Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue 38 #43

Merged
merged 5 commits into from
Apr 23, 2024
Merged

Issue 38 #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0470723
Fixing controls stated in issue 38
mfortin Mar 26, 2024
04e0b9f
revert
mfortin Mar 26, 2024
de98e60
test
mfortin Mar 26, 2024
f67af57
test
mfortin Mar 26, 2024
dc8826f
Revert tag update
mfortin Apr 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions tasks/section01.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,11 +155,10 @@
- password

- name: "1.1.6 | PATCH | Ensure Relax minimum password length limits is set to Enabled."
ansible.windows.win_regedit:
path: HKLM:\System\CurrentControlSet\Control\SAM
name: RelaxMinimumPasswordLengthLimits
data: 1
type: dword
community.windows.win_security_policy:
section: System Access
key: RelaxMinimumPasswordLengthLimits
value: 1
when:
- win22cis_rule_1_1_6
tags:
Expand Down
55 changes: 34 additions & 21 deletions tasks/section18.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -299,11 +299,11 @@

- name: "18.5.1 | PATCH | Ensure MSS AutoAdminLogon Enable Automatic Logon not recommended is set to Disabled"
ansible.windows.win_regedit:
path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
path: HKLM:\Software\Microsoft\Windows Nt\Currentversion\Winlogon
state: present
value: AutoAdminLogon
name: AutoAdminLogon
data: 0
datatype: string
type: string
when:
- win22cis_rule_18_5_1
tags:
Expand Down Expand Up @@ -598,15 +598,14 @@
- patch
- netbios

- name: "18.6.4.3 | PATCH | Ensure Turn off multicast name resolution is set to Enabled MS Only | Member Server"
- name: "18.6.4.3 | PATCH | Ensure Turn off multicast name resolution is set to Enabled"
ansible.windows.win_regedit:
path: HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient
name: EnableMulticast
data: 0
type: dword
when:
- win22cis_rule_18_6_4_3
- win2022cis_is_domain_member
tags:
- level1-domaincontroller
- level1-memberserver
Expand Down Expand Up @@ -3385,20 +3384,6 @@
- patch
- wik

- name: "18.10.81.1 | PATCH | Ensure Allow user control over installs is set to Disabled"
ansible.windows.win_regedit:
path: HKLM:\Software\Policies\Microsoft\Windows\Installer
name: EnableUserControl
data: 0
type: dword
when:
- win22cis_rule_18_10_81_1
tags:
- level1-domaincontroller
- level1-memberserver
- rule_18.10.81.1
- patch

- name: "18.10.80.2 | PATCH | Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled'"
block:
- name: "18.10.80.2 | AUDIT | Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled' | Warning Check For Variable Standards."
Expand Down Expand Up @@ -3435,6 +3420,34 @@
- automated
- patch

- name: "18.10.81.1 | PATCH | Ensure Allow user control over installs is set to Disabled"
ansible.windows.win_regedit:
path: HKLM:\Software\Policies\Microsoft\Windows\Installer
name: EnableUserControl
data: 0
type: dword
when:
- win22cis_rule_18_10_81_1
tags:
- level1-domaincontroller
- level1-memberserver
- rule_18.10.81.1
- patch

- name: "18.10.81.2 | PATCH | Ensure 'Always install with elevated privileges' is set to 'Disabled'"
ansible.windows.win_regedit:
path: HKLM:\Software\Policies\Microsoft\Windows\Installer
name: AlwaysInstallElevated
data: 0
type: dword
when:
- win22cis_rule_18_10_81_2
tags:
- level1-domaincontroller
- level1-memberserver
- rule_18.10.81.2
- patch

- name: "18.10.81.3 | PATCH | Ensure Prevent Internet Explorer security prompt for Windows Installer scripts is set to Disabled"
ansible.windows.win_regedit:
path: HKLM:\Software\Policies\Microsoft\Windows\Installer
Expand Down Expand Up @@ -3698,7 +3711,7 @@
- patch
- winupdate

- name: "18.10.93.4.1 | PATCH | Ensure Manage preview builds is set to Enabled Disable preview builds"
- name: "18.10.93.4.1 | PATCH | Ensure 'Manage preview builds' is set to 'Disabled'"
block:
- name: "18.10.93.4.1 | PATCH | Ensure Manage preview builds is set to Enabled Disable preview builds | ManagePreviewBuilds"
ansible.windows.win_regedit:
Expand All @@ -3711,7 +3724,7 @@
ansible.windows.win_regedit:
path: HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate
name: ManagePreviewBuildsPolicyValue
data: 0
data: 1
type: dword
when:
- win22cis_rule_18_10_93_4_1
Expand Down
Loading