 'Other Logon/Logoff Events' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion' - { - Name = 'Special Logon' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion' - { - Name = 'Special Logon' - Ensure = 'Absent' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Detailed File Share (Failure) - Inclusion' - { - Name = 'Detailed File Share' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Detailed File Share (Success) - Inclusion' - { - Name = 'Detailed File Share' - Ensure = 'Absent' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit File Share (Success) - Inclusion' - { - Name = 'File Share' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit File Share (Failure) - Inclusion' - { - Name = 'File Share' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion' - { - Name = 'Other Object Access Events' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion' - { - Name = 'Other Object Access Events' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion' - { - Name = 'Removable Storage' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion' - { - Name = 'Removable Storage' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion' - { - Name = 'Audit Policy Change' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion' - { - Name = 'Audit Policy Change' - Ensure = 'Absent' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion' - { - Name = 'Authentication Policy Change' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion' - { - Name = 'Authentication Policy Change' - Ensure = 'Absent' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Success) - Inclusion' - { - Name = 'MPSSVC Rule-Level Policy Change' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Failure) - Inclusion' - { - Name = 'MPSSVC Rule-Level Policy Change' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Other Policy Change Events (Failure) - Inclusion' - { - Name = 'Other Policy Change Events' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Other Policy Change Events (Success) - Inclusion' - { - Name = 'Other Policy Change Events' - Ensure = 'Absent' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion' - { - Name = 'Sensitive Privilege Use' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion' - { - Name = 'Sensitive Privilege Use' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion' - { - Name = 'Other System Events' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion' - { - Name = 'Other System Events' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion' - { - Name = 'Security State Change' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion' - { - Name = 'Security State Change' - Ensure = 'Absent' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion' - { - Name = 'Security System Extension' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion' - { - Name = 'Security System Extension' - Ensure = 'Absent' - AuditFlag = 'Failure' - } - - AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion' - { - Name = 'System Integrity' - Ensure = 'Present' - AuditFlag = 'Success' - } - - AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion' - { - Name = 'System Integrity' - Ensure = 'Present' - AuditFlag = 'Failure' - } - - UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs' - { - Policy = 'Debug_programs' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks' - { - Policy = 'Perform_volume_maintenance_tasks' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services' - { - Policy = 'Deny_log_on_through_Remote_Desktop_Services' - Force = $True - Identity = @('*S-1-5-113') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system' - { - Policy = 'Act_as_part_of_the_operating_system' - Force = $True - Identity = @('') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system' - { - Policy = 'Force_shutdown_from_a_remote_system' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories' - { - Policy = 'Back_up_files_and_directories' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers' - { - Policy = 'Load_and_unload_device_drivers' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory' - { - Policy = 'Lock_pages_in_memory' - Force = $True - Identity = @('') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile' - { - Policy = 'Create_a_pagefile' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values' - { - Policy = 'Modify_firmware_environment_values' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object' - { - Policy = 'Create_a_token_object' - Force = $True - Identity = @('') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log' - { - Policy = 'Manage_auditing_and_security_log' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects' - { - Policy = 'Take_ownership_of_files_or_other_objects' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects' - { - Policy = 'Create_global_objects' - Force = $True - Identity = @('*S-1-5-32-544', '*S-1-5-6', '*S-1-5-19', '*S-1-5-20') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories' - { - Policy = 'Restore_files_and_directories' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network' - { - Policy = 'Access_this_computer_from_the_network' - Force = $True - Identity = @('*S-1-5-32-544', '*S-1-5-32-555') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process' - { - Policy = 'Profile_single_process' - Force = $True - Identity = @('*S-1-5-32-544') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation' - { - Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation' - Force = $True - Identity = @('') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication' - { - Policy = 'Impersonate_a_client_after_authentication' - Force = $True - Identity = @('*S-1-5-32-544', '*S-1-5-6', '*S-1-5-19', '*S-1-5-20') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects' - { - Policy = 'Create_permanent_shared_objects' - Force = $True - Identity = @('') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally' - { - Policy = 'Allow_log_on_locally' - Force = $True - Identity = @('*S-1-5-32-544', '*S-1-5-32-545') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network' - { - Policy = 'Deny_access_to_this_computer_from_the_network' - Force = $True - Identity = @('*S-1-5-113') - } - - UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller' - { - Policy = 'Access_Credential_Manager_as_a_trusted_caller' - Force = $True - Identity = @('') - } - - SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' - { - Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' - Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled' - } - - SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior' - { - Name = 'Interactive_logon_Smart_card_removal_behavior' - Interactive_logon_Smart_card_removal_behavior = 'Lock workstation' - } - - SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation' - { - User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled' - Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation' - } - - SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' - { - System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled' - Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' - } - - SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' - { - User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled' - Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' - } - - SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' - { - Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' - Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' - { - Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked' - Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' - } - - SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' - { - Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' - User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request' - } - - SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' - { - Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled' - Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' - } - - SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always' - { - Microsoft_network_client_Digitally_sign_communications_always = 'Enabled' - Name = 'Microsoft_network_client_Digitally_sign_communications_always' - } - - SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback' - { - Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback' - Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled' - } - - SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' - { - Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled' - Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' - } - - SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level' - { - Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM' - Name = 'Network_security_LAN_Manager_authentication_level' - } - - SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' - { - Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' - Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' - { - Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked' - Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' - } - - SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' - { - Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' - Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always' - { - Name = 'Microsoft_network_server_Digitally_sign_communications_always' - Microsoft_network_server_Digitally_sign_communications_always = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key' - { - Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key' - Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' - { - Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' - Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible' - { - Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible' - Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM' - { - Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = 'O:BAG:BAD:(A;;RC;;;BA)' - Name = 'Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM' - } - - SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements' - { - Name = 