diff --git a/DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.schema.psm1 b/DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.schema.psm1 index 15b73dc..f2ac7ea 100644 --- a/DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.schema.psm1 +++ b/DSCResources/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1.schema.psm1 @@ -22,7 +22,7 @@ configuration DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1 [bool]$bDisableWebmail = $true, [bool]$bShowWelcomeScreen = $true ) - + Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' Import-DSCResource -ModuleName 'AuditPolicyDSC' Import-DSCResource -ModuleName 'SecurityPolicyDSC' @@ -30,29 +30,29 @@ configuration DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1 if ($DisableMaintenance) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Adobe\Adobe Acrobat\DC\Installer\DisableMaintenance' { - Key = '\SOFTWARE\Adobe\Adobe Acrobat\DC\Installer' + Key = 'SOFTWARE\Adobe\Adobe Acrobat\DC\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableMaintenance' ValueData = 1 } } - + if ($bEnhancedSecurityStandalone) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bEnhancedSecurityStandalone' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bEnhancedSecurityStandalone' ValueData = 1 } } - + if ($bEnhancedSecurityInBrowser) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bEnhancedSecurityInBrowser' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bEnhancedSecurityInBrowser' @@ -62,40 +62,40 @@ configuration DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1 if ($iFileAttachmentPerms) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\iFileAttachmentPerms' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'iFileAttachmentPerms' ValueData = 1 } } - + if ($bEnableFlash) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bEnableFlash' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bEnableFlash' ValueData = 0 } } - + if ($bDisableTrustedFolders) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bDisableTrustedFolders' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisableTrustedFolders' ValueData = 1 } } - + if ($bProtectedMode) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bProtectedMode' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bProtectedMode' @@ -105,62 +105,62 @@ configuration DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1 if ($iProtectedView) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\iProtectedView' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'iProtectedView' ValueData = 2 } } - + if ($bDisablePDFHandlerSwitching) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bDisablePDFHandlerSwitching' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisablePDFHandlerSwitching' ValueData = 1 } } - + if ($bDisableTrustedSites) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bDisableTrustedSites' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisableTrustedSites' ValueData = 1 } } - + if ($bAdobeSendPluginToggle) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud\bAdobeSendPluginToggle' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bAdobeSendPluginToggle' ValueData = 1 } } - + if ($bDisableADCFileStore) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud\bDisableADCFileStore' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisableADCFileStore' ValueData = 1 } } - + if ($iUnknownURLPerms) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms\iUnknownURLPerms' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'iUnknownURLPerms' @@ -170,51 +170,51 @@ configuration DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1 if ($iURLPerms) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms\iURLPerms' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'iURLPerms' ValueData = 1 } } - + if ($bTogglePrefsSync) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices\bTogglePrefsSync' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bTogglePrefsSync' ValueData = 1 } } - + if ($bToggleWebConnectors) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices\bToggleWebConnectors' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bToggleWebConnectors' ValueData = 1 } } - + if ($bDisableSharePointFeatures) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cSharePoint\bDisableSharePointFeatures' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cSharePoint' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cSharePoint' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisableSharePointFeatures' ValueData = 1 } } - + if ($bDisableWebmail) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWebmailProfiles\bDisableWebmail' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWebmailProfiles' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWebmailProfiles' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisableWebmail' @@ -225,18 +225,18 @@ configuration DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1 if ($bShowWelcomeScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWelcomeScreen\bShowWelcomeScreen' { - Key = '\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWelcomeScreen' + Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWelcomeScreen' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bShowWelcomeScreen' ValueData = 0 } } - + if ($DisableMaintenance) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\DC\Installer\DisableMaintenance' { - Key = '\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\DC\Installer' + Key = 'SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\DC\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableMaintenance' @@ -245,4 +245,3 @@ configuration DoD_Adobe_Acrobat_Pro_DC_Continuous_V2R1 } } - diff --git a/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.schema.psm1 b/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.schema.psm1 index 8932413..4046a34 100644 --- a/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.schema.psm1 +++ b/DSCResources/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1/DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1.schema.psm1 @@ -23,7 +23,7 @@ configuration DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1 [bool]$bUpdater = $true, [bool]$bDisableSharePointFeatures = $true, [bool]$bDisableWebmail = $true, - [bool]$bShowWelcomeScreen = $true + [bool]$bShowWelcomeScreen = $true ) Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' @@ -33,40 +33,40 @@ configuration DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1 if ($DisableMaintenance) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Adobe\Acrobat Reader\DC\Installer\DisableMaintenance' { - Key = '\SOFTWARE\Adobe\Acrobat Reader\DC\Installer' + Key = 'SOFTWARE\Adobe\Acrobat Reader\DC\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableMaintenance' ValueData = 1 } } - + if ($bEnhancedSecurityStandalone) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bEnhancedSecurityStandalone' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bEnhancedSecurityStandalone' ValueData = 1 } } - + if ($bProtectedMode) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bProtectedMode' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bProtectedMode' ValueData = 1 } } - + if ($iProtectedView) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\iProtectedView' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'iProtectedView' @@ -77,40 +77,40 @@ configuration DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1 if ($iFileAttachmentPerms) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\iFileAttachmentPerms' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'iFileAttachmentPerms' ValueData = 1 } } - + if ($bEnableFlash) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bEnableFlash' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bEnableFlash' ValueData = 0 } } - + if ($bDisablePDFHandlerSwitching) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bDisablePDFHandlerSwitching' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisablePDFHandlerSwitching' ValueData = 1 } } - + if ($bAcroSuppressUpsell) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bAcroSuppressUpsell' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bAcroSuppressUpsell' @@ -121,40 +121,40 @@ configuration DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1 if ($bEnhancedSecurityInBrowser) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bEnhancedSecurityInBrowser' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bEnhancedSecurityInBrowser' ValueData = 1 } } - + if ($bDisableTrustedFolders) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bDisableTrustedFolders' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisableTrustedFolders' ValueData = 1 } } - + if ($bDisableTrustedSites) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\bDisableTrustedSites' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisableTrustedSites' ValueData = 1 } } - + if ($bAdobeSendPluginToggle) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cCloud\bAdobeSendPluginToggle' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cCloud' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cCloud' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bAdobeSendPluginToggle' @@ -165,40 +165,40 @@ configuration DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1 if ($iURLPerms) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms\iURLPerms' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'iURLPerms' ValueData = 1 } } - + if ($iUnknownURLPerms) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms\iUnknownURLPerms' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cDefaultLaunchURLPerms' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'iUnknownURLPerms' ValueData = 3 } } - + if ($bToggleAdobeDocumentServices) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bToggleAdobeDocumentServices' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bToggleAdobeDocumentServices' ValueData = 1 } } - + if ($bTogglePrefsSync) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bTogglePrefsSync' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bTogglePrefsSync' @@ -208,73 +208,73 @@ configuration DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1 if ($bToggleWebConnectors) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bToggleWebConnectors' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bToggleWebConnectors' ValueData = 1 } } - + if ($bToggleAdobeSign) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bToggleAdobeSign' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bToggleAdobeSign' ValueData = 1 } } - + if ($bUpdater) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices\bUpdater' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cServices' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bUpdater' ValueData = 0 } } - + if ($bDisableSharePointFeatures) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cSharePoint\bDisableSharePointFeatures' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cSharePoint' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cSharePoint' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisableSharePointFeatures' ValueData = 1 } } - + if ($bDisableWebmail) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWebmailProfiles\bDisableWebmail' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWebmailProfiles' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWebmailProfiles' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bDisableWebmail' ValueData = 1 } } - + if ($bShowWelcomeScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWelcomeScreen\bShowWelcomeScreen' { - Key = '\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWelcomeScreen' + Key = 'SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockdown\cWelcomeScreen' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'bShowWelcomeScreen' ValueData = 0 } } - + if ($DisableMaintenance) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\DC\Installer\DisableMaintenance' { - Key = '\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\DC\Installer' + Key = 'SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\DC\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableMaintenance' @@ -282,4 +282,3 @@ configuration DoD_Adobe_Acrobat_Reader_DC_Continuous_V2R1 } } } - diff --git a/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.schema.psm1 b/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.schema.psm1 index ab4d7cd..7aba45f 100644 --- a/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.schema.psm1 +++ b/DSCResources/DoD_Google_Chrome_v2r10/DoD_Google_Chrome_v2r10.schema.psm1 @@ -51,40 +51,40 @@ configuration DoD_Google_Chrome_v2r10 if ($RemoteAccessHostFirewallTraversal) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\RemoteAccessHostFirewallTraversal' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RemoteAccessHostFirewallTraversal' ValueData = 0 } } - + if ($DefaultPopupsSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultPopupsSetting' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultPopupsSetting' ValueData = 2 } } - + if ($DefaultGeolocationSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultGeolocationSetting' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultGeolocationSetting' ValueData = 2 } } - + if ($DefaultSearchProviderName) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultSearchProviderName' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'DefaultSearchProviderName' @@ -95,62 +95,62 @@ configuration DoD_Google_Chrome_v2r10 if ($DefaultSearchProviderEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultSearchProviderEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultSearchProviderEnabled' ValueData = 1 } } - + if ($PasswordManagerEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\PasswordManagerEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordManagerEnabled' ValueData = 0 } } - + if ($BackgroundModeEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\BackgroundModeEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'BackgroundModeEnabled' ValueData = 0 } } - + if ($SyncDisabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SyncDisabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SyncDisabled' ValueData = 1 } } - + if ($CloudPrintProxyEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\CloudPrintProxyEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'CloudPrintProxyEnabled' ValueData = 0 } } - + if ($MetricsReportingEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\MetricsReportingEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MetricsReportingEnabled' @@ -161,62 +161,62 @@ configuration DoD_Google_Chrome_v2r10 if ($SearchSuggestEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SearchSuggestEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SearchSuggestEnabled' ValueData = 0 } } - + if ($ImportSavedPasswords) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ImportSavedPasswords' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportSavedPasswords' ValueData = 0 } } - + if ($IncognitoModeAvailability) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\IncognitoModeAvailability' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'IncognitoModeAvailability' ValueData = 1 } } - + if ($SavingBrowserHistoryDisabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SavingBrowserHistoryDisabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SavingBrowserHistoryDisabled' ValueData = 0 } } - + if ($AllowDeletingBrowserHistory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AllowDeletingBrowserHistory' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDeletingBrowserHistory' ValueData = 0 } } - + if ($PromptForDownloadLocation) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\PromptForDownloadLocation' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PromptForDownloadLocation' @@ -227,62 +227,62 @@ configuration DoD_Google_Chrome_v2r10 if ($AutoplayAllowed) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutoplayAllowed' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AutoplayAllowed' ValueData = 0 } } - + if ($SafeBrowsingExtendedReportingEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SafeBrowsingExtendedReportingEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SafeBrowsingExtendedReportingEnabled' ValueData = 0 } } - + if ($DefaultWebUsbGuardSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultWebUsbGuardSetting' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultWebUsbGuardSetting' ValueData = 2 } } - + if ($EnableMediaRouter) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\EnableMediaRouter' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableMediaRouter' ValueData = 0 } } - + if ($UrlKeyedAnonymizedDataCollectionEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\UrlKeyedAnonymizedDataCollectionEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UrlKeyedAnonymizedDataCollectionEnabled' ValueData = 0 } } - + if ($WebRtcEventLogCollectionAllowed) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\WebRtcEventLogCollectionAllowed' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'WebRtcEventLogCollectionAllowed' @@ -292,62 +292,62 @@ configuration DoD_Google_Chrome_v2r10 if ($NetworkPredictionOptions) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\NetworkPredictionOptions' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NetworkPredictionOptions' ValueData = 2 } } - + if ($DeveloperToolsAvailability) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DeveloperToolsAvailability' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DeveloperToolsAvailability' ValueData = 2 } } - + if ($BrowserGuestModeEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\BrowserGuestModeEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'BrowserGuestModeEnabled' ValueData = 0 } } - + if ($AutofillCreditCardEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutofillCreditCardEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AutofillCreditCardEnabled' ValueData = 0 } } - + if ($AutofillAddressEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutofillAddressEnabled' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AutofillAddressEnabled' ValueData = 0 } } - + if ($ImportAutofillFormData) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ImportAutofillFormData' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportAutofillFormData' @@ -358,73 +358,73 @@ configuration DoD_Google_Chrome_v2r10 if ($SafeBrowsingProtectionLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\SafeBrowsingProtectionLevel' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SafeBrowsingProtectionLevel' ValueData = 1 } } - + if ($DefaultSearchProviderSearchURL) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultSearchProviderSearchURL' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'DefaultSearchProviderSearchURL' ValueData = 'https://www.google.com/search?q={searchTerms}' } } - + if ($DownloadRestrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DownloadRestrictions' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DownloadRestrictions' ValueData = 1 } } - + if ($DefaultWebBluetoothGuardSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultWebBluetoothGuardSetting' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultWebBluetoothGuardSetting' ValueData = 2 } } - + if ($QuicAllowed) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\QuicAllowed' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'QuicAllowed' ValueData = 0 } } - + if ($EnableOnlineRevocationChecks) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\EnableOnlineRevocationChecks' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableOnlineRevocationChecks' ValueData = 1 } } - + if ($DefaultCookiesSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\DefaultCookiesSetting' { - Key = '\Software\Policies\Google\Chrome' + Key = 'Software\Policies\Google\Chrome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultCookiesSetting' @@ -434,40 +434,40 @@ configuration DoD_Google_Chrome_v2r10 if ($AutoplayAllowlist1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutoplayAllowlist\1' { - Key = '\Software\Policies\Google\Chrome\AutoplayAllowlist' + Key = 'Software\Policies\Google\Chrome\AutoplayAllowlist' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1' ValueData = '[*.]mil' } } - + if ($AutoplayAllowlist2) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\AutoplayAllowlist\2' { - Key = '\Software\Policies\Google\Chrome\AutoplayAllowlist' + Key = 'Software\Policies\Google\Chrome\AutoplayAllowlist' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '2' ValueData = '[*.]gov' } } - + if ($ExtensionInstallAllowlist1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ExtensionInstallAllowlist\1' { - Key = '\Software\Policies\Google\Chrome\ExtensionInstallAllowlist' + Key = 'Software\Policies\Google\Chrome\ExtensionInstallAllowlist' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1' ValueData = 'oiigbmnaadbkfbmpbfijlflahbdbdgdf' } } - + if ($ExtensionInstallAllowlist2) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ExtensionInstallAllowlist\2' { - Key = '\Software\Policies\Google\Chrome\ExtensionInstallAllowlist' + Key = 'Software\Policies\Google\Chrome\ExtensionInstallAllowlist' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '2' @@ -477,18 +477,18 @@ configuration DoD_Google_Chrome_v2r10 if ($ExtensionInstallBlocklist1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\ExtensionInstallBlocklist\1' { - Key = '\Software\Policies\Google\Chrome\ExtensionInstallBlocklist' + Key = 'Software\Policies\Google\Chrome\ExtensionInstallBlocklist' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1' ValueData = '*' } } - + if ($URLBlocklist1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Google\Chrome\URLBlocklist\1' { - Key = '\Software\Policies\Google\Chrome\URLBlocklist' + Key = 'Software\Policies\Google\Chrome\URLBlocklist' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1' @@ -496,4 +496,3 @@ configuration DoD_Google_Chrome_v2r10 } } } - diff --git a/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.schema.psm1 b/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.schema.psm1 index df1e2f6..71cf25c 100644 --- a/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.schema.psm1 +++ b/DSCResources/DoD_Internet_Explorer_11_v2r4/DoD_Internet_Explorer_11_v2r4.schema.psm1 @@ -132,7 +132,7 @@ configuration DoD_Internet_Explorer_11_v2r4 [bool]$Zones4_2001 = $true, [bool]$Zones4_140C = $true ) - + Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' Import-DSCResource -ModuleName 'AuditPolicyDSC' Import-DSCResource -ModuleName 'SecurityPolicyDSC' @@ -140,51 +140,51 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($RunThisTimeEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\RunThisTimeEnabled' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Ext' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Ext' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RunThisTimeEnabled' ValueData = 0 } } - + if ($VersionCheckEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\VersionCheckEnabled' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Ext' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Ext' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'VersionCheckEnabled' ValueData = 1 } } - + if ($History) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Control Panel\History' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Control Panel' + Key = 'Software\Policies\Microsoft\Internet Explorer\Control Panel' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'History' ValueData = 1 } } - + if ($RunInvalidSignatures) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatures' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Download' + Key = 'Software\Policies\Microsoft\Internet Explorer\Download' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RunInvalidSignatures' ValueData = 0 } } - + if ($CheckExeSignatures) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Download\CheckExeSignatures' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Download' + Key = 'Software\Policies\Microsoft\Internet Explorer\Download' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'CheckExeSignatures' @@ -195,73 +195,73 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Disabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Disabled' { - Key = '\Software\Policies\Microsoft\Internet Explorer\IEDevTools' + Key = 'Software\Policies\Microsoft\Internet Explorer\IEDevTools' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Disabled' ValueData = 1 } } - + if ($DisableEPMCompat) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\DisableEPMCompat' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableEPMCompat' ValueData = 1 } } - + if ($Isolation64Bit) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\Isolation64Bit' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Isolation64Bit' ValueData = 1 } } - + if ($Isolation) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\Isolation' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'Isolation' ValueData = 'PMEM' } } - + if ($NotifyDisableIEOptions) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\NotifyDisableIEOptions' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NotifyDisableIEOptions' ValueData = 0 } } - + if ($FeatureControlReserved) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved)' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '(Reserved)' ValueData = '1' } } - + if ($FeatureControlExplorerExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'explorer.exe' @@ -272,51 +272,51 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($FeatureDisableMKProtocolIExploreExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\iexplore.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'iexplore.exe' ValueData = '1' } } - + if ($FeatureMimeHandlingReserved) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Reserved)' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '(Reserved)' ValueData = '1' } } - + if ($FeatureMimeHandlingExplorerExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'explorer.exe' ValueData = '1' } } - + if ($FeatureMimeHandlingIExploreExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'iexplore.exe' ValueData = '1' } } - + if ($FeatureMimeSniffingReserved) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\(Reserved)' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '(Reserved)' @@ -327,51 +327,51 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($FeatureMIME_SniffingExplorerExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\explorer.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'explorer.exe' ValueData = '1' } } - + if ($FeatureMIME_SniffingIExploreExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'iexplore.exe' ValueData = '1' } } - + if ($FeatureRestrictActiveXInstallReserved) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\(Reserved)' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '(Reserved)' ValueData = '1' } } - + if ($FeatureRestrictActiveXInstallExplorerExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\explorer.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'explorer.exe' ValueData = '1' } } - + if ($FeatureRestrictActiveXInstallIExploreExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\iexplore.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'iexplore.exe' @@ -381,62 +381,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($FeatureRestrictFileDownloadReserved) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved)' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '(Reserved)' ValueData = '1' } } - + if ($FeatureRestrictFileDownloadExplorerExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'explorer.exe' ValueData = '1' } } - + if ($FeatureRestrictFileDownloadIExploreExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'iexplore.exe' ValueData = '1' } } - + if ($FeatureSecurityBandReserved) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\(Reserved)' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '(Reserved)' ValueData = '1' } } - + if ($FeatureSecurityBandExplorerExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\explorer.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'explorer.exe' ValueData = '1' } } - + if ($FeatureSecurityBandIExploreExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\iexplore.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'iexplore.exe' @@ -446,62 +446,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($FeatureWindowRestrictionsReserved) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\(Reserved)' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '(Reserved)' ValueData = '1' } } - + if ($FeatureWindowRestrictionsExplorerExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\explorer.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'explorer.exe' ValueData = '1' } } - + if ($FeatureWindowRestrictionsIExploreExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\iexplore.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'iexplore.exe' ValueData = '1' } } - + if ($FeatureZoneElevationReserved) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved)' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '(Reserved)' ValueData = '1' } } - + if ($FeatureZoneElevationExplorerExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'explorer.exe' ValueData = '1' } } - + if ($FeatureZoneElevationIExploreExe) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'iexplore.exe' @@ -511,62 +511,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($PreventOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverride' { - Key = '\Software\Policies\Microsoft\Internet Explorer\PhishingFilter' + Key = 'Software\Policies\Microsoft\Internet Explorer\PhishingFilter' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventOverride' ValueData = 1 } } - + if ($PreventOverrideAppRepUnknown) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverrideAppRepUnknown' { - Key = '\Software\Policies\Microsoft\Internet Explorer\PhishingFilter' + Key = 'Software\Policies\Microsoft\Internet Explorer\PhishingFilter' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventOverrideAppRepUnknown' ValueData = 1 } } - + if ($EnabledV9) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV9' { - Key = '\Software\Policies\Microsoft\Internet Explorer\PhishingFilter' + Key = 'Software\Policies\Microsoft\Internet Explorer\PhishingFilter' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnabledV9' ValueData = 1 } } - + if ($ClearBrowsingHistoryOnExit) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Privacy\ClearBrowsingHistoryOnExit' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Privacy' + Key = 'Software\Policies\Microsoft\Internet Explorer\Privacy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ClearBrowsingHistoryOnExit' ValueData = 0 } } - + if ($CleanHistory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Privacy\CleanHistory' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Privacy' + Key = 'Software\Policies\Microsoft\Internet Explorer\Privacy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'CleanHistory' ValueData = 0 } } - + if ($EnableInPrivateBrowsing) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Privacy\EnableInPrivateBrowsing' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Privacy' + Key = 'Software\Policies\Microsoft\Internet Explorer\Privacy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableInPrivateBrowsing' @@ -577,62 +577,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($NoCrashDetection) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetection' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Restrictions' + Key = 'Software\Policies\Microsoft\Internet Explorer\Restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoCrashDetection' ValueData = 1 } } - + if ($DisableSecuritySettingsCheck) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Security' + Key = 'Software\Policies\Microsoft\Internet Explorer\Security' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableSecuritySettingsCheck' ValueData = 0 } } - + if ($BlockNonAdminActiveXInstall) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX\BlockNonAdminActiveXInstall' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX' + Key = 'Software\Policies\Microsoft\Internet Explorer\Security\ActiveX' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'BlockNonAdminActiveXInstall' ValueData = 1 } } - + if ($SecurityZonesMapEdit) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_edit' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Security_zones_map_edit' ValueData = 1 } } - + if ($SecurityOptionsEdit) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Security_options_edit' ValueData = 1 } } - + if ($SecurityHKLMOnly) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Security_HKLM_only' @@ -643,62 +643,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($LockdownZones1_1C00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1C00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1C00' ValueData = 0 } } - + if ($LockdownZones2_1C00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1C00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1C00' ValueData = 0 } } - + if ($LockdownZones4_1C00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1C00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1C00' ValueData = 0 } } - + if ($DaysToKeep) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DaysToKeep' ValueData = 40 } } - + if ($UNCAsIntranet) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UNCAsIntranet' ValueData = 0 } } - + if ($Zones0_270C) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\270C' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '270C' @@ -709,62 +709,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones0_1C00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1C00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1C00' ValueData = 0 } } - + if ($Zones1_270C) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\270C' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '270C' ValueData = 0 } } - + if ($Zones1_1201) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1201' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1201' ValueData = 3 } } - + if ($Zones1_1C00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1C00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1C00' ValueData = 65536 } } - + if ($Zones2_270C) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\270C' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '270C' ValueData = 0 } } - + if ($Zones2_1201) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1201' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1201' @@ -774,62 +774,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones2_1C00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1C00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1C00' ValueData = 65536 } } - + if ($Zones3_1406) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1406' ValueData = 3 } } - + if ($Zones3_1407) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1407' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1407' ValueData = 3 } } - + if ($Zones3_1802) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1802' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1802' ValueData = 3 } } - + if ($Zones3_2402) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2402' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2402' ValueData = 3 } } - + if ($Zones3_120b) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120b' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '120b' @@ -839,73 +839,73 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones3_120c) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120c' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '120c' ValueData = 3 } } - + if ($Zones3_1206) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1206' ValueData = 3 } } - + if ($Zones3_2102) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2102' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2102' ValueData = 3 } } - + if ($Zones3_1209) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1209' ValueData = 3 } } - + if ($Zones3_2103) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2103' ValueData = 3 } } - + if ($Zones3_2200) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2200' ValueData = 3 } } - + if ($Zones3_270C) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\270C' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '270C' @@ -915,62 +915,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones3_1001) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1001' ValueData = 3 } } - + if ($Zones3_1004) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1004' ValueData = 3 } } - + if ($Zones3_2709) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2709' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2709' ValueData = 3 } } - + if ($Zones3_2708) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2708' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2708' ValueData = 3 } } - + if ($Zones3_160A) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\160A' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '160A' ValueData = 3 } } - + if ($Zones3_1201) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1201' @@ -980,62 +980,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones3_1C00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1C00' ValueData = 0 } } - + if ($Zones3_1804) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1804' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1804' ValueData = 3 } } - + if ($Zones3_1A00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1A00' ValueData = 65536 } } - + if ($Zones3_1607) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1607' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1607' ValueData = 3 } } - + if ($Zones3_2004) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2004' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2004' ValueData = 3 } } - + if ($Zones3_2001) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2001' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2001' @@ -1045,62 +1045,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones3_1806) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1806' ValueData = 1 } } - + if ($Zones3_1409) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1409' ValueData = 0 } } - + if ($Zones3_2500) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2500' ValueData = 0 } } - + if ($Zones3_2301) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2301' ValueData = 0 } } - + if ($Zones3_1809) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1809' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1809' ValueData = 0 } } - + if ($Zones3_1606) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1606' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1606' @@ -1111,62 +1111,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones3_2101) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2101' ValueData = 3 } } - + if ($Zones3_140C) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\140C' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '140C' ValueData = 3 } } - + if ($Zones4_1406) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1406' ValueData = 3 } } - + if ($Zones4_1400) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1400' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1400' ValueData = 3 } } - + if ($Zones4_2000) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2000' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2000' ValueData = 3 } } - + if ($Zones4_1407) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1407' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1407' @@ -1177,62 +1177,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones4_1802) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1802' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1802' ValueData = 3 } } - + if ($Zones4_1803) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1803' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1803' ValueData = 3 } } - + if ($Zones4_2402) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2402' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2402' ValueData = 3 } } - + if ($Zones4_1608) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1608' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1608' ValueData = 3 } } - + if ($Zones4_120b) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120b' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '120b' ValueData = 3 } } - + if ($Zones4_120c) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120c' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '120c' @@ -1243,62 +1243,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones4_1206) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1206' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1206' ValueData = 3 } } - + if ($Zones4_2102) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2102' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2102' ValueData = 3 } } - + if ($Zones4_1209) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1209' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1209' ValueData = 3 } } - + if ($Zones4_2103) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2103' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2103' ValueData = 3 } } - + if ($Zones4_2200) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2200' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2200' ValueData = 3 } } - + if ($Zones4_270C) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\270C' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '270C' @@ -1309,62 +1309,62 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones4_1001) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1001' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1001' ValueData = 3 } } - + if ($Zones4_1004) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1004' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1004' ValueData = 3 } } - + if ($Zones4_2709) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2709' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2709' ValueData = 3 } } - + if ($Zones4_2708) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2708' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2708' ValueData = 3 } } - + if ($Zones4_160A) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\160A' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '160A' ValueData = 3 } } - + if ($Zones4_1201) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1201' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1201' @@ -1374,51 +1374,51 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones4_1C00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1C00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1C00' ValueData = 0 } } - + if ($Zones4_1804) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1804' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1804' ValueData = 3 } } - + if ($Zones4_1A00) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A00' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1A00' ValueData = 196608 } } - + if ($Zones4_1607) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1607' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1607' ValueData = 3 } } - + if ($Zones4_2004) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2004' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2004' @@ -1428,40 +1428,40 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones4_1200) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1200' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1200' ValueData = 3 } } - + if ($Zones4_1405) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1405' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1405' ValueData = 3 } } - + if ($Zones4_1402) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1402' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1402' ValueData = 3 } } - + if ($Zones4_1806) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1806' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1806' @@ -1471,84 +1471,84 @@ configuration DoD_Internet_Explorer_11_v2r4 if ($Zones4_1409) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1409' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1409' ValueData = 0 } } - + if ($Zones4_2500) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2500' ValueData = 0 } } - + if ($Zones4_2301) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2301' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2301' ValueData = 0 } } - + if ($Zones4_1809) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1809' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1809' ValueData = 0 } } - + if ($Zones4_1606) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1606' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '1606' ValueData = 3 } } - + if ($Zones4_2101) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2101' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2101' ValueData = 3 } } - + if ($Zones4_2001) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2001' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '2001' ValueData = 3 } } - + if ($Zones4_140C) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\140C' { - Key = '\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' + Key = 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = '140C' @@ -1556,4 +1556,3 @@ configuration DoD_Internet_Explorer_11_v2r4 } } } - diff --git a/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.schema.psm1 b/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.schema.psm1 index 0176621..babf17d 100644 --- a/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.schema.psm1 +++ b/DSCResources/DoD_Microsoft_Defender_Antivirus_STIG_v2r4/DoD_Microsoft_Defender_Antivirus_STIG_v2r4.schema.psm1 @@ -33,62 +33,62 @@ configuration DoD_Microsoft_Defender_Antivirus_STIG_v2r4 if ($PUAProtection) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\PUAProtection' { - Key = '\Software\Policies\Microsoft\Windows Defender' + Key = 'Software\Policies\Microsoft\Windows Defender' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PUAProtection' ValueData = 1 } } - + if ($DisableAutoExclusions) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Exclusions\DisableAutoExclusions' { - Key = '\Software\Policies\Microsoft\Windows Defender\Exclusions' + Key = 'Software\Policies\Microsoft\Windows Defender\Exclusions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableAutoExclusions' ValueData = 0 } } - + if ($DisableRemovableDriveScanning) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\DisableRemovableDriveScanning' { - Key = '\Software\Policies\Microsoft\Windows Defender\Scan' + Key = 'Software\Policies\Microsoft\Windows Defender\Scan' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableRemovableDriveScanning' ValueData = 0 } } - + if ($DisableEmailScanning) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\DisableEmailScanning' { - Key = '\Software\Policies\Microsoft\Windows Defender\Scan' + Key = 'Software\Policies\Microsoft\Windows Defender\Scan' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableEmailScanning' ValueData = 0 } } - + if ($ScheduleDay) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Scan\ScheduleDay' { - Key = '\Software\Policies\Microsoft\Windows Defender\Scan' + Key = 'Software\Policies\Microsoft\Windows Defender\Scan' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ScheduleDay' ValueData = 0 } } - + if ($ASSignatureDue) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Signature Updates\ASSignatureDue' { - Key = '\Software\Policies\Microsoft\Windows Defender\Signature Updates' + Key = 'Software\Policies\Microsoft\Windows Defender\Signature Updates' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ASSignatureDue' @@ -99,62 +99,62 @@ configuration DoD_Microsoft_Defender_Antivirus_STIG_v2r4 if ($AVSignatureDue) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Signature Updates\AVSignatureDue' { - Key = '\Software\Policies\Microsoft\Windows Defender\Signature Updates' + Key = 'Software\Policies\Microsoft\Windows Defender\Signature Updates' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AVSignatureDue' ValueData = 7 } } - + if ($ScheduleDay) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Signature Updates\ScheduleDay' { - Key = '\Software\Policies\Microsoft\Windows Defender\Signature Updates' + Key = 'Software\Policies\Microsoft\Windows Defender\Signature Updates' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ScheduleDay' ValueData = 0 } } - + if ($DisableBlockAtFirstSeen) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\DisableBlockAtFirstSeen' { - Key = '\Software\Policies\Microsoft\Windows Defender\Spynet' + Key = 'Software\Policies\Microsoft\Windows Defender\Spynet' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableBlockAtFirstSeen' ValueData = 0 } } - + if ($SpynetReporting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SpynetReporting' { - Key = '\Software\Policies\Microsoft\Windows Defender\Spynet' + Key = 'Software\Policies\Microsoft\Windows Defender\Spynet' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SpynetReporting' ValueData = 2 } } - + if ($SubmitSamplesConsent) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent' { - Key = '\Software\Policies\Microsoft\Windows Defender\Spynet' + Key = 'Software\Policies\Microsoft\Windows Defender\Spynet' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SubmitSamplesConsent' ValueData = 1 } } - + if ($ThreatsThreatSeverityDefaultAction) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\Threats_ThreatSeverityDefaultAction' { - Key = '\Software\Policies\Microsoft\Windows Defender\Threats' + Key = 'Software\Policies\Microsoft\Windows Defender\Threats' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Threats_ThreatSeverityDefaultAction' @@ -165,62 +165,62 @@ configuration DoD_Microsoft_Defender_Antivirus_STIG_v2r4 if ($ThreatSeverityDefaultAction5) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\5' { - Key = '\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' + Key = 'Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '5' ValueData = '2' } } - + if ($ThreatSeverityDefaultAction4) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\4' { - Key = '\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' + Key = 'Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '4' ValueData = '2' } } - + if ($ThreatSeverityDefaultAction2) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\2' { - Key = '\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' + Key = 'Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '2' ValueData = '2' } } - + if ($ThreatSeverityDefaultAction1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\1' { - Key = '\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' + Key = 'Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1' ValueData = '2' } } - + if ($ExploitGuardASRRules) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ExploitGuard_ASR_Rules' { - Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR' + Key = 'Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ExploitGuard_ASR_Rules' ValueData = 1 } } - + if ($ExploitGuardASRRuleBE9BA2D9) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550' { - Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + Key = 'Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550' @@ -231,51 +231,51 @@ configuration DoD_Microsoft_Defender_Antivirus_STIG_v2r4 if ($ASRRuleD4F940AB) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A' { - Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + Key = 'Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'D4F940AB-401B-4EFC-AADC-AD5F3C50688A' ValueData = '1' } } - + if ($ASRRule3B576869) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899' { - Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + Key = 'Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '3B576869-A4EC-4529-8536-B80A7769E899' ValueData = '1' } } - + if ($ASRRule75668C1F) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84' { - Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + Key = 'Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84' ValueData = '1' } } - + if ($ASRRuleD3E037E1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D' { - Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + Key = 'Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'D3E037E1-3EB8-44C8-A917-57927947596D' ValueData = '1' } } - + if ($ASRRule5BEB7EFE) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC' { - Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + Key = 'Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '5BEB7EFE-FD9A-4556-801D-275E5FFC04CC' @@ -286,18 +286,18 @@ configuration DoD_Microsoft_Defender_Antivirus_STIG_v2r4 if ($ASRRule92E97FA1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B' { - Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' + Key = 'Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B' ValueData = '1' } } - + if ($EnableNetworkProtection) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection\EnableNetworkProtection' { - Key = '\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection' + Key = 'Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableNetworkProtection' @@ -305,4 +305,3 @@ configuration DoD_Microsoft_Defender_Antivirus_STIG_v2r4 } } } - diff --git a/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.schema.psm1 b/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.schema.psm1 index 35a81b7..f24f34b 100644 --- a/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.schema.psm1 +++ b/DSCResources/DoD_Microsoft_Edge_v2r2/DoD_Microsoft_Edge_v2r2.schema.psm1 @@ -70,62 +70,62 @@ configuration DoD_Microsoft_Edge_v2r2 if ($SyncDisabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SyncDisabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SyncDisabled' ValueData = 1 } } - + if ($ImportBrowserSettings) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportBrowserSettings' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportBrowserSettings' ValueData = 0 } } - + if ($DeveloperToolsAvailability) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DeveloperToolsAvailability' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DeveloperToolsAvailability' ValueData = 2 } } - + if ($PromptForDownloadLocation) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PromptForDownloadLocation' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PromptForDownloadLocation' ValueData = 1 } } - + if ($PreventSmartScreenPromptOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PreventSmartScreenPromptOverride' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventSmartScreenPromptOverride' ValueData = 1 } } - + if ($PreventSmartScreenPromptOverrideForFiles) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PreventSmartScreenPromptOverrideForFiles' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventSmartScreenPromptOverrideForFiles' @@ -135,40 +135,40 @@ configuration DoD_Microsoft_Edge_v2r2 if ($InPrivateModeAvailability) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\InPrivateModeAvailability' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'InPrivateModeAvailability' ValueData = 1 } } - + if ($AllowDeletingBrowserHistory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AllowDeletingBrowserHistory' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDeletingBrowserHistory' ValueData = 0 } } - + if ($BackgroundModeEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\BackgroundModeEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'BackgroundModeEnabled' ValueData = 0 } } - + if ($DefaultPopupsSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultPopupsSetting' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultPopupsSetting' @@ -179,51 +179,51 @@ configuration DoD_Microsoft_Edge_v2r2 if ($NetworkPredictionOptions) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\NetworkPredictionOptions' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NetworkPredictionOptions' ValueData = 2 } } - + if ($SearchSuggestEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SearchSuggestEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SearchSuggestEnabled' ValueData = 0 } } - + if ($ImportAutofillFormData) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportAutofillFormData' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportAutofillFormData' ValueData = 0 } } - + if ($ImportCookies) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportCookies' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportCookies' ValueData = 0 } } - + if ($ImportExtensions) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportExtensions' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportExtensions' @@ -234,51 +234,51 @@ configuration DoD_Microsoft_Edge_v2r2 if ($ImportHistory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportHistory' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportHistory' ValueData = 0 } } - + if ($ImportHomepage) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportHomepage' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportHomepage' ValueData = 0 } } - + if ($ImportOpenTabs) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportOpenTabs' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportOpenTabs' ValueData = 0 } } - + if ($ImportPaymentInfo) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportPaymentInfo' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportPaymentInfo' ValueData = 0 } } - + if ($ImportSavedPasswords) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportSavedPasswords' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportSavedPasswords' @@ -289,40 +289,40 @@ configuration DoD_Microsoft_Edge_v2r2 if ($ImportSearchEngine) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportSearchEngine' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportSearchEngine' ValueData = 0 } } - + if ($ImportShortcuts) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ImportShortcuts' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportShortcuts' ValueData = 0 } } - + if ($AutoplayAllowed) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutoplayAllowed' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AutoplayAllowed' ValueData = 0 } } - + if ($EnableMediaRouter) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\EnableMediaRouter' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableMediaRouter' @@ -332,51 +332,51 @@ configuration DoD_Microsoft_Edge_v2r2 if ($AutofillCreditCardEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutofillCreditCardEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AutofillCreditCardEnabled' ValueData = 0 } } - + if ($AutofillAddressEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutofillAddressEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AutofillAddressEnabled' ValueData = 0 } } - + if ($PersonalizationReportingEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PersonalizationReportingEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PersonalizationReportingEnabled' ValueData = 0 } } - + if ($DefaultGeolocationSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultGeolocationSetting' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultGeolocationSetting' ValueData = 2 } } - + if ($PasswordManagerEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PasswordManagerEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordManagerEnabled' @@ -387,51 +387,51 @@ configuration DoD_Microsoft_Edge_v2r2 if ($IsolateOrigins) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\IsolateOrigins' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'IsolateOrigins' ValueData = $null } } - + if ($SmartScreenEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SmartScreenEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SmartScreenEnabled' ValueData = 1 } } - + if ($SmartScreenPuaEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SmartScreenPuaEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SmartScreenPuaEnabled' ValueData = 1 } } - + if ($PaymentMethodQueryEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PaymentMethodQueryEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PaymentMethodQueryEnabled' ValueData = 0 } } - + if ($AlternateErrorPagesEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AlternateErrorPagesEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AlternateErrorPagesEnabled' @@ -442,51 +442,51 @@ configuration DoD_Microsoft_Edge_v2r2 if ($UserFeedbackAllowed) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\UserFeedbackAllowed' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UserFeedbackAllowed' ValueData = 0 } } - + if ($EdgeCollectionsEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\EdgeCollectionsEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EdgeCollectionsEnabled' ValueData = 0 } } - + if ($ConfigureShare) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ConfigureShare' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ConfigureShare' ValueData = 1 } } - + if ($BrowserGuestModeEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\BrowserGuestModeEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'BrowserGuestModeEnabled' ValueData = 0 } } - + if ($BuiltInDnsClientEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\BuiltInDnsClientEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'BuiltInDnsClientEnabled' @@ -496,51 +496,51 @@ configuration DoD_Microsoft_Edge_v2r2 if ($SitePerProcess) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SitePerProcess' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SitePerProcess' ValueData = 1 } } - + if ($ManagedSearchEngines) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ManagedSearchEngines' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'ManagedSearchEngines' ValueData = '[{"allow_search_engine_discovery": false},{"is_default": true,"name": "Microsoft Bing","keyword": "bing","search_url": "https://www.bing.com/search?q={searchTerms}"},{"name": "Google","keyword": "google","search_url": "https://www.google.com/search?q={searchTerms}"}]' } } - + if ($AuthSchemes) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AuthSchemes' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'AuthSchemes' ValueData = 'ntlm,negotiate' } } - + if ($DefaultWebUsbGuardSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultWebUsbGuardSetting' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultWebUsbGuardSetting' ValueData = 2 } } - + if ($DefaultWebBluetoothGuardSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultWebBluetoothGuardSetting' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultWebBluetoothGuardSetting' @@ -551,40 +551,40 @@ configuration DoD_Microsoft_Edge_v2r2 if ($TrackingPrevention) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\TrackingPrevention' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'TrackingPrevention' ValueData = 2 } } - + if ($RelaunchNotification) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\RelaunchNotification' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RelaunchNotification' ValueData = 2 } } - + if ($ProxySettings) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ProxySettings' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'ProxySettings' ValueData = 'ADD YOUR PROXY CONFIGURATIONS HERE' } } - + if ($EnableOnlineRevocationChecks) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\EnableOnlineRevocationChecks' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableOnlineRevocationChecks' @@ -595,62 +595,62 @@ configuration DoD_Microsoft_Edge_v2r2 if ($QuicAllowed) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\QuicAllowed' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'QuicAllowed' ValueData = 0 } } - + if ($DownloadRestrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DownloadRestrictions' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DownloadRestrictions' ValueData = 1 } } - + if ($VisualSearchEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\VisualSearchEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'VisualSearchEnabled' ValueData = 0 } } - + if ($HubsSidebarEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\HubsSidebarEnabled' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HubsSidebarEnabled' ValueData = 0 } } - + if ($DefaultCookiesSetting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\DefaultCookiesSetting' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultCookiesSetting' ValueData = 4 } } - + if ($ConfigureFriendlyURLFormat) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ConfigureFriendlyURLFormat' { - Key = '\Software\Policies\Microsoft\Edge' + Key = 'Software\Policies\Microsoft\Edge' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ConfigureFriendlyURLFormat' @@ -661,51 +661,51 @@ configuration DoD_Microsoft_Edge_v2r2 if ($AutoplayAllowlist1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutoplayAllowlist\1' { - Key = '\Software\Policies\Microsoft\Edge\AutoplayAllowlist' + Key = 'Software\Policies\Microsoft\Edge\AutoplayAllowlist' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1' ValueData = '[*.]gov' } } - + if ($AutoplayAllowlist2) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\AutoplayAllowlist\2' { - Key = '\Software\Policies\Microsoft\Edge\AutoplayAllowlist' + Key = 'Software\Policies\Microsoft\Edge\AutoplayAllowlist' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '2' ValueData = '[*.]mil' } } - + if ($ExtensionInstallBlocklist1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\ExtensionInstallBlocklist\1' { - Key = '\Software\Policies\Microsoft\Edge\ExtensionInstallBlocklist' + Key = 'Software\Policies\Microsoft\Edge\ExtensionInstallBlocklist' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1' ValueData = '*' } } - + if ($PopupsAllowedForUrls1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PopupsAllowedForUrls\1' { - Key = '\Software\Policies\Microsoft\Edge\PopupsAllowedForUrls' + Key = 'Software\Policies\Microsoft\Edge\PopupsAllowedForUrls' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1' ValueData = '[*.]mil' } } - + if ($PopupsAllowedForUrls2) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\PopupsAllowedForUrls\2' { - Key = '\Software\Policies\Microsoft\Edge\PopupsAllowedForUrls' + Key = 'Software\Policies\Microsoft\Edge\PopupsAllowedForUrls' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '2' @@ -713,4 +713,3 @@ configuration DoD_Microsoft_Edge_v2r2 } } } - diff --git a/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.schema.psm1 b/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.schema.psm1 index 2398b94..014feb7 100644 --- a/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.schema.psm1 +++ b/DSCResources/DoD_Mozilla_Firefox_v6r5/DoD_Mozilla_Firefox_v6r5.schema.psm1 @@ -56,62 +56,62 @@ configuration DoD_Mozilla_Firefox_v6r5 if ($SSLVersionMin) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SSLVersionMin' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'SSLVersionMin' ValueData = 'tls1.2' } } - + if ($ExtensionUpdate) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\ExtensionUpdate' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ExtensionUpdate' ValueData = 0 } } - + if ($DisableFormHistory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableFormHistory' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableFormHistory' ValueData = 1 } } - + if ($PasswordManagerEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PasswordManagerEnabled' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordManagerEnabled' ValueData = 0 } } - + if ($DisableTelemetry) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableTelemetry' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableTelemetry' ValueData = 1 } } - + if ($DisableDeveloperTools) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableDeveloperTools' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableDeveloperTools' @@ -122,51 +122,51 @@ configuration DoD_Mozilla_Firefox_v6r5 if ($DisableForgetButton) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableForgetButton' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableForgetButton' ValueData = 1 } } - + if ($DisablePrivateBrowsing) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePrivateBrowsing' ValueData = 1 } } - + if ($SearchSuggestEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SearchSuggestEnabled' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SearchSuggestEnabled' ValueData = 0 } } - + if ($NetworkPrediction) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\NetworkPrediction' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NetworkPrediction' ValueData = 0 } } - + if ($DisableFirefoxAccounts) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableFirefoxAccounts' @@ -176,62 +176,62 @@ configuration DoD_Mozilla_Firefox_v6r5 if ($DisableFeedbackCommands) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableFeedbackCommands' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableFeedbackCommands' ValueData = 1 } } - + if ($Preferences) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\Preferences' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'MultiString' TargetType = 'ComputerConfiguration' ValueName = 'Preferences' ValueData = '{"security.default_personal_cert": {"Value": "Ask Every Time","Status": "locked"},"browser.search.update": {"Value": false,"Status": "locked"},"dom.disable_window_move_resize": {"Value": true,"Status": "locked"},"dom.disable_window_flip": {"Value": true,"Status": "locked"},"browser.contentblocking.category": {"Value": "strict","Status": "locked"},"extensions.htmlaboutaddons.recommendations.enabled": {"Value": false,"Status": "locked"}}' } } - + if ($DisablePocket) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisablePocket' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePocket' ValueData = 1 } } - + if ($DisableFirefoxStudies) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisableFirefoxStudies' { - Key = '\Software\Policies\Mozilla\Firefox' + Key = 'Software\Policies\Mozilla\Firefox' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableFirefoxStudies' ValueData = 1 } } - + if ($ImportEnterpriseRoots) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots' { - Key = '\Software\Policies\Mozilla\Firefox\Certificates' + Key = 'Software\Policies\Mozilla\Firefox\Certificates' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ImportEnterpriseRoots' ValueData = 1 } } - + if ($DisabledCiphersTLS_RSA_WITH_3DES_EDE_CBC_SHA) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA' { - Key = '\Software\Policies\Mozilla\Firefox\DisabledCiphers' + Key = 'Software\Policies\Mozilla\Firefox\DisabledCiphers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' @@ -242,51 +242,51 @@ configuration DoD_Mozilla_Firefox_v6r5 if ($EnableTrackingProtectionFingerprinting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting' { - Key = '\Software\Policies\Mozilla\Firefox\EnableTrackingProtection' + Key = 'Software\Policies\Mozilla\Firefox\EnableTrackingProtection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Fingerprinting' ValueData = 1 } } - + if ($EnableTrackingProtectionCryptomining) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining' { - Key = '\Software\Policies\Mozilla\Firefox\EnableTrackingProtection' + Key = 'Software\Policies\Mozilla\Firefox\EnableTrackingProtection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Cryptomining' ValueData = 1 } } - + if ($EncryptedMediaExtensionsEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled' { - Key = '\Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions' + Key = 'Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Enabled' ValueData = 0 } } - + if ($EncryptedMediaExtensionsLocked) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked' { - Key = '\Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions' + Key = 'Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Locked' ValueData = 1 } } - + if ($FirefoxHomeSearch) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\FirefoxHome\Search' { - Key = '\Software\Policies\Mozilla\Firefox\FirefoxHome' + Key = 'Software\Policies\Mozilla\Firefox\FirefoxHome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Search' @@ -297,51 +297,51 @@ configuration DoD_Mozilla_Firefox_v6r5 if ($Snippets) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets' { - Key = '\Software\Policies\Mozilla\Firefox\FirefoxHome' + Key = 'Software\Policies\Mozilla\Firefox\FirefoxHome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Snippets' ValueData = 0 } } - + if ($Locked) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\FirefoxHome\Locked' { - Key = '\Software\Policies\Mozilla\Firefox\FirefoxHome' + Key = 'Software\Policies\Mozilla\Firefox\FirefoxHome' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Locked' ValueData = 1 } } - + if ($InstallAddonsPermissionDefault) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default' { - Key = '\Software\Policies\Mozilla\Firefox\InstallAddonsPermission' + Key = 'Software\Policies\Mozilla\Firefox\InstallAddonsPermission' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Default' ValueData = 0 } } - + if ($PermissionsAutoplayDefault) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default' { - Key = '\Software\Policies\Mozilla\Firefox\Permissions\Autoplay' + Key = 'Software\Policies\Mozilla\Firefox\Permissions\Autoplay' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'Default' ValueData = 'block-audio-video' } } - + if ($PopupBlockingDefault) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PopupBlocking\Default' { - Key = '\Software\Policies\Mozilla\Firefox\PopupBlocking' + Key = 'Software\Policies\Mozilla\Firefox\PopupBlocking' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Default' @@ -352,145 +352,144 @@ configuration DoD_Mozilla_Firefox_v6r5 if ($PopupBlockingLocked) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PopupBlocking\Locked' { - Key = '\Software\Policies\Mozilla\Firefox\PopupBlocking' + Key = 'Software\Policies\Mozilla\Firefox\PopupBlocking' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Locked' ValueData = 1 } } - + if ($PopupBlockingAllow1) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1' { - Key = '\Software\Policies\Mozilla\Firefox\PopupBlocking\Allow' + Key = 'Software\Policies\Mozilla\Firefox\PopupBlocking\Allow' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1' ValueData = '.mil' } } - + if ($PopupBlockingAllow2) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2' { - Key = '\Software\Policies\Mozilla\Firefox\PopupBlocking\Allow' + Key = 'Software\Policies\Mozilla\Firefox\PopupBlocking\Allow' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '2' ValueData = '.gov' } } - + if ($SanitizeOnShutdownCache) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache' { - Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' + Key = 'Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Cache' ValueData = 0 } } - + if ($SanitizeOnShutdownCookies) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies' { - Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' + Key = 'Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Cookies' ValueData = 0 } } - + if ($SanitizeOnShutdownDownloads) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads' { - Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' + Key = 'Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Downloads' ValueData = 0 } } - + if ($SanitizeOnShutdownFormData) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData' { - Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' + Key = 'Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'FormData' ValueData = 0 } } - + if ($SanitizeOnShutdownHistory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History' { - Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' + Key = 'Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'History' ValueData = 0 } } - + if ($SanitizeOnShutdownSessions) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions' { - Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' + Key = 'Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Sessions' ValueData = 0 } } - + if ($SanitizeOnShutdownSiteSettings) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings' { - Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' + Key = 'Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SiteSettings' ValueData = 0 } } - + if ($SanitizeOnShutdownOfflineApps) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps' { - Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' + Key = 'Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'OfflineApps' ValueData = 0 } } - + if ($SanitizeOnShutdownLocked) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked' { - Key = '\Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' + Key = 'Software\Policies\Mozilla\Firefox\SanitizeOnShutdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Locked' ValueData = 1 } } - + if ($ExtensionRecommendations) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations' { - Key = '\Software\Policies\Mozilla\Firefox\UserMessaging' + Key = 'Software\Policies\Mozilla\Firefox\UserMessaging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ExtensionRecommendations' ValueData = 0 } } - -} +} diff --git a/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.schema.psm1 b/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.schema.psm1 index 3848d42..42ed0eb 100644 --- a/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.schema.psm1 +++ b/DSCResources/DoD_Office_2019-M365_Apps_v3r1/DoD_Office_2019-M365_Apps_v3r1.schema.psm1 @@ -205,99 +205,99 @@ configuration DoD_Office_2019-M365_Apps_v3r1 Import-DSCResource -ModuleName 'AuditPolicyDSC' Import-DSCResource -ModuleName 'SecurityPolicyDSC' - + if ($FeatureAddonManagementGroove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureAddonManagementExcel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureAddonManagementMspub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureAddonManagementPowerPnt) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureAddonManagementPptView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureAddonManagementVisio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureAddonManagementWinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureAddonManagementWinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureAddonManagementOutlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' @@ -308,62 +308,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureAddonManagementSPDesignExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureAddonManagementExprwdExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureAddonManagementMsAccessExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureAddonManagementOneNoteExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureAddonManagementMse7Exe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisableGrooveExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' @@ -374,51 +374,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureHttpUsernamePasswordDisableExcelExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisableMsPubExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisablePowerPntExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisablePptViewExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisableVisioExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' @@ -429,51 +429,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureHttpUsernamePasswordDisableWinProjExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisableWinWordExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisableOutlookExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisableSPDesignExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisableExprWdExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' @@ -484,40 +484,40 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureHttpUsernamePasswordDisableMsAccessExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisableOneNoteExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureHttpUsernamePasswordDisableMse7Exe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownGrooveExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' @@ -528,40 +528,40 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureLocalMachineLockdownExcelExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownMsPubExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownPowerPntExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownPptViewExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' @@ -571,62 +571,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureLocalMachineLockdownVisioExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownWinProjExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownWinWordExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownOutlookExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownSPDesignExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownExprWdExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' @@ -637,51 +637,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureLocalMachineLockdownMsAccessExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownOneNoteExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureLocalMachineLockdownMse7Exe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingGrooveExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingExcelExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' @@ -692,51 +692,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureMimeHandlingMsPubExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingPowerPntExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingPptViewExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingVisioExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingWinProjExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' @@ -747,62 +747,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureMimeHandlingWinWordExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingOutlookExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingSPDesignExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingExprWdExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingMsAccessExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureMimeHandlingOneNoteExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' @@ -813,51 +813,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureMimeHandlingMse7Exe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingGrooveExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingExcelExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingMsPubExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingPowerPntExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' @@ -868,62 +868,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureMimeSniffingPptViewExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingVisioExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingWinProjExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingWinWordExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingOutlookExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingSPDesignExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' @@ -934,62 +934,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureMimeSniffingExprWdExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingMsAccessExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingOneNoteExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureMimeSniffingMse7Exe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureObjectCachingGrooveExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureObjectCachingExcelExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' @@ -1000,73 +1000,73 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureObjectCachingMsPubExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureObjectCachingPowerPntExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureObjectCachingPptViewExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureObjectCachingVisioExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureObjectCachingWinProjExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureObjectCachingWinWordExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureObjectCachingOutlookExe) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' @@ -1077,62 +1077,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_spdesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureControl_msaccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_object_caching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureControl_groove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' @@ -1143,51 +1143,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' @@ -1198,62 +1198,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_winproj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureControl_msaccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' @@ -1264,62 +1264,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_onenote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureControl_groove_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' @@ -1330,62 +1330,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_pptview_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' @@ -1396,62 +1396,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_exprwd_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureControl_msaccess_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_download) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureControl_groove_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' @@ -1462,51 +1462,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_mspub_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' @@ -1517,51 +1517,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_winword_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureControl_msaccess_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' @@ -1572,51 +1572,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_onenote_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_security) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_securityband\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_securityband' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_securityband' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureControl_groove_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' @@ -1627,62 +1627,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_powerpnt_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' @@ -1693,51 +1693,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_spdesign_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureControl_msaccess_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_unc_check) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' @@ -1748,51 +1748,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_groove_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' @@ -1803,51 +1803,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_visio_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' @@ -1858,51 +1858,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_exprwd_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureControl_msaccess_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_validate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureControl_groove_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' @@ -1913,51 +1913,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_excel_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' @@ -1968,51 +1968,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_winproj_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' @@ -2023,51 +2023,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_msaccess_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_window_restriction) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureControl_groove_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' @@ -2078,51 +2078,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_mspub_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' @@ -2133,62 +2133,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_winword_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 1 } } - + if ($FeatureControl_msaccess_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' @@ -2199,62 +2199,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_mse7_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 1 } } - + if ($FeatureControl_D27CDB6E_ActivationFilterOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride' { - Key = '\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' + Key = 'software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ActivationFilterOverride' ValueData = 0 } } - + if ($FeatureControl_D27CDB6E_CompatibilityFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags' { - Key = '\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' + Key = 'software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Compatibility Flags' ValueData = 1024 } } - + if ($FeatureControl_D27CDB70_ActivationFilterOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride' { - Key = '\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' + Key = 'software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ActivationFilterOverride' ValueData = 0 } } - + if ($FeatureControl_D27CDB70_CompatibilityFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\Compatibility Flags' { - Key = '\software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' + Key = 'software\microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Compatibility Flags' ValueData = 1024 } } - + if ($FeatureControl_Comment) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\Comment' { - Key = '\software\microsoft\Office\Common\COM Compatibility' + Key = 'software\microsoft\Office\Common\COM Compatibility' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'Comment' @@ -2265,62 +2265,62 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($FeatureControl_D27CDB6E_Office_ActivationFilterOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride' { - Key = '\software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' + Key = 'software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ActivationFilterOverride' ValueData = 0 } } - + if ($FeatureControl_D27CDB6E_Office_CompatibilityFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags' { - Key = '\software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' + Key = 'software\microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Compatibility Flags' ValueData = 1024 } } - + if ($FeatureControl_D27CDB70_Office_ActivationFilterOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride' { - Key = '\software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' + Key = 'software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ActivationFilterOverride' ValueData = 0 } } - + if ($FeatureControl_D27CDB70_Office_CompatibilityFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\Compatibility Flags' { - Key = '\software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' + Key = 'software\microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Compatibility Flags' ValueData = 1024 } } - + if ($FeatureControl_EnableSipHighSecurityMode) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\enablesiphighsecuritymode' { - Key = '\software\policies\microsoft\office\16.0\lync' + Key = 'software\policies\microsoft\office\16.0\lync' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'enablesiphighsecuritymode' ValueData = 1 } } - + if ($FeatureControl_DisableHttpConnect) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\disablehttpconnect' { - Key = '\software\policies\microsoft\office\16.0\lync' + Key = 'software\policies\microsoft\office\16.0\lync' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'disablehttpconnect' @@ -2331,51 +2331,51 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($WOW6432Node_D27CDB6E_16_ActivationFilterOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride' { - Key = '\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' + Key = 'software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ActivationFilterOverride' ValueData = 0 } } - + if ($WOW6432Node_D27CDB6E_16_CompatibilityFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags' { - Key = '\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' + Key = 'software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Compatibility Flags' ValueData = 1024 } } - + if ($WOW6432Node_D27CDB70_16_ActivationFilterOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride' { - Key = '\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' + Key = 'software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ActivationFilterOverride' ValueData = 0 } } - + if ($WOW6432Node_D27CDB70_16_CompatibilityFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\Compatibility Flags' { - Key = '\software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' + Key = 'software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Compatibility Flags' ValueData = 1024 } } - + if ($WOW6432Node_D27CDB6E_Common_ActivationFilterOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride' { - Key = '\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' + Key = 'software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ActivationFilterOverride' @@ -2386,29 +2386,29 @@ configuration DoD_Office_2019-M365_Apps_v3r1 if ($WOW6432Node_D27CDB6E_Common_CompatibilityFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags' { - Key = '\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' + Key = 'software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Compatibility Flags' ValueData = 1024 } } - + if ($WOW6432Node_D27CDB70_Common_ActivationFilterOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\ActivationFilterOverride' { - Key = '\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' + Key = 'software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ActivationFilterOverride' ValueData = 0 } } - + if ($WOW6432Node_D27CDB70_Common_CompatibilityFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}\Compatibility Flags' { - Key = '\software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' + Key = 'software\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Compatibility Flags' @@ -2416,4 +2416,3 @@ configuration DoD_Office_2019-M365_Apps_v3r1 } } } - diff --git a/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.schema.psm1 b/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.schema.psm1 index 91c4b49..efb2faf 100644 --- a/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.schema.psm1 +++ b/DSCResources/DoD_Office_System_2013_and_Components/DoD_Office_System_2013_and_Components.schema.psm1 @@ -156,73 +156,73 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_aptca_allowlist) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\infopath\security\aptca_allowlist' { - Key = '\software\policies\microsoft\office\15.0\infopath\security' + Key = 'software\policies\microsoft\office\15.0\infopath\security' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'aptca_allowlist' ValueData = 1 } } - + if ($FeatureControl_groove_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' @@ -233,62 +233,62 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_winproj_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' @@ -299,51 +299,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_onenote_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_addon_management) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($FeatureControl_groove_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' @@ -354,62 +354,62 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_powerpnt_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' @@ -420,51 +420,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_spdesign_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_http_username_password_disable) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' @@ -475,62 +475,62 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_winproj_restrict_activexinstall) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_restrict_activexinstall) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_restrict_activexinstall) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_restrict_activexinstall) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_restrict_activexinstall) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_restrict_activexinstall) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' @@ -541,51 +541,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_onenote_restrict_activexinstall) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_restrict_activexinstall) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($FeatureControl_groove_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' @@ -596,51 +596,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_powerpnt_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' @@ -651,51 +651,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_outlook_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' @@ -706,51 +706,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_mse7_restrict_filedownload) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($FeatureControl_groove_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' @@ -761,51 +761,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_pptview_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' @@ -816,51 +816,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_spdesign_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' @@ -871,51 +871,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_groove_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' @@ -926,40 +926,40 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_visio_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' @@ -970,73 +970,73 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_spdesign_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_unc_savedfilecheck) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($FeatureControl_groove_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' @@ -1047,51 +1047,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_mspub_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' @@ -1102,51 +1102,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_winword_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' @@ -1157,62 +1157,62 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_onenote_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_validate_navigate_url) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($FeatureControl_groove_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' @@ -1223,62 +1223,62 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_pptview_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' @@ -1289,73 +1289,73 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_exprwd_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_weboc_popupmanagement) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($FeatureControl_groove_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' @@ -1366,62 +1366,62 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_powerpnt_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($FeatureControl_outlook_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' @@ -1432,73 +1432,73 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_spdesign_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_window_restrictions) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($FeatureControl_groove_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' @@ -1509,62 +1509,62 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_mspub_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($FeatureControl_powerpnt_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($FeatureControl_pptview_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($FeatureControl_visio_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($FeatureControl_winproj_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($FeatureControl_winword_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' @@ -1575,62 +1575,62 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_outlook_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ($FeatureControl_spdesign_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 1 } } - + if ($FeatureControl_exprwd_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($FeatureControl_msaccess_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($FeatureControl_onenote_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ($FeatureControl_mse7_zone_elevation) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' @@ -1641,51 +1641,51 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_enableautomaticupdates) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\common\officeupdate\enableautomaticupdates' { - Key = '\software\policies\microsoft\office\15.0\common\officeupdate' + Key = 'software\policies\microsoft\office\15.0\common\officeupdate' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'enableautomaticupdates' ValueData = 1 } } - + if ($FeatureControl_hideenabledisableupdates) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\common\officeupdate\hideenabledisableupdates' { - Key = '\software\policies\microsoft\office\15.0\common\officeupdate' + Key = 'software\policies\microsoft\office\15.0\common\officeupdate' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'hideenabledisableupdates' ValueData = 1 } } - + if ($FeatureControl_groove_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\groove.exe' { - Key = '\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($FeatureControl_excel_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\excel.exe' { - Key = '\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($FeatureControl_mspub_safe_bindtoobject) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mspub.exe' { - Key = '\software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' @@ -1696,94 +1696,35 @@ configuration DoD_Office_System_2013_and_Components if ($FeatureControl_savepassword) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\lync\savepassword' { - Key = '\software\policies\microsoft\office\15.0\lync' + Key = 'software\policies\microsoft\office\15.0\lync' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'savepassword' ValueData = 0 } } - + if ($FeatureControl_enablesiphighsecuritymode) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\lync\enablesiphighsecuritymode' { - Key = '\software\policies\microsoft\office\15.0\lync' + Key = 'software\policies\microsoft\office\15.0\lync' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'enablesiphighsecuritymode' ValueData = 1 } } - + if ($FeatureControl_disablehttpconnect) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\15.0\lync\disablehttpconnect' { - Key = '\software\policies\microsoft\office\15.0\lync' + Key = 'software\policies\microsoft\office\15.0\lync' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'disablehttpconnect' ValueData = 1 } } - - if ($FeatureControl_outlooksecuretempfolder_delete) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\15.0\outlook\security\outlooksecuretempfolder' - { - Key = 'HKCU:\software\policies\microsoft\office\15.0\outlook\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'outlooksecuretempfolder' - ValueData = '' - } - } - if ($FeatureControl_fileextensionsremovelevel1_delete) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\15.0\outlook\security\fileextensionsremovelevel1' - { - Key = 'HKCU:\software\policies\microsoft\office\15.0\outlook\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'fileextensionsremovelevel1' - ValueData = '' - } - } - - if ($FeatureControl_fileextensionsremovelevel2_delete) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\15.0\outlook\security\fileextensionsremovelevel2' - { - Key = 'HKCU:\software\policies\microsoft\office\15.0\outlook\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'fileextensionsremovelevel2' - ValueData = '' - } - } - - if ($FeatureControl_loadcontrolsinforms_delete) { - RegistryPolicyFile 'DEL_CU:\keycupoliciesmsvbasecurity\loadcontrolsinforms' - { - Key = 'HKCU:\keycupoliciesmsvbasecurity' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'loadcontrolsinforms' - ValueData = '' - } - } - - if ($FeatureControl_uficontrols_delete) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\common\security\uficontrols' - { - Key = 'HKCU:\software\policies\microsoft\office\common\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'uficontrols' - ValueData = '' - } - } -} +} diff --git a/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.schema.psm1 b/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.schema.psm1 index 6cf9edd..893c117 100644 --- a/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.schema.psm1 +++ b/DSCResources/DoD_Office_System_2016_and_Components/DoD_Office_System_2016_and_Components.schema.psm1 @@ -166,146 +166,64 @@ configuration DoD_Office_System_2016_and_Components if ($OneDrive_AllowTenantList_1111) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\OneDrive\AllowTenantList\1111-2222-3333-4444' { - Key = '\Software\Policies\Microsoft\OneDrive\AllowTenantList' + Key = 'Software\Policies\Microsoft\OneDrive\AllowTenantList' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '1111-2222-3333-4444' ValueData = '1111-2222-3333-4444' } } - - if ( $Excel_EncryptedMacroScan) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\excel\security\excelbypassencryptedmacroscan' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\excel\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'excelbypassencryptedmacroscan' - ValueData = '' - } - } - - if ( $Excel_WebServiceFunctionWarnings) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\excel\security\webservicefunctionwarnings' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\excel\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'webservicefunctionwarnings' - ValueData = '' - } - } - - if ( $Excel_OpenInProtectedView) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\excel\security\filevalidation\openinprotectedview' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\excel\security\filevalidation' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'openinprotectedview' - ValueData = '' - } - } - - if ( $Outlook_FileExtensionsRemoveLevel1) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\outlook\security\fileextensionsremovelevel1' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\outlook\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'fileextensionsremovelevel1' - ValueData = '' - } - } - - if ( $Outlook_FileExtensionsRemoveLevel2) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\outlook\security\fileextensionsremovelevel2' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\outlook\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'fileextensionsremovelevel2' - ValueData = '' - } - } - if ( $KeyCU_LoadControlsInForms) { - RegistryPolicyFile 'DEL_CU:\keycupoliciesmsvbasecurity\loadcontrolsinforms' - { - Key = 'HKCU:\keycupoliciesmsvbasecurity' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'loadcontrolsinforms' - ValueData = '' - } - } - - if ( $KeyCU_UFIControls) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\common\security\uficontrols' - { - Key = 'HKCU:\software\policies\microsoft\office\common\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'uficontrols' - ValueData = '' - } - } - + + if ($IE_AddOnManagement_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_AddOnManagement_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_AddOnManagement_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_AddOnManagement_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($IE_AddOnManagement_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' @@ -316,84 +234,84 @@ configuration DoD_Office_System_2016_and_Components if ($IE_AddOnManagement_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($IE_AddOnManagement_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($IE_AddOnManagement_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($IE_AddOnManagement_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_AddOnManagement_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 0 } } - + if ( $IE_AddOnManagement_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_AddOnManagement_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($IE_AddOnManagement_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' @@ -404,62 +322,62 @@ configuration DoD_Office_System_2016_and_Components if ( $IE_AddOnManagement_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_addon_management' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($IE_HTTPUsernamePasswordDisable_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_HTTPUsernamePasswordDisable_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_HTTPUsernamePasswordDisable_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_HTTPUsernamePasswordDisable_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($IE_HTTPUsernamePasswordDisable_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' @@ -470,73 +388,73 @@ configuration DoD_Office_System_2016_and_Components if ($IE_HTTPUsernamePasswordDisable_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($IE_HTTPUsernamePasswordDisable_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($IE_HTTPUsernamePasswordDisable_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($IE_HTTPUsernamePasswordDisable_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_HTTPUsernamePasswordDisable_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 0 } } - + if ( $IE_HTTPUsernamePasswordDisable_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_HTTPUsernamePasswordDisable_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' @@ -547,84 +465,84 @@ configuration DoD_Office_System_2016_and_Components if ($IE_HTTPUsernamePasswordDisable_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ( $IE_HTTPUsernamePasswordDisable_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($IE_RestrictActiveXInstall_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_RestrictActiveXInstall_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_RestrictActiveXInstall_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_RestrictActiveXInstall_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($IE_RestrictActiveXInstall_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($IE_RestrictActiveXInstall_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' @@ -636,62 +554,62 @@ configuration DoD_Office_System_2016_and_Components if ($IE_RestrictActiveXInstall_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($IE_RestrictActiveXInstall_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($IE_RestrictActiveXInstall_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_RestrictActiveXInstall_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 0 } } - + if ( $IE_RestrictActiveXInstall_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_RestrictActiveXInstall_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' @@ -702,62 +620,62 @@ configuration DoD_Office_System_2016_and_Components if ($IE_RestrictActiveXInstall_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ( $IE_RestrictActiveXInstall_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($IE_RestrictFileDownload_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_RestrictFileDownload_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_RestrictFileDownload_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_RestrictFileDownload_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' @@ -768,62 +686,62 @@ configuration DoD_Office_System_2016_and_Components if ($IE_RestrictFileDownload_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($IE_RestrictFileDownload_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($IE_RestrictFileDownload_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($IE_RestrictFileDownload_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($IE_RestrictFileDownload_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_RestrictFileDownload_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' @@ -834,62 +752,62 @@ configuration DoD_Office_System_2016_and_Components if ( $IE_RestrictFileDownload_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_RestrictFileDownload_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($IE_RestrictFileDownload_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ( $IE_RestrictFileDownload_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($IE_SafeBindToObject_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' @@ -900,62 +818,62 @@ configuration DoD_Office_System_2016_and_Components if ($IE_SafeBindToObject_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' @@ -966,73 +884,73 @@ configuration DoD_Office_System_2016_and_Components if ($IE_SafeBindToObject_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_SafeBindToObject_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 0 } } - + if ( $IE_SafeBindToObject_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_SafeBindToObject_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ( $IE_SafeBindToObject_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($IE_UNCSavedFileCheck_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' @@ -1043,73 +961,73 @@ configuration DoD_Office_System_2016_and_Components if ($IE_UNCSavedFileCheck_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_UNCSavedFileCheck_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_UNCSavedFileCheck_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($IE_UNCSavedFileCheck_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($IE_UNCSavedFileCheck_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($IE_UNCSavedFileCheck_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($IE_UNCSavedFileCheck_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' @@ -1120,62 +1038,62 @@ configuration DoD_Office_System_2016_and_Components if ($IE_UNCSavedFileCheck_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_UNCSavedFileCheck_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 0 } } - + if ( $IE_UNCSavedFileCheck_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_UNCSavedFileCheck_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($IE_UNCSavedFileCheck_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ( $IE_UNCSavedFileCheck_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' @@ -1186,73 +1104,73 @@ configuration DoD_Office_System_2016_and_Components if ($IE_ValidateNavigateURL_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_ValidateNavigateURL_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_ValidateNavigateURL_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_ValidateNavigateURL_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($IE_ValidateNavigateURL_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($IE_ValidateNavigateURL_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($IE_ValidateNavigateURL_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' @@ -1263,73 +1181,73 @@ configuration DoD_Office_System_2016_and_Components if ($IE_ValidateNavigateURL_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($IE_ValidateNavigateURL_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_ValidateNavigateURL_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 0 } } - + if ( $IE_ValidateNavigateURL_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_ValidateNavigateURL_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($IE_ValidateNavigateURL_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ( $IE_ValidateNavigateURL_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' @@ -1340,73 +1258,73 @@ configuration DoD_Office_System_2016_and_Components if ($IE_WebocPopupManagement_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_WebocPopupManagement_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_WebocPopupManagement_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_WebocPopupManagement_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($IE_WebocPopupManagement_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($IE_WebocPopupManagement_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($IE_WebocPopupManagement_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' @@ -1417,73 +1335,73 @@ configuration DoD_Office_System_2016_and_Components if ($IE_WebocPopupManagement_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($IE_WebocPopupManagement_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_WebocPopupManagement_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 0 } } - + if ( $IE_WebocPopupManagement_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_WebocPopupManagement_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($IE_WebocPopupManagement_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ( $IE_WebocPopupManagement_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' @@ -1494,62 +1412,62 @@ configuration DoD_Office_System_2016_and_Components if ($IE_WindowRestrictions_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_WindowRestrictions_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_WindowRestrictions_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_WindowRestrictions_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($IE_WindowRestrictions_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($IE_WindowRestrictions_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' @@ -1560,73 +1478,73 @@ configuration DoD_Office_System_2016_and_Components if ($IE_WindowRestrictions_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($IE_WindowRestrictions_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($IE_WindowRestrictions_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_WindowRestrictions_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 0 } } - + if ( $IE_WindowRestrictions_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_WindowRestrictions_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($IE_WindowRestrictions_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' @@ -1637,73 +1555,73 @@ configuration DoD_Office_System_2016_and_Components if ( $IE_WindowRestrictions_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($IE_ZoneElevation_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\groove.