'Network_security_LDAP_client_signing_requirements' - Network_security_LDAP_client_signing_requirements = 'Negotiate Signing' - } - - SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' - { - Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' - User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' - { - Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' - User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' - { - Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' - Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' - } - - SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' - { - Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' - User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled' - } - - SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' - { - Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' - User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop' - } - - SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible' - { - Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled' - Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible' - } - - SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit' - { - Interactive_logon_Machine_inactivity_limit = '900' - Name = 'Interactive_logon_Machine_inactivity_limit' - } - - SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup' - { - Name = 'Network_access_Allow_anonymous_SID_Name_translation' - Network_access_Allow_anonymous_SID_Name_translation = 'Disabled' - } - - Service 'Services(INF): XboxGipSvc' - { - Name = 'XboxGipSvc' - State = 'Stopped' - } - - Service 'Services(INF): XblAuthManager' - { - Name = 'XblAuthManager' - State = 'Stopped' - } - - Service 'Services(INF): XblGameSave' - { - Name = 'XblGameSave' - State = 'Stopped' - } - - Service 'Services(INF): XboxNetApiSvc' - { - Name = 'XboxNetApiSvc' - State = 'Stopped' - } - - RefreshRegistryPolicy 'ActivateClientSideExtension' - { - IsSingleInstance = 'Yes' - } + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\WcmSvc\wifinetworkmanager\config\AutoConnectAllowedOEM' + { + ValueName = 'AutoConnectAllowedOEM' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\WcmSvc\wifinetworkmanager\config' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators' + { + ValueName = 'EnumerateAdministrators' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun' + { + ValueName = 'NoDriveTypeAutoRun' + ValueData = 255 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices' + { + ValueName = 'NoWebServices' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun' + { + ValueName = 'NoAutorun' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional' + { + ValueName = 'MSAOptional' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn' + { + ValueName = 'DisableAutomaticRestartSignOn' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy' + { + ValueName = 'LocalAccountTokenFilterPolicy' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableMPR' + { + ValueName = 'EnableMPR' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\AllowEncryptionOracle' + { + ValueName = 'AllowEncryptionOracle' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing' + { + ValueName = 'EnhancedAntiSpoofing' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Biometrics\FacialFeatures' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload' + { + ValueName = 'DisableEnclosureDownload' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex' + { + ValueName = 'DCSettingIndex' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex' + { + ValueName = 'ACSettingIndex' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppPrivacy\LetAppsActivateWithVoiceAboveLock' + { + ValueName = 'LetAppsActivateWithVoiceAboveLock' + ValueData = 2 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\AppPrivacy' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CloudContent\DisableWindowsConsumerFeatures' + { + ValueName = 'DisableWindowsConsumerFeatures' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CloudContent' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds' + { + ValueName = 'AllowProtectedCreds' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize' + { + ValueName = 'MaxSize' + ValueData = 32768 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize' + { + ValueName = 'MaxSize' + ValueData = 196608 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize' + { + ValueName = 'MaxSize' + ValueData = 32768 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume' + { + ValueName = 'NoAutoplayfornonVolume' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\GameDVR\AllowGameDVR' + { + ValueName = 'AllowGameDVR' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\GameDVR' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' + { + ValueName = 'NoGPOListChanges' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' + { + ValueName = 'NoBackgroundPolicy' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated' + { + ValueName = 'AlwaysInstallElevated' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Installer' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl' + { + ValueName = 'EnableUserControl' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Installer' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Kernel DMA Protection\DeviceEnumerationPolicy' + { + ValueName = 'DeviceEnumerationPolicy' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Kernel DMA Protection' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' + { + ValueName = 'AllowInsecureGuestAuth' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI' + { + ValueName = 'NC_ShowSharedAccessUI' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Network Connections' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\\*\SYSVOL' + { + ValueName = '\\*\SYSVOL' + ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\\*\NETLOGON' + { + ValueName = '\\*\NETLOGON' + ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenCamera' + { + ValueName = 'NoLockScreenCamera' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow' + { + ValueName = 'NoLockScreenSlideshow' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging' + { + ValueName = 'EnableScriptBlockLogging' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + } + + RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging' + { + ValueName = 'EnableScriptBlockInvocationLogging' + ValueData = '' + Ensure = 'Absent' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\AllowDomainPINLogon' + { + ValueName = 'AllowDomainPINLogon' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers' + { + ValueName = 'EnumerateLocalUsers' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen' + { + ValueName = 'EnableSmartScreen' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel' + { + ValueName = 'ShellSmartScreenLevel' + ValueData = 'Block' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\AllowCustomSSPsAPs' + { + ValueName = 'AllowCustomSSPsAPs' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\System' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fBlockNonDomain' + { + ValueName = 'fBlockNonDomain' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems' + { + ValueName = 'AllowIndexingEncryptedStoresOrItems' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\Windows Search' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest' + { + ValueName = 'AllowDigest' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic' + { + ValueName = 'AllowUnencryptedTraffic' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic' + { + ValueName = 'AllowBasic' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic' + { + ValueName = 'AllowUnencryptedTraffic' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs' + { + ValueName = 'DisableRunAs' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic' + { + ValueName = 'AllowBasic' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components\NotifyMalicious' + { + ValueName = 'NotifyMalicious' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components\NotifyPasswordReuse' + { + ValueName = 'NotifyPasswordReuse' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components\NotifyUnsafeApp' + { + ValueName = 'NotifyUnsafeApp' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components\ServiceEnabled' + { + ValueName = 'ServiceEnabled' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast' + { + ValueName = 'EnableMulticast' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient\EnableNetbios' + { + ValueName = 'EnableNetbios' + ValueData = 2 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload' + { + ValueName = 'DisableWebPnPDownload' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RedirectionGuardPolicy' + { + ValueName = 'RedirectionGuardPolicy' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\CopyFilesPolicy' + { + ValueName = 'CopyFilesPolicy' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint\RestrictDriverInstallationToAdministrators' + { + ValueName = 'RestrictDriverInstallationToAdministrators' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\RpcUseNamedPipeProtocol' + { + ValueName = 'RpcUseNamedPipeProtocol' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\RpcAuthentication' + { + ValueName = 'RpcAuthentication' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\RpcProtocols' + { + ValueName = 'RpcProtocols' + ValueData = 5 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\ForceKerberosForRpc' + { + ValueName = 'ForceKerberosForRpc' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC\RpcTcpPort' + { + ValueName = 'RpcTcpPort' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients' + { + ValueName = 'RestrictRemoteClients' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Rpc' + } + + RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\fUseMailto' + { + ValueName = 'fUseMailto' + ValueData = '' + Ensure = 'Absent' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp' + { + ValueName = 'fAllowToGetHelp' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowFullControl' + { + ValueName = 'fAllowFullControl' + ValueData = '' + Ensure = 