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_ZoneElevation_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\excel.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_ZoneElevation_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mspub.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_ZoneElevation_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\powerpnt.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' ValueData = 1 } } - + if ($IE_ZoneElevation_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\pptview.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($IE_ZoneElevation_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\visio.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' @@ -1714,62 +1632,62 @@ configuration DoD_Office_System_2016_and_Components if ($IE_ZoneElevation_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winproj.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($IE_ZoneElevation_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\winword.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($IE_ZoneElevation_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\outlook.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_ZoneElevation_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\spdesign.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' ValueData = 0 } } - + if ( $IE_ZoneElevation_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\exprwd.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_ZoneElevation_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\msaccess.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' @@ -1780,62 +1698,62 @@ configuration DoD_Office_System_2016_and_Components if ($IE_ZoneElevation_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\onenote.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ( $IE_ZoneElevation_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation\mse7.exe' { - Key = '\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' + Key = 'software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - + if ($IE_SafeBindToObject_Grove) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\groove.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'groove.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_Excel) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\excel.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'excel.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_MSPub) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mspub.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mspub.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_PowerPNT) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\powerpnt.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'powerpnt.exe' @@ -1846,62 +1764,62 @@ configuration DoD_Office_System_2016_and_Components if ($IE_SafeBindToObject_PPTView) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\pptview.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'pptview.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_Visio) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\visio.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'visio.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_WinProj) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winproj.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winproj.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_WinWord) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\winword.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'winword.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_Outlook) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\outlook.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'outlook.exe' ValueData = 1 } } - + if ( $IE_SafeBindToObject_SPDesign) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\spdesign.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'spdesign.exe' @@ -1911,135 +1829,80 @@ configuration DoD_Office_System_2016_and_Components if ( $IE_SafeBindToObject_ExprWD) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\exprwd.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'exprwd.exe' ValueData = 0 } } - + if ($IE_SafeBindToObject_MSAccess) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\msaccess.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'msaccess.exe' ValueData = 1 } } - + if ($IE_SafeBindToObject_OneNote) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\onenote.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'onenote.exe' ValueData = 1 } } - + if ( $IE_SafeBindToObject_MSE7) { RegistryPolicyFile 'Registry(POL): HKLM:\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject\mse7.exe' { - Key = '\software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' + Key = 'software\wow6432node\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'mse7.exe' ValueData = 0 } } - - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\powerpoint\security\powerpointbypassencryptedmacroscan' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\powerpoint\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'powerpointbypassencryptedmacroscan' - ValueData = '' - } - if ( $PowerPoint_RunPrograms) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\powerpoint\security\runprograms' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\powerpoint\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'runprograms' - ValueData = '' - } - } - - if ( $PowerPoint_OpenInProtectedView) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\powerpoint\security\filevalidation\openinprotectedview' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\powerpoint\security\filevalidation' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'openinprotectedview' - ValueData = '' - } - } - + + if ( $Lync_SavePassword) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\savepassword' { - Key = '\software\policies\microsoft\office\16.0\lync' + Key = 'software\policies\microsoft\office\16.0\lync' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'savepassword' ValueData = 0 } } - + if ($Lync_EnableSIPHighSecurityMode) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\enablesiphighsecuritymode' { - Key = '\software\policies\microsoft\office\16.0\lync' + Key = 'software\policies\microsoft\office\16.0\lync' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'enablesiphighsecuritymode' ValueData = 1 } } - + if ($Lync_DisableHTTPConnect) { RegistryPolicyFile 'Registry(POL): HKLM:\software\policies\microsoft\office\16.0\lync\disablehttpconnect' { - Key = '\software\policies\microsoft\office\16.0\lync' + Key = 'software\policies\microsoft\office\16.0\lync' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'disablehttpconnect' ValueData = 1 } } - - if ( $Word_BypassEncryptedMacroScan) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\word\security\wordbypassencryptedmacroscan' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\word\security' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'wordbypassencryptedmacroscan' - ValueData = '' - } - } - - if ( $Word_OpenInProtectedView) { - RegistryPolicyFile 'DEL_CU:\software\policies\microsoft\office\16.0\word\security\filevalidation\openinprotectedview' - { - Key = 'HKCU:\software\policies\microsoft\office\16.0\word\security\filevalidation' - ValueType = 'String' - Ensure = 'Absent' - TargetType = 'ComputerConfiguration' - ValueName = 'openinprotectedview' - ValueData = '' - } - } -} + +} diff --git a/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.schema.psm1 b/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.schema.psm1 index 2909029..b1b26e4 100644 --- a/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.schema.psm1 +++ b/DSCResources/DoD_WinSvr_2012_R2_MS_and_DC_v3r7/DoD_WinSvr_2012_R2_MS_and_DC_v3r7.schema.psm1 @@ -297,62 +297,62 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($EnumerateAdministrators) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateAdministrators' ValueData = 0 } } - + if ($NoDriveTypeAutoRun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDriveTypeAutoRun' ValueData = 255 } } - + if ($NoInternetOpenWith) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoInternetOpenWith' ValueData = 1 } } - + if ($PreXPSP2ShellProtocolBehavior) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreXPSP2ShellProtocolBehavior' ValueData = 0 } } - + if ($NoAutorun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutorun' ValueData = 1 } } - + if ($LocalSourcePath) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\LocalSourcePath' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Servicing' ValueType = 'ExpandString' TargetType = 'ComputerConfiguration' ValueName = 'LocalSourcePath' @@ -363,18 +363,18 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($UseWindowsUpdate) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\UseWindowsUpdate' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Servicing' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseWindowsUpdate' ValueData = 2 } } - + if ($RepairContentServerSource_Delete) { RegistryPolicyFile 'DEL_\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\RepairContentServerSource' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Servicing' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -382,11 +382,11 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 ValueData = '' } } - + if ($DisableBkGndGroupPolicy_Delete) { RegistryPolicyFile 'DEL_\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -394,33 +394,33 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 ValueData = '' } } - + if ($MSAOptional) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MSAOptional' ValueData = 1 } } - + if ($DisableAutomaticRestartSignOn) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableAutomaticRestartSignOn' ValueData = 1 } } - + if ($LocalAccountTokenFilterPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LocalAccountTokenFilterPolicy' @@ -431,51 +431,51 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($ProcessCreationIncludeCmdLine_Enabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ProcessCreationIncludeCmdLine_Enabled' ValueData = 1 } } - + if ($AutoAdminLogon) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon' { - Key = '\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' + Key = 'Software\Microsoft\Windows NT\CurrentVersion\Winlogon' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'AutoAdminLogon' ValueData = '0' } } - + if ($ScreenSaverGracePeriod) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod' { - Key = '\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' + Key = 'Software\Microsoft\Windows NT\CurrentVersion\Winlogon' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'ScreenSaverGracePeriod' ValueData = '5' } } - + if ($Biometrics_Enabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Biometrics\Enabled' { - Key = '\Software\policies\Microsoft\Biometrics' + Key = 'Software\policies\Microsoft\Biometrics' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Enabled' ValueData = 0 } } - + if ($BlockUserInputMethodsForSignIn) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Control Panel\International\BlockUserInputMethodsForSignIn' { - Key = '\Software\policies\Microsoft\Control Panel\International' + Key = 'Software\policies\Microsoft\Control Panel\International' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'BlockUserInputMethodsForSignIn' @@ -486,62 +486,62 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($MicrosoftEventVwrDisableLinks) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks' { - Key = '\Software\policies\Microsoft\EventViewer' + Key = 'Software\policies\Microsoft\EventViewer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MicrosoftEventVwrDisableLinks' ValueData = 1 } } - + if ($DisableEnclosureDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload' { - Key = '\Software\policies\Microsoft\Internet Explorer\Feeds' + Key = 'Software\policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableEnclosureDownload' ValueData = 1 } } - + if ($AllowBasicAuthInClear) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear' { - Key = '\Software\policies\Microsoft\Internet Explorer\Feeds' + Key = 'Software\policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasicAuthInClear' ValueData = 0 } } - + if ($Peernet_Disabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Peernet\Disabled' { - Key = '\Software\policies\Microsoft\Peernet' + Key = 'Software\policies\Microsoft\Peernet' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Disabled' ValueData = 1 } } - + if ($DCSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex' { - Key = '\Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DCSettingIndex' ValueData = 1 } } - + if ($ACSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex' { - Key = '\Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ACSettingIndex' @@ -552,51 +552,51 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($CEIPEnable) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\SQMClient\Windows\CEIPEnable' { - Key = '\Software\policies\Microsoft\SQMClient\Windows' + Key = 'Software\policies\Microsoft\SQMClient\Windows' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'CEIPEnable' ValueData = 0 } } - + if ($DisableInventory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\AppCompat\DisableInventory' { - Key = '\Software\policies\Microsoft\Windows\AppCompat' + Key = 'Software\policies\Microsoft\Windows\AppCompat' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableInventory' ValueData = 1 } } - + if ($DisablePcaUI) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\AppCompat\DisablePcaUI' { - Key = '\Software\policies\Microsoft\Windows\AppCompat' + Key = 'Software\policies\Microsoft\Windows\AppCompat' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePcaUI' ValueData = 0 } } - + if ($AllowAllTrustedApps) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Appx\AllowAllTrustedApps' { - Key = '\Software\policies\Microsoft\Windows\Appx' + Key = 'Software\policies\Microsoft\Windows\Appx' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowAllTrustedApps' ValueData = 1 } } - + if ($DisablePasswordReveal) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\CredUI\DisablePasswordReveal' { - Key = '\Software\policies\Microsoft\Windows\CredUI' + Key = 'Software\policies\Microsoft\Windows\CredUI' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePasswordReveal' @@ -607,62 +607,62 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($PreventDeviceMetadataFromNetwork) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork' { - Key = '\Software\policies\Microsoft\Windows\Device Metadata' + Key = 'Software\policies\Microsoft\Windows\Device Metadata' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventDeviceMetadataFromNetwork' ValueData = 1 } } - + if ($AllowRemoteRPC) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC' { - Key = '\Software\policies\Microsoft\Windows\DeviceInstall\Settings' + Key = 'Software\policies\Microsoft\Windows\DeviceInstall\Settings' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowRemoteRPC' ValueData = 0 } } - + if ($DisableSystemRestore) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore' { - Key = '\Software\policies\Microsoft\Windows\DeviceInstall\Settings' + Key = 'Software\policies\Microsoft\Windows\DeviceInstall\Settings' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableSystemRestore' ValueData = 0 } } - + if ($DisableSendGenericDriverNotFoundToWER) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER' { - Key = '\Software\policies\Microsoft\Windows\DeviceInstall\Settings' + Key = 'Software\policies\Microsoft\Windows\DeviceInstall\Settings' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableSendGenericDriverNotFoundToWER' ValueData = 1 } } - + if ($DisableSendRequestAdditionalSoftwareToWER) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER' { - Key = '\Software\policies\Microsoft\Windows\DeviceInstall\Settings' + Key = 'Software\policies\Microsoft\Windows\DeviceInstall\Settings' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableSendRequestAdditionalSoftwareToWER' ValueData = 1 } } - + if ($DontSearchWindowsUpdate) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate' { - Key = '\Software\policies\Microsoft\Windows\DriverSearching' + Key = 'Software\policies\Microsoft\Windows\DriverSearching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DontSearchWindowsUpdate' @@ -673,62 +673,62 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($DontPromptForWindowsUpdate) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate' { - Key = '\Software\policies\Microsoft\Windows\DriverSearching' + Key = 'Software\policies\Microsoft\Windows\DriverSearching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DontPromptForWindowsUpdate' ValueData = 1 } } - + if ($SearchOrderConfig) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DriverSearching\SearchOrderConfig' { - Key = '\Software\policies\Microsoft\Windows\DriverSearching' + Key = 'Software\policies\Microsoft\Windows\DriverSearching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SearchOrderConfig' ValueData = 0 } } - + if ($DriverServerSelection) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\DriverSearching\DriverServerSelection' { - Key = '\Software\policies\Microsoft\Windows\DriverSearching' + Key = 'Software\policies\Microsoft\Windows\DriverSearching' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DriverServerSelection' ValueData = 1 } } - + if ($MaxSize_Application) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\EventLog\Application\MaxSize' { - Key = '\Software\policies\Microsoft\Windows\EventLog\Application' + Key = 'Software\policies\Microsoft\Windows\EventLog\Application' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($MaxSize_Security) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\EventLog\Security\MaxSize' { - Key = '\Software\policies\Microsoft\Windows\EventLog\Security' + Key = 'Software\policies\Microsoft\Windows\EventLog\Security' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 196608 } } - + if ($MaxSize_Setup) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\EventLog\Setup\MaxSize' { - Key = '\Software\policies\Microsoft\Windows\EventLog\Setup' + Key = 'Software\policies\Microsoft\Windows\EventLog\Setup' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' @@ -739,51 +739,51 