'Absent' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiry' + { + ValueName = 'MaxTicketExpiry' + ValueData = '' + Ensure = 'Absent' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiryUnits' + { + ValueName = 'MaxTicketExpiryUnits' + ValueData = '' + Ensure = 'Absent' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel' + { + ValueName = 'MinEncryptionLevel' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword' + { + ValueName = 'fPromptForPassword' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm' + { + ValueName = 'fDisableCdm' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving' + { + ValueName = 'DisablePasswordSaving' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic' + { + ValueName = 'fEncryptRPCTraffic' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PolicyVersion' + { + ValueName = 'PolicyVersion' + ValueData = 538 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction' + { + ValueName = 'DefaultOutboundAction' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableNotifications' + { + ValueName = 'DisableNotifications' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall' + { + ValueName = 'EnableFirewall' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction' + { + ValueName = 'DefaultInboundAction' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogDroppedPackets' + { + ValueName = 'LogDroppedPackets' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFileSize' + { + ValueName = 'LogFileSize' + ValueData = 16384 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogSuccessfulConnections' + { + ValueName = 'LogSuccessfulConnections' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall' + { + ValueName = 'EnableFirewall' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableNotifications' + { + ValueName = 'DisableNotifications' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction' + { + ValueName = 'DefaultInboundAction' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction' + { + ValueName = 'DefaultOutboundAction' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogSuccessfulConnections' + { + ValueName = 'LogSuccessfulConnections' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogDroppedPackets' + { + ValueName = 'LogDroppedPackets' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogFileSize' + { + ValueName = 'LogFileSize' + ValueData = 16384 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction' + { + ValueName = 'DefaultOutboundAction' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall' + { + ValueName = 'EnableFirewall' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableNotifications' + { + ValueName = 'DisableNotifications' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge' + { + ValueName = 'AllowLocalIPsecPolicyMerge' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge' + { + ValueName = 'AllowLocalPolicyMerge' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction' + { + ValueName = 'DefaultInboundAction' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogFileSize' + { + ValueName = 'LogFileSize' + ValueData = 16384 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogDroppedPackets' + { + ValueName = 'LogDroppedPackets' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogSuccessfulConnections' + { + ValueName = 'LogSuccessfulConnections' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace\AllowWindowsInkWorkspace' + { + ValueName = 'AllowWindowsInkWorkspace' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft Services\AdmPwd\AdmPwdEnabled' + { + ValueName = 'AdmPwdEnabled' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft Services\AdmPwd' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL' + { + ValueName = 'RunAsPPL' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Print\RpcAuthnLevelPrivacyEnabled' + { + ValueName = 'RpcAuthnLevelPrivacyEnabled' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\Print' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential' + { + ValueName = 'UseLogonCredential' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation' + { + ValueName = 'DisableExceptionChainValidation' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy' + { + ValueName = 'DriverLoadPolicy' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1' + { + ValueName = 'SMB1' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start' + { + ValueName = 'Start' + ValueData = 4 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand' + { + ValueName = 'NoNameReleaseOnDemand' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NodeType' + { + ValueName = 'NodeType' + ValueData = 2 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect' + { + ValueName = 'EnableICMPRedirect' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting' + { + ValueName = 'DisableIPSourceRouting' + ValueData = 2 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting' + { + ValueName = 'DisableIPSourceRouting' + ValueData = 2 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' + } + + AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion' + { + Name = 'Credential Validation' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion' + { + Name = 'Credential Validation' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion' + { + Name = 'Security Group Management' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion' + { + Name = 'Security Group Management' + Ensure = 'Absent' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion' + { + Name = 'User Account Management' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion' + { + Name = 'User Account Management' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion' + { + Name = 'Plug and Play Events' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion' + { + Name = 'Plug and Play Events' + Ensure = 'Absent' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion' + { + Name = 'Process Creation' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion' + { + Name = 'Process Creation' + Ensure = 'Absent' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion' + { + Name = 'Account Lockout' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion' + { + Name = 'Account Lockout' + Ensure = 'Absent' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion' + { + Name = 'Group Membership' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion' + { + Name = 'Group Membership' + Ensure = 'Absent' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Logon (Success) - Inclusion' + { + Name = 'Logon' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion' + { + Name = 'Logon' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Success) - Inclusion' + { + Name = 'Other Logon/Logoff Events' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Failure) - Inclusion' + { + Name = 'Other Logon/Logoff Events' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion' + { + Name = 'Special Logon' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion' + { + Name = 'Special Logon' + Ensure = 'Absent' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Detailed File Share (Failure) - Inclusion' + { + Name = 'Detailed File Share' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Detailed File Share (Success) - Inclusion' + { + Name = 'Detailed File Share' + Ensure = 'Absent' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit File Share (Success) - Inclusion' + { + Name = 'File Share' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit File Share (Failure) - Inclusion' + { + Name = 'File Share' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion' + { + Name = 'Other Object Access Events' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion' + { + Name = 'Other Object Access Events' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion' + { + Name = 'Removable Storage' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion' + { + Name = 'Removable Storage' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion' + { + Name = 'Audit Policy Change' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion' + { + Name = 'Audit Policy Change' + Ensure = 'Absent' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion' + { + Name = 'Authentication Policy Change' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion' + { + Name = 'Authentication Policy Change' + Ensure = 'Absent' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Success) - Inclusion' + { + Name = 'MPSSVC Rule-Level Policy Change' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Failure) - Inclusion' + { + Name = 'MPSSVC Rule-Level Policy Change' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Other Policy Change Events (Failure) - Inclusion' + { + Name = 'Other Policy Change Events' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Other Policy Change Events (Success) - Inclusion' + { + Name = 'Other Policy Change Events' + Ensure = 'Absent' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion' + { + Name = 'Sensitive Privilege Use' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion' + { + Name = 'Sensitive Privilege Use' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion' + { + Name = 'Other System Events' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion' + { + Name = 'Other System Events' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion' + { + Name = 'Security State Change' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion' + { + Name = 'Security State Change' + Ensure = 'Absent' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion' + { + Name = 'Security System Extension' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion' + { + Name = 'Security System Extension' + Ensure = 'Absent' + AuditFlag = 'Failure' + } + + AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion' + { + Name = 'System Integrity' + Ensure = 'Present' + AuditFlag = 'Success' + } + + AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion' + { + Name = 'System Integrity' + Ensure = 'Present' + AuditFlag = 'Failure' + } + + UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs' + { + Policy = 'Debug_programs' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks' + { + Policy = 'Perform_volume_maintenance_tasks' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services' + { + Policy = 'Deny_log_on_through_Remote_Desktop_Services' + Force = $True + Identity = @('*S-1-5-113') } -} + UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system' + { + Policy = 'Act_as_part_of_the_operating_system' + Force = $True + Identity = @('') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system' + { + Policy = 'Force_shutdown_from_a_remote_system' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories' + { + Policy = 'Back_up_files_and_directories' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers' + { + Policy = 'Load_and_unload_device_drivers' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory' + { + Policy = 'Lock_pages_in_memory' + Force = $True + Identity = @('') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile' + { + Policy = 'Create_a_pagefile' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values' + { + Policy = 'Modify_firmware_environment_values' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object' + { + Policy = 'Create_a_token_object' + Force = $True + Identity = @('') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log' + { + Policy = 'Manage_auditing_and_security_log' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects' + { + Policy = 'Take_ownership_of_files_or_other_objects' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects' + { + Policy = 'Create_global_objects' + Force = $True + Identity = @('*S-1-5-32-544', '*S-1-5-6', '*S-1-5-19', '*S-1-5-20') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories' + { + Policy = 'Restore_files_and_directories' + Force = $True + Identity = @('*S-1-5-32-544') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network' + { + Policy = 'Access_this_computer_from_the_network' + Force = $True + Identity = @('*S-1-5-32-544', '*S-1-5-32-555') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process' + { + Policy = 'Profile_single_process' + Force = $True + Identity = @('*S-1-5-32-544') + } + UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation' + { + Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation' + Force = $True + Identity = @('') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication' + { + Policy = 'Impersonate_a_client_after_authentication' + Force = $True + Identity = @('*S-1-5-32-544', '*S-1-5-6', '*S-1-5-19', '*S-1-5-20') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects' + { + Policy = 'Create_permanent_shared_objects' + Force = $True + Identity = @('') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally' + { + Policy = 'Allow_log_on_locally' + Force = $True + Identity = @('*S-1-5-32-544', '*S-1-5-32-545') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network' + { + Policy = 'Deny_access_to_this_computer_from_the_network' + Force = $True + Identity = @('*S-1-5-113') + } + + UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller' + { + Policy = 'Access_Credential_Manager_as_a_trusted_caller' + Force = $True + Identity = @('') + } + + SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' + { + Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' + Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers = 'Disabled' + } + + SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior' + { + Name = 'Interactive_logon_Smart_card_removal_behavior' + Interactive_logon_Smart_card_removal_behavior = 'Lock workstation' + } + + SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation' + { + User_Account_Control_Detect_application_installations_and_prompt_for_elevation = 'Enabled' + Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation' + } + + SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' + { + System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links = 'Enabled' + Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' + } + + SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' + { + User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations = 'Enabled' + Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' + } + + SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' + { + Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' + Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled' + } + + SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' + { + Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked' + Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' + } + + SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' + { + Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' + User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users = 'Automatically deny elevation request' + } + + SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' + { + Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled' + Name = 'Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' + } + + SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always' + { + Microsoft_network_client_Digitally_sign_communications_always = 'Enabled' + Name = 'Microsoft_network_client_Digitally_sign_communications_always' + } + + SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback' + { + Name = 'Network_security_Allow_LocalSystem_NULL_session_fallback' + Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled' + } + + SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' + { + Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled' + Name = 'Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' + } + + SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level' + { + Network_security_LAN_Manager_authentication_level = 'Send NTLMv2 responses only. Refuse LM & NTLM' + Name = 'Network_security_LAN_Manager_authentication_level' + } + + SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' + { + Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' + Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always = 'Enabled' + } + + SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' + { + Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked' + Name = 'Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' + } + + SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' + { + Name = 'Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' + Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled' + } + + SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always' + { + Name = 'Microsoft_network_server_Digitally_sign_communications_always' + Microsoft_network_server_Digitally_sign_communications_always = 'Enabled' + } + + SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key' + { + Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key' + Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled' + } + + SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' + { + Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' + Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = 'Enabled' + } + + SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible' + { + Name = 'Domain_member_Digitally_encrypt_secure_channel_data_when_possible' + Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled' + } + + # needs to be tested + #SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM' + #{ + # Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = 'O:BAG:BAD:(A;;RC;;;BA)' + # Name = 'Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM' + #} + + SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements' + { + Name = 'Network_security_LDAP_client_signing_requirements' + Network_security_LDAP_client_signing_requirements = 'Negotiate Signing' + } + + SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' + { + Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' + User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode = 'Enabled' + } + + SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' + { + Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' + User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations = 'Enabled' + } + + SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' + { + Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' + Name = 'Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' + } + + SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' + { + Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' + User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account = 'Enabled' + } + + SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' + { + Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' + User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop' + } + + SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible' + { + Domain_member_Digitally_sign_secure_channel_data_when_possible = 'Enabled' + Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible' + } + + SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit' + { + Interactive_logon_Machine_inactivity_limit = '900' + Name = 'Interactive_logon_Machine_inactivity_limit' + } + + SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup' + { + Name = 'Network_access_Allow_anonymous_SID_Name_translation' + Network_access_Allow_anonymous_SID_Name_translation = 'Disabled' + } + + Service 'Services(INF): XboxGipSvc' + { + Name = 'XboxGipSvc' + State = 'Stopped' + } + + Service 'Services(INF): XblAuthManager' + { + Name = 'XblAuthManager' + State = 'Stopped' + } + + Service 'Services(INF): XblGameSave' + { + Name = 'XblGameSave' + State = 'Stopped' + } + + Service 'Services(INF): XboxNetApiSvc' + { + Name = 'XboxNetApiSvc' + State = 'Stopped' + } + + RefreshRegistryPolicy 'ActivateClientSideExtension' + { + IsSingleInstance = 'Yes' + } +} diff --git a/DSCResources/CredentialGuard/CredentialGuard.psd1 b/DSCResources/CredentialGuard/CredentialGuard.psd1 index 2b1c143..7727dfd 100644 --- a/DSCResources/CredentialGuard/CredentialGuard.psd1 +++ b/DSCResources/CredentialGuard/CredentialGuard.psd1 @@ -12,7 +12,7 @@ RootModule = 'CredentialGuard.schema.psm1' # Version number of this module. -ModuleVersion = '1.0.0' +ModuleVersion = '0.0.1' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/DSCResources/CredentialGuard/CredentialGuard.schema.psm1 b/DSCResources/CredentialGuard/CredentialGuard.schema.psm1 index 83c1701..2c2f212 100644 --- a/DSCResources/CredentialGuard/CredentialGuard.schema.psm1 +++ b/DSCResources/CredentialGuard/CredentialGuard.schema.psm1 @@ -35,83 +35,78 @@ https://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7 https://www.powershellgallery.com/packages/WindowsDefender/1.0.0.4 #> -Configuration Windows_11_v22H2_Security_Baseline_CredentialGuard +Configuration CredentialGuard { Import-DSCResource -ModuleName 'PSDesiredStateConfiguration' Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' -ModuleVersion '1.2.0' Import-DSCResource -ModuleName 'AuditPolicyDSC' -ModuleVersion '1.4.0.0' Import-DSCResource -ModuleName 'SecurityPolicyDSC' -ModuleVersion '2.10.0.0' - Node Windows_11_v22H2_Security_Baseline_CredentialGuard - { - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity' - { - ValueName = 'EnableVirtualizationBasedSecurity' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures' - { - ValueName = 'RequirePlatformSecurityFeatures' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity' - { - ValueName = 'HypervisorEnforcedCodeIntegrity' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired' - { - ValueName = 'HVCIMATRequired' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags' - { - ValueName = 'LsaCfgFlags' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch' - { - ValueName = 'ConfigureSystemGuardLaunch' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\ConfigureKernelShadowStacksLaunch' - { - ValueName = 'ConfigureKernelShadowStacksLaunch' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' - } - - RefreshRegistryPolicy 'ActivateClientSideExtension' - { - IsSingleInstance = 'Yes' - } - } + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity' + { + ValueName = 'EnableVirtualizationBasedSecurity' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures' + { + ValueName = 'RequirePlatformSecurityFeatures' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity' + { + ValueName = 'HypervisorEnforcedCodeIntegrity' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired' + { + ValueName = 'HVCIMATRequired' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags' + { + ValueName = 'LsaCfgFlags' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch' + { + ValueName = 'ConfigureSystemGuardLaunch' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\ConfigureKernelShadowStacksLaunch' + { + ValueName = 'ConfigureKernelShadowStacksLaunch' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + } + + RefreshRegistryPolicy 'ActivateClientSideExtension' + { + IsSingleInstance = 'Yes' + } } - - diff --git a/DSCResources/DefenderAntivirus/DefenderAntivirus.psd1 b/DSCResources/DefenderAntivirus/DefenderAntivirus.psd1 index e3edfde..a5cfdbd 100644 --- a/DSCResources/DefenderAntivirus/DefenderAntivirus.psd1 +++ b/DSCResources/DefenderAntivirus/DefenderAntivirus.psd1 @@ -12,7 +12,7 @@ RootModule = 'DefenderAntivirus.schema.psm1' # Version number of this module. -ModuleVersion = '1.0.0' +ModuleVersion = '0.0.1' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/DSCResources/DefenderAntivirus/DefenderAntivirus.schema.psm1 b/DSCResources/DefenderAntivirus/DefenderAntivirus.schema.psm1 index 685fc53..e667d5e 100644 --- a/DSCResources/DefenderAntivirus/DefenderAntivirus.schema.psm1 +++ b/DSCResources/DefenderAntivirus/DefenderAntivirus.schema.psm1 @@ -35,254 +35,249 @@ https://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7 https://www.powershellgallery.com/packages/WindowsDefender/1.0.0.4 #> -Configuration 'Windows_11_v22H2_Security_Baseline_Windows_Defender' +Configuration DefenderAntivirus { Import-DSCResource -ModuleName 'PSDesiredStateConfiguration' Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' -ModuleVersion '1.2.0' Import-DSCResource -ModuleName 'AuditPolicyDSC' -ModuleVersion '1.4.0.0' Import-DSCResource -ModuleName 'SecurityPolicyDSC' -ModuleVersion '2.10.0.0' - Node 'Windows_11_v22H2_Security_Baseline_Windows_Defender' - { - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\PUAProtection' - { - ValueName = 'PUAProtection' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\MpEngine\MpCloudBlockLevel' - { - ValueName = 'MpCloudBlockLevel' - ValueData = 2 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\MpEngine' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection' - { - ValueName = 'DisableIOAVProtection' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring' - { - ValueName = 'DisableRealtimeMonitoring' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScriptScanning' - { - ValueName = 'DisableScriptScanning' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring' - { - ValueName = 'DisableBehaviorMonitoring' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\DisableRemovableDriveScanning' - { - ValueName = 'DisableRemovableDriveScanning' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Scan' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent' - { - ValueName = 'SubmitSamplesConsent' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SpynetReporting' - { - ValueName = 'SpynetReporting' - ValueData = 2 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\DisableBlockAtFirstSeen' - { - ValueName = 'DisableBlockAtFirstSeen' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ExploitGuard_ASR_Rules' - { - ValueName = 'ExploitGuard_ASR_Rules' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84' - { - ValueName = '75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3b576869-a4ec-4529-8536-b80a7769e899' - { - ValueName = '3b576869-a4ec-4529-8536-b80a7769e899' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d4f940ab-401b-4efc-aadc-ad5f3c50688a' - { - ValueName = 'd4f940ab-401b-4efc-aadc-ad5f3c50688a' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B' - { - ValueName = '92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5beb7efe-fd9a-4556-801d-275e5ffc04cc' - { - ValueName = '5beb7efe-fd9a-4556-801d-275e5ffc04cc' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d3e037e1-3eb8-44c8-a917-57927947596d' - { - ValueName = 'd3e037e1-3eb8-44c8-a917-57927947596d' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' - { - ValueName = 'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' - { - ValueName = '9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4' - { - ValueName = 'b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869' - { - ValueName = '26190899-1602-49e8-8b27-eb1d0a1ce869' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' - { - ValueName = '7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35' - { - ValueName = 'c1db55ab-c21a-4637-bb3f-a12568109d35' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b' - { - ValueName = 'e6db77e5-3df2-4cf1-b95a-636979351e5b' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5' - { - ValueName = '56a863a9-875e-4185-98a7-b882c64b5ce5' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection\EnableNetworkProtection' - { - ValueName = 'EnableNetworkProtection' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection' - } - - RefreshRegistryPolicy 'ActivateClientSideExtension' - { - IsSingleInstance = 'Yes' - } - } + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\PUAProtection' + { + ValueName = 'PUAProtection' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\MpEngine\MpCloudBlockLevel' + { + ValueName = 'MpCloudBlockLevel' + ValueData = 2 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\MpEngine' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection' + { + ValueName = 'DisableIOAVProtection' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring' + { + ValueName = 'DisableRealtimeMonitoring' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScriptScanning' + { + ValueName = 'DisableScriptScanning' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring' + { + ValueName = 'DisableBehaviorMonitoring' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\DisableRemovableDriveScanning' + { + ValueName = 'DisableRemovableDriveScanning' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Scan' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent' + { + ValueName = 'SubmitSamplesConsent' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SpynetReporting' + { + ValueName = 'SpynetReporting' + ValueData = 2 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\DisableBlockAtFirstSeen' + { + ValueName = 'DisableBlockAtFirstSeen' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ExploitGuard_ASR_Rules' + { + ValueName = 'ExploitGuard_ASR_Rules' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84' + { + ValueName = '75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3b576869-a4ec-4529-8536-b80a7769e899' + { + ValueName = '3b576869-a4ec-4529-8536-b80a7769e899' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d4f940ab-401b-4efc-aadc-ad5f3c50688a' + { + ValueName = 'd4f940ab-401b-4efc-aadc-ad5f3c50688a' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B' + { + ValueName = '92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5beb7efe-fd9a-4556-801d-275e5ffc04cc' + { + ValueName = '5beb7efe-fd9a-4556-801d-275e5ffc04cc' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d3e037e1-3eb8-44c8-a917-57927947596d' + { + ValueName = 'd3e037e1-3eb8-44c8-a917-57927947596d' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' + { + ValueName = 'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' + { + ValueName = '9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4' + { + ValueName = 'b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869' + { + ValueName = '26190899-1602-49e8-8b27-eb1d0a1ce869' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' + { + ValueName = '7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35' + { + ValueName = 'c1db55ab-c21a-4637-bb3f-a12568109d35' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b' + { + ValueName = 'e6db77e5-3df2-4cf1-b95a-636979351e5b' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5' + { + ValueName = '56a863a9-875e-4185-98a7-b882c64b5ce5' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection\EnableNetworkProtection' + { + ValueName = 'EnableNetworkProtection' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection' + } + + RefreshRegistryPolicy 'ActivateClientSideExtension' + { + IsSingleInstance = 'Yes' + } } - - diff --git a/DSCResources/DomainSecurity/DomainSecurity.psd1 b/DSCResources/DomainSecurity/DomainSecurity.psd1 index b788ed0..91ed4c8 100644 --- a/DSCResources/DomainSecurity/DomainSecurity.psd1 +++ b/DSCResources/DomainSecurity/DomainSecurity.psd1 @@ -12,7 +12,7 @@ RootModule = 'DomainSecurity.schema.psm1' # Version number of this module. -ModuleVersion = '1.0.0' +ModuleVersion = '0.0.1' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/DSCResources/DomainSecurity/DomainSecurity.schema.psm1 b/DSCResources/DomainSecurity/DomainSecurity.schema.psm1 index 643f0a7..a8ed743 100644 --- a/DSCResources/DomainSecurity/DomainSecurity.schema.psm1 +++ b/DSCResources/DomainSecurity/DomainSecurity.schema.psm1 @@ -35,62 +35,57 @@ https://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7 https://www.powershellgallery.com/packages/WindowsDefender/1.0.0.4 #> -Configuration Windows_11_v22H2_Security_Baseline_Domain_Security +Configuration DomainSecurity { Import-DSCResource -ModuleName 'PSDesiredStateConfiguration' Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' -ModuleVersion '1.2.0' Import-DSCResource -ModuleName 'AuditPolicyDSC' -ModuleVersion '1.4.0.0' Import-DSCResource -ModuleName 'SecurityPolicyDSC' -ModuleVersion '2.10.0.0' - Node Windows_11_v22H2_Security_Baseline_Domain_Security - { - AccountPolicy 'SecuritySetting(INF): ResetLockoutCount' - { - Reset_account_lockout_counter_after = 10 - Name = 'Reset_account_lockout_counter_after' - } - - AccountPolicy 'SecuritySetting(INF): LockoutBadCount' - { - Name = 'Account_lockout_threshold' - Account_lockout_threshold = 10 - } - - AccountPolicy 'SecuritySetting(INF): PasswordComplexity' - { - Name = 'Password_must_meet_complexity_requirements' - Password_must_meet_complexity_requirements = 'Enabled' - } - - AccountPolicy 'SecuritySetting(INF): LockoutDuration' - { - Name = 'Account_lockout_duration' - Account_lockout_duration = 10 - } - - AccountPolicy 'SecuritySetting(INF): PasswordHistorySize' - { - Name = 'Enforce_password_history' - Enforce_password_history = 24 - } - - AccountPolicy 'SecuritySetting(INF): ClearTextPassword' - { - Name = 'Store_passwords_using_reversible_encryption' - Store_passwords_using_reversible_encryption = 'Disabled' - } - - AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength' - { - Name = 'Minimum_Password_Length' - Minimum_Password_Length = 14 - } - - RefreshRegistryPolicy 'ActivateClientSideExtension' - { - IsSingleInstance = 'Yes' - } - } + AccountPolicy 'SecuritySetting(INF): ResetLockoutCount' + { + Reset_account_lockout_counter_after = 10 + Name = 'Reset_account_lockout_counter_after' + } + + AccountPolicy 'SecuritySetting(INF): LockoutBadCount' + { + Name = 'Account_lockout_threshold' + Account_lockout_threshold = 10 + } + + AccountPolicy 'SecuritySetting(INF): PasswordComplexity' + { + Name = 'Password_must_meet_complexity_requirements' + Password_must_meet_complexity_requirements = 'Enabled' + } + + AccountPolicy 'SecuritySetting(INF): LockoutDuration' + { + Name = 'Account_lockout_duration' + Account_lockout_duration = 10 + } + + AccountPolicy 'SecuritySetting(INF): PasswordHistorySize' + { + Name = 'Enforce_password_history' + Enforce_password_history = 24 + } + + AccountPolicy 'SecuritySetting(INF): ClearTextPassword' + { + Name = 'Store_passwords_using_reversible_encryption' + Store_passwords_using_reversible_encryption = 'Disabled' + } + + AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength' + { + Name = 'Minimum_Password_Length' + Minimum_Password_Length = 14 + } + + RefreshRegistryPolicy 'ActivateClientSideExtension' + { + IsSingleInstance = 'Yes' + } } - - diff --git a/DSCResources/IE11Computer/IE11Computer.psd1 b/DSCResources/IE11Computer/IE11Computer.psd1 index 572258d..0ef2659 100644 --- a/DSCResources/IE11Computer/IE11Computer.psd1 +++ b/DSCResources/IE11Computer/IE11Computer.psd1 @@ -12,7 +12,7 @@ RootModule = 'IE11Computer.schema.psm1' # Version number of this module. -ModuleVersion = '1.0.0' +ModuleVersion = '0.0.1' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/DSCResources/IE11Computer/IE11Computer.schema.psm1 b/DSCResources/IE11Computer/IE11Computer.schema.psm1 index cfdee3c..cb858f7 100644 --- a/DSCResources/IE11Computer/IE11Computer.schema.psm1 +++ b/DSCResources/IE11Computer/IE11Computer.schema.psm1 @@ -35,7 +35,7 @@ https://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7 https://www.powershellgallery.com/packages/WindowsDefender/1.0.0.4 #> -Configuration Windows_11_v22H2_Security_Baseline_IE11 +Configuration IE11Computer { Import-DSCResource -ModuleName 'PSDesiredStateConfiguration' @@ -43,1201 +43,1196 @@ Configuration Windows_11_v22H2_Security_Baseline_IE11 Import-DSCResource -ModuleName 'AuditPolicyDSC' -ModuleVersion '1.4.0.0' Import-DSCResource -ModuleName 'SecurityPolicyDSC' -ModuleVersion '2.10.0.0' - Node Windows_11_v22H2_Security_Baseline_IE11 - { - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\RunThisTimeEnabled' - { - ValueName = 'RunThisTimeEnabled' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\VersionCheckEnabled' - { - ValueName = 'VersionCheckEnabled' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatures' - { - ValueName = 'RunInvalidSignatures' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Download' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Download\CheckExeSignatures' - { - ValueName = 'CheckExeSignatures' - ValueData = 'yes' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Download' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\Isolation64Bit' - { - ValueName = 'Isolation64Bit' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\DisableEPMCompat' - { - ValueName = 'DisableEPMCompat' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\Isolation' - { - ValueName = 'Isolation' - ValueData = 'PMEM' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved)' - { - ValueName = '(Reserved)' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\iexplore.exe' - { - ValueName = 'iexplore.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe' - { - ValueName = 'explorer.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe' - { - ValueName = 'explorer.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe' - { - ValueName = 'iexplore.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Reserved)' - { - ValueName = '(Reserved)' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\explorer.exe' - { - ValueName = 'explorer.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe' - { - ValueName = 'iexplore.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\(Reserved)' - { - ValueName = '(Reserved)' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\(Reserved)' - { - ValueName = '(Reserved)' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\explorer.exe' - { - ValueName = 'explorer.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\iexplore.exe' - { - ValueName = 'iexplore.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved)' - { - ValueName = '(Reserved)' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe' - { - ValueName = 'iexplore.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe' - { - ValueName = 'explorer.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\(Reserved)' - { - ValueName = '(Reserved)' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\iexplore.exe' - { - ValueName = 'iexplore.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\explorer.exe' - { - ValueName = 'explorer.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\iexplore.exe' - { - ValueName = 'iexplore.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\(Reserved)' - { - ValueName = '(Reserved)' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\explorer.exe' - { - ValueName = 'explorer.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved)' - { - ValueName = '(Reserved)' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe' - { - ValueName = 'explorer.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe' - { - ValueName = 'iexplore.exe' - ValueData = '1' - ValueType = 'String' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverrideAppRepUnknown' - { - ValueName = 'PreventOverrideAppRepUnknown' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverride' - { - ValueName = 'PreventOverride' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV9' - { - ValueName = 'EnabledV9' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetection' - { - ValueName = 'NoCrashDetection' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Restrictions' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck' - { - ValueName = 'DisableSecuritySettingsCheck' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Security' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX\BlockNonAdminActiveXInstall' - { - ValueName = 'BlockNonAdminActiveXInstall' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AxInstaller\OnlyUseAXISForActiveXInstall' - { - ValueName = 'OnlyUseAXISForActiveXInstall' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\AxInstaller' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_edit' - { - ValueName = 'Security_zones_map_edit' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit' - { - ValueName = 'Security_options_edit' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only' - { - ValueName = 'Security_HKLM_only' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation' - { - ValueName = 'CertificateRevocation' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\PreventIgnoreCertErrors' - { - ValueName = 'PreventIgnoreCertErrors' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving' - { - ValueName = 'WarnOnBadCertRecving' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSSL3Fallback' - { - ValueName = 'EnableSSL3Fallback' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols' - { - ValueName = 'SecureProtocols' - ValueData = 2560 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1C00' - { - ValueName = '1C00' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1C00' - { - ValueName = '1C00' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1C00' - { - ValueName = '1C00' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\2301' - { - ValueName = '2301' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\2301' - { - ValueName = '2301' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1C00' - { - ValueName = '1C00' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet' - { - ValueName = 'UNCAsIntranet' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1C00' - { - ValueName = '1C00' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\270C' - { - ValueName = '270C' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\270C' - { - ValueName = '270C' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1201' - { - ValueName = '1201' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1C00' - { - ValueName = '1C00' - ValueData = 65536 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1C00' - { - ValueName = '1C00' - ValueData = 65536 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\270C' - { - ValueName = '270C' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1201' - { - ValueName = '1201' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2001' - { - ValueName = '2001' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2102' - { - ValueName = '2102' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1802' - { - ValueName = '1802' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\160A' - { - ValueName = '160A' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201' - { - ValueName = '1201' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406' - { - ValueName = '1406' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1804' - { - ValueName = '1804' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200' - { - ValueName = '2200' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209' - { - ValueName = '1209' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206' - { - ValueName = '1206' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1809' - { - ValueName = '1809' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500' - { - ValueName = '2500' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103' - { - ValueName = '2103' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1606' - { - ValueName = '1606' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2402' - { - ValueName = '2402' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2004' - { - ValueName = '2004' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00' - { - ValueName = '1C00' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001' - { - ValueName = '1001' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00' - { - ValueName = '1A00' - ValueData = 65536 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2708' - { - ValueName = '2708' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004' - { - ValueName = '1004' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120b' - { - ValueName = '120b' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1407' - { - ValueName = '1407' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409' - { - ValueName = '1409' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\270C' - { - ValueName = '270C' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1607' - { - ValueName = '1607' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2709' - { - ValueName = '2709' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101' - { - ValueName = '2101' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301' - { - ValueName = '2301' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806' - { - ValueName = '1806' - ValueData = 1 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120c' - { - ValueName = '120c' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\140C' - { - ValueName = '140C' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1608' - { - ValueName = '1608' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1201' - { - ValueName = '1201' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1001' - { - ValueName = '1001' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1607' - { - ValueName = '1607' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120b' - { - ValueName = '120b' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1809' - { - ValueName = '1809' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1004' - { - ValueName = '1004' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1606' - { - ValueName = '1606' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1407' - { - ValueName = '1407' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\160A' - { - ValueName = '160A' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406' - { - ValueName = '1406' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2102' - { - ValueName = '2102' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2004' - { - ValueName = '2004' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2200' - { - ValueName = '2200' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2000' - { - ValueName = '2000' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1402' - { - ValueName = '1402' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1803' - { - ValueName = '1803' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2402' - { - ValueName = '2402' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1400' - { - ValueName = '1400' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A00' - { - ValueName = '1A00' - ValueData = 196608 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2001' - { - ValueName = '2001' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500' - { - ValueName = '2500' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1409' - { - ValueName = '1409' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1C00' - { - ValueName = '1C00' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1209' - { - ValueName = '1209' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\270C' - { - ValueName = '270C' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1206' - { - ValueName = '1206' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2708' - { - ValueName = '2708' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1802' - { - ValueName = '1802' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2103' - { - ValueName = '2103' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2709' - { - ValueName = '2709' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1405' - { - ValueName = '1405' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2101' - { - ValueName = '2101' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2301' - { - ValueName = '2301' - ValueData = 0 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1200' - { - ValueName = '1200' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1804' - { - ValueName = '1804' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1806' - { - ValueName = '1806' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120c' - { - ValueName = '120c' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\140C' - { - ValueName = '140C' - ValueData = 3 - ValueType = 'Dword' - TargetType = 'ComputerConfiguration' - Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' - } - - RefreshRegistryPolicy 'ActivateClientSideExtension' - { - IsSingleInstance = 'Yes' - } + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\RunThisTimeEnabled' + { + ValueName = 'RunThisTimeEnabled' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\VersionCheckEnabled' + { + ValueName = 'VersionCheckEnabled' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatures' + { + ValueName = 'RunInvalidSignatures' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Download' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Download\CheckExeSignatures' + { + ValueName = 'CheckExeSignatures' + ValueData = 'yes' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Download' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\Isolation64Bit' + { + ValueName = 'Isolation64Bit' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\DisableEPMCompat' + { + ValueName = 'DisableEPMCompat' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\Isolation' + { + ValueName = 'Isolation' + ValueData = 'PMEM' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved)' + { + ValueName = '(Reserved)' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\iexplore.exe' + { + ValueName = 'iexplore.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe' + { + ValueName = 'explorer.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe' + { + ValueName = 'explorer.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe' + { + ValueName = 'iexplore.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Reserved)' + { + ValueName = '(Reserved)' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\explorer.exe' + { + ValueName = 'explorer.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe' + { + ValueName = 'iexplore.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\(Reserved)' + { + ValueName = '(Reserved)' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\(Reserved)' + { + ValueName = '(Reserved)' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\explorer.exe' + { + ValueName = 'explorer.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\iexplore.exe' + { + ValueName = 'iexplore.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved)' + { + ValueName = '(Reserved)' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe' + { + ValueName = 'iexplore.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe' + { + ValueName = 'explorer.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\(Reserved)' + { + ValueName = '(Reserved)' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\iexplore.exe' + { + ValueName = 'iexplore.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\explorer.exe' + { + ValueName = 'explorer.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\iexplore.exe' + { + ValueName = 'iexplore.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\(Reserved)' + { + ValueName = '(Reserved)' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\explorer.exe' + { + ValueName = 'explorer.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved)' + { + ValueName = '(Reserved)' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe' + { + ValueName = 'explorer.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe' + { + ValueName = 'iexplore.exe' + ValueData = '1' + ValueType = 'String' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverrideAppRepUnknown' + { + ValueName = 'PreventOverrideAppRepUnknown' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverride' + { + ValueName = 'PreventOverride' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV9' + { + ValueName = 'EnabledV9' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetection' + { + ValueName = 'NoCrashDetection' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Restrictions' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck' + { + ValueName = 'DisableSecuritySettingsCheck' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Security' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX\BlockNonAdminActiveXInstall' + { + ValueName = 'BlockNonAdminActiveXInstall' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AxInstaller\OnlyUseAXISForActiveXInstall' + { + ValueName = 'OnlyUseAXISForActiveXInstall' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\AxInstaller' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_edit' + { + ValueName = 'Security_zones_map_edit' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit' + { + ValueName = 'Security_options_edit' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only' + { + ValueName = 'Security_HKLM_only' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation' + { + ValueName = 'CertificateRevocation' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\PreventIgnoreCertErrors' + { + ValueName = 'PreventIgnoreCertErrors' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving' + { + ValueName = 'WarnOnBadCertRecving' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSSL3Fallback' + { + ValueName = 'EnableSSL3Fallback' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols' + { + ValueName = 'SecureProtocols' + ValueData = 2560 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1C00' + { + ValueName = '1C00' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1C00' + { + ValueName = '1C00' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1C00' + { + ValueName = '1C00' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\2301' + { + ValueName = '2301' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\2301' + { + ValueName = '2301' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1C00' + { + ValueName = '1C00' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet' + { + ValueName = 'UNCAsIntranet' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1C00' + { + ValueName = '1C00' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\270C' + { + ValueName = '270C' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\270C' + { + ValueName = '270C' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1201' + { + ValueName = '1201' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1C00' + { + ValueName = '1C00' + ValueData = 65536 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1C00' + { + ValueName = '1C00' + ValueData = 65536 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\270C' + { + ValueName = '270C' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1201' + { + ValueName = '1201' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2001' + { + ValueName = '2001' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2102' + { + ValueName = '2102' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1802' + { + ValueName = '1802' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\160A' + { + ValueName = '160A' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201' + { + ValueName = '1201' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406' + { + ValueName = '1406' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1804' + { + ValueName = '1804' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200' + { + ValueName = '2200' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209' + { + ValueName = '1209' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206' + { + ValueName = '1206' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1809' + { + ValueName = '1809' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500' + { + ValueName = '2500' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103' + { + ValueName = '2103' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1606' + { + ValueName = '1606' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2402' + { + ValueName = '2402' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2004' + { + ValueName = '2004' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00' + { + ValueName = '1C00' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001' + { + ValueName = '1001' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00' + { + ValueName = '1A00' + ValueData = 65536 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2708' + { + ValueName = '2708' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004' + { + ValueName = '1004' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120b' + { + ValueName = '120b' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1407' + { + ValueName = '1407' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409' + { + ValueName = '1409' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\270C' + { + ValueName = '270C' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1607' + { + ValueName = '1607' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2709' + { + ValueName = '2709' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101' + { + ValueName = '2101' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301' + { + ValueName = '2301' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806' + { + ValueName = '1806' + ValueData = 1 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120c' + { + ValueName = '120c' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\140C' + { + ValueName = '140C' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1608' + { + ValueName = '1608' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1201' + { + ValueName = '1201' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1001' + { + ValueName = '1001' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1607' + { + ValueName = '1607' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120b' + { + ValueName = '120b' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1809' + { + ValueName = '1809' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1004' + { + ValueName = '1004' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1606' + { + ValueName = '1606' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1407' + { + ValueName = '1407' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\160A' + { + ValueName = '160A' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406' + { + ValueName = '1406' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2102' + { + ValueName = '2102' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2004' + { + ValueName = '2004' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2200' + { + ValueName = '2200' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2000' + { + ValueName = '2000' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1402' + { + ValueName = '1402' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1803' + { + ValueName = '1803' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2402' + { + ValueName = '2402' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1400' + { + ValueName = '1400' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A00' + { + ValueName = '1A00' + ValueData = 196608 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2001' + { + ValueName = '2001' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500' + { + ValueName = '2500' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1409' + { + ValueName = '1409' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' } -} + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1C00' + { + ValueName = '1C00' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1209' + { + ValueName = '1209' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\270C' + { + ValueName = '270C' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1206' + { + ValueName = '1206' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2708' + { + ValueName = '2708' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1802' + { + ValueName = '1802' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2103' + { + ValueName = '2103' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2709' + { + ValueName = '2709' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1405' + { + ValueName = '1405' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2101' + { + ValueName = '2101' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2301' + { + ValueName = '2301' + ValueData = 0 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1200' + { + ValueName = '1200' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1804' + { + ValueName = '1804' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1806' + { + ValueName = '1806' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120c' + { + ValueName = '120c' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\140C' + { + ValueName = '140C' + ValueData = 3 + ValueType = 'Dword' + TargetType = 'ComputerConfiguration' + Key = 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + } + + RefreshRegistryPolicy 'ActivateClientSideExtension' + { + IsSingleInstance = 'Yes' + } +}