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($MaxSize_System) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\EventLog\System\MaxSize' { - Key = '\Software\policies\Microsoft\Windows\EventLog\System' + Key = 'Software\policies\Microsoft\Windows\EventLog\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($NoHeapTerminationOnCorruption) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption' { - Key = '\Software\policies\Microsoft\Windows\Explorer' + Key = 'Software\policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoHeapTerminationOnCorruption' ValueData = 0 } } - + if ($NoAutoplayfornonVolume) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume' { - Key = '\Software\policies\Microsoft\Windows\Explorer' + Key = 'Software\policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutoplayfornonVolume' ValueData = 1 } } - + if ($NoDataExecutionPrevention) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention' { - Key = '\Software\policies\Microsoft\Windows\Explorer' + Key = 'Software\policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDataExecutionPrevention' ValueData = 0 } } - + if ($NoUseStoreOpenWith) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Explorer\NoUseStoreOpenWith' { - Key = '\Software\policies\Microsoft\Windows\Explorer' + Key = 'Software\policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoUseStoreOpenWith' @@ -793,51 +793,51 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($NoBackgroundPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' { - Key = '\Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoBackgroundPolicy' ValueData = 0 } } - + if ($NoGPOListChanges) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' { - Key = '\Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoGPOListChanges' ValueData = 0 } } - + if ($PreventHandwritingErrorReports) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports' { - Key = '\Software\policies\Microsoft\Windows\HandwritingErrorReports' + Key = 'Software\policies\Microsoft\Windows\HandwritingErrorReports' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventHandwritingErrorReports' ValueData = 1 } } - + if ($SafeForScripting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Installer\SafeForScripting' { - Key = '\Software\policies\Microsoft\Windows\Installer' + Key = 'Software\policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SafeForScripting' ValueData = 0 } } - + if ($EnableUserControl) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Installer\EnableUserControl' { - Key = '\Software\policies\Microsoft\Windows\Installer' + Key = 'Software\policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableUserControl' @@ -848,51 +848,51 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($DisableLUAPatching) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Installer\DisableLUAPatching' { - Key = '\Software\policies\Microsoft\Windows\Installer' + Key = 'Software\policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableLUAPatching' ValueData = 1 } } - + if ($AlwaysInstallElevated) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Installer\AlwaysInstallElevated' { - Key = '\Software\policies\Microsoft\Windows\Installer' + Key = 'Software\policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AlwaysInstallElevated' ValueData = 0 } } - + if ($EnableLLTDIO) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\EnableLLTDIO' { - Key = '\Software\policies\Microsoft\Windows\LLTD' + Key = 'Software\policies\Microsoft\Windows\LLTD' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableLLTDIO' ValueData = 0 } } - + if ($AllowLLTDIOOnDomain) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\AllowLLTDIOOnDomain' { - Key = '\Software\policies\Microsoft\Windows\LLTD' + Key = 'Software\policies\Microsoft\Windows\LLTD' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowLLTDIOOnDomain' ValueData = 0 } } - + if ($AllowLLTDIOOnPublicNet) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet' { - Key = '\Software\policies\Microsoft\Windows\LLTD' + Key = 'Software\policies\Microsoft\Windows\LLTD' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowLLTDIOOnPublicNet' @@ -903,40 +903,40 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($ProhibitLLTDIOOnPrivateNet) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet' { - Key = '\Software\policies\Microsoft\Windows\LLTD' + Key = 'Software\policies\Microsoft\Windows\LLTD' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ProhibitLLTDIOOnPrivateNet' ValueData = 0 } } - + if ($EnableRspndr) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\EnableRspndr' { - Key = '\Software\policies\Microsoft\Windows\LLTD' + Key = 'Software\policies\Microsoft\Windows\LLTD' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableRspndr' ValueData = 0 } } - + if ($AllowRspndrOnDomain) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\AllowRspndrOnDomain' { - Key = '\Software\policies\Microsoft\Windows\LLTD' + Key = 'Software\policies\Microsoft\Windows\LLTD' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowRspndrOnDomain' ValueData = 0 } } - + if ($AllowRspndrOnPublicNet) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet' { - Key = '\Software\policies\Microsoft\Windows\LLTD' + Key = 'Software\policies\Microsoft\Windows\LLTD' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowRspndrOnPublicNet' @@ -947,40 +947,40 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($ProhibitRspndrOnPrivateNet) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet' { - Key = '\Software\policies\Microsoft\Windows\LLTD' + Key = 'Software\policies\Microsoft\Windows\LLTD' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ProhibitRspndrOnPrivateNet' ValueData = 0 } } - + if ($DisableLocation) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\LocationAndSensors\DisableLocation' { - Key = '\Software\policies\Microsoft\Windows\LocationAndSensors' + Key = 'Software\policies\Microsoft\Windows\LocationAndSensors' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableLocation' ValueData = 1 } } - + if ($NC_AllowNetBridge_NLA) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA' { - Key = '\Software\policies\Microsoft\Windows\Network Connections' + Key = 'Software\policies\Microsoft\Windows\Network Connections' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NC_AllowNetBridge_NLA' ValueData = 0 } } - + if ($NC_StdDomainUserSetLocation) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation' { - Key = '\Software\policies\Microsoft\Windows\Network Connections' + Key = 'Software\policies\Microsoft\Windows\Network Connections' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NC_StdDomainUserSetLocation' @@ -991,29 +991,29 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($NoLockScreenSlideshow) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow' { - Key = '\Software\policies\Microsoft\Windows\Personalization' + Key = 'Software\policies\Microsoft\Windows\Personalization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoLockScreenSlideshow' ValueData = 1 } } - + if ($EnableScriptBlockLogging) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging' { - Key = '\Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableScriptBlockLogging' ValueData = 1 } } - + if ($EnableScriptBlockInvocationLogging_Delete) { RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging' { - Key = '\Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1021,11 +1021,11 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 ValueData = '' } } - + if ($DisableQueryRemoteServer) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer' { - Key = '\Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy' + Key = 'Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableQueryRemoteServer' @@ -1036,62 +1036,62 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($EnableQueryRemoteServer) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer' { - Key = '\Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy' + Key = 'Software\policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableQueryRemoteServer' ValueData = 0 } } - + if ($EnumerateLocalUsers) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\System\EnumerateLocalUsers' { - Key = '\Software\policies\Microsoft\Windows\System' + Key = 'Software\policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateLocalUsers' ValueData = 0 } } - + if ($DisableLockScreenAppNotifications) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\System\DisableLockScreenAppNotifications' { - Key = '\Software\policies\Microsoft\Windows\System' + Key = 'Software\policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableLockScreenAppNotifications' ValueData = 1 } } - + if ($DontDisplayNetworkSelectionUI) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI' { - Key = '\Software\policies\Microsoft\Windows\System' + Key = 'Software\policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DontDisplayNetworkSelectionUI' ValueData = 1 } } - + if ($EnableSmartScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\System\EnableSmartScreen' { - Key = '\Software\policies\Microsoft\Windows\System' + Key = 'Software\policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableSmartScreen' ValueData = 2 } } - + if ($PreventHandwritingDataSharing) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\TabletPC\PreventHandwritingDataSharing' { - Key = '\Software\policies\Microsoft\Windows\TabletPC' + Key = 'Software\policies\Microsoft\Windows\TabletPC' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventHandwritingDataSharing' @@ -1102,62 +1102,62 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($Force_Tunneling) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling' { - Key = '\Software\policies\Microsoft\Windows\TCPIP\v6Transition' + Key = 'Software\policies\Microsoft\Windows\TCPIP\v6Transition' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'Force_Tunneling' ValueData = 'Enabled' } } - + if ($EnableRegistrars) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars' { - Key = '\Software\policies\Microsoft\Windows\WCN\Registrars' + Key = 'Software\policies\Microsoft\Windows\WCN\Registrars' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableRegistrars' ValueData = 0 } } - + if ($DisableUPnPRegistrar) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar' { - Key = '\Software\policies\Microsoft\Windows\WCN\Registrars' + Key = 'Software\policies\Microsoft\Windows\WCN\Registrars' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableUPnPRegistrar' ValueData = 0 } } - + if ($DisableInBand802DOT11Registrar) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar' { - Key = '\Software\policies\Microsoft\Windows\WCN\Registrars' + Key = 'Software\policies\Microsoft\Windows\WCN\Registrars' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableInBand802DOT11Registrar' ValueData = 0 } } - + if ($DisableFlashConfigRegistrar) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar' { - Key = '\Software\policies\Microsoft\Windows\WCN\Registrars' + Key = 'Software\policies\Microsoft\Windows\WCN\Registrars' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableFlashConfigRegistrar' ValueData = 0 } } - + if ($DisableWPDRegistrar) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar' { - Key = '\Software\policies\Microsoft\Windows\WCN\Registrars' + Key = 'Software\policies\Microsoft\Windows\WCN\Registrars' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWPDRegistrar' @@ -1168,7 +1168,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($MaxWCNDeviceNumber_Delete) { RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows\WCN\Registrars\MaxWCNDeviceNumber' { - Key = '\Software\policies\Microsoft\Windows\WCN\Registrars' + Key = 'Software\policies\Microsoft\Windows\WCN\Registrars' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1176,11 +1176,11 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 ValueData = '' } } - + if ($HigherPrecedenceRegistrar_Delete) { RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows\WCN\Registrars\HigherPrecedenceRegistrar' { - Key = '\Software\policies\Microsoft\Windows\WCN\Registrars' + Key = 'Software\policies\Microsoft\Windows\WCN\Registrars' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1188,44 +1188,44 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 ValueData = '' } } - + if ($DisableWcnUi) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WCN\UI\DisableWcnUi' { - Key = '\Software\policies\Microsoft\Windows\WCN\UI' + Key = 'Software\policies\Microsoft\Windows\WCN\UI' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWcnUi' ValueData = 1 } } - + if ($ScenarioExecutionEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled' { - Key = '\Software\policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}' + Key = 'Software\policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ScenarioExecutionEnabled' ValueData = 0 } } - + if ($AllowBasic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Client\AllowBasic' { - Key = '\Software\policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if ($AllowUnencryptedTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic' { - Key = '\Software\policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' @@ -1236,51 +1236,51 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($AllowDigest) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Client\AllowDigest' { - Key = '\Software\policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDigest' ValueData = 0 } } - + if ($AllowBasic_Service) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Service\AllowBasic' { - Key = '\Software\policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if ($AllowUnencryptedTraffic_Service) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic' { - Key = '\Software\policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' ValueData = 0 } } - + if ($DisableRunAs) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows\WinRM\Service\DisableRunAs' { - Key = '\Software\policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableRunAs' ValueData = 1 } } - + if ($DisableHTTPPrinting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting' { - Key = '\Software\policies\Microsoft\Windows NT\Printers' + Key = 'Software\policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableHTTPPrinting' @@ -1291,40 +1291,40 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($DisableWebPnPDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload' { - Key = '\Software\policies\Microsoft\Windows NT\Printers' + Key = 'Software\policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWebPnPDownload' ValueData = 1 } } - + if ($DoNotInstallCompatibleDriverFromWindowsUpdate) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate' { - Key = '\Software\policies\Microsoft\Windows NT\Printers' + Key = 'Software\policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DoNotInstallCompatibleDriverFromWindowsUpdate' ValueData = 1 } } - + if ($fAllowToGetHelp) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fAllowToGetHelp' ValueData = 0 } } - + if ($fAllowFullControl_Delete) { RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowFullControl' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1332,11 +1332,11 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 ValueData = '' } } - + if ($MaxTicketExpiry_Delete) { RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiry' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1348,7 +1348,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($MaxTicketExpiryUnits_Delete) { RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiryUnits' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1356,11 +1356,11 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 ValueData = '' } } - + if ($fUseMailto_Delete) { RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\fUseMailto' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1368,22 +1368,22 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 ValueData = '' } } - + if ($fPromptForPassword) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fPromptForPassword' ValueData = 1 } } - + if ($MinEncryptionLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinEncryptionLevel' @@ -1394,40 +1394,40 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($PerSessionTempDir) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PerSessionTempDir' ValueData = 1 } } - + if ($DeleteTempDirsOnExit) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DeleteTempDirsOnExit' ValueData = 1 } } - + if ($fAllowUnsolicited) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fAllowUnsolicited' ValueData = 0 } } - + if ($fAllowUnsolicitedFullControl_Delete) { RegistryPolicyFile 'DEL_\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicitedFullControl' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1435,11 +1435,11 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 ValueData = '' } } - + if ($fEncryptRPCTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fEncryptRPCTraffic' @@ -1450,62 +1450,62 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($DisablePasswordSaving) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePasswordSaving' ValueData = 1 } } - + if ($fDisableCdm) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fDisableCdm' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fDisableCdm' ValueData = 1 } } - + if ($LoggingEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LoggingEnabled' ValueData = 1 } } - + if ($fDisableCcm) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fDisableCcm' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fDisableCcm' ValueData = 1 } } - + if ($fDisableLPT) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fDisableLPT' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fDisableLPT' ValueData = 1 } } - + if ($fDisablePNPRedir) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fDisablePNPRedir' @@ -1516,51 +1516,51 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($fEnableSmartCard) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fEnableSmartCard' ValueData = 1 } } - + if ($RedirectOnlyDefaultClientPrinter) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter' { - Key = '\Software\policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RedirectOnlyDefaultClientPrinter' ValueData = 1 } } - + if ($DisableAutoUpdate) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\WindowsMediaPlayer\DisableAutoUpdate' { - Key = '\Software\policies\Microsoft\WindowsMediaPlayer' + Key = 'Software\policies\Microsoft\WindowsMediaPlayer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableAutoUpdate' ValueData = 1 } } - + if ($GroupPrivacyAcceptance) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance' { - Key = '\Software\policies\Microsoft\WindowsMediaPlayer' + Key = 'Software\policies\Microsoft\WindowsMediaPlayer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'GroupPrivacyAcceptance' ValueData = 1 } } - + if ($DisableOnline) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\policies\Microsoft\WMDRM\DisableOnline' { - Key = '\Software\policies\Microsoft\WMDRM' + Key = 'Software\policies\Microsoft\WMDRM' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableOnline' @@ -1571,62 +1571,62 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($UseLogonCredential) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential' { - Key = '\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' + Key = 'SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseLogonCredential' ValueData = 0 } } - + if ($SafeDllSearchMode) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode' { - Key = '\SYSTEM\CurrentControlSet\Control\Session Manager' + Key = 'SYSTEM\CurrentControlSet\Control\Session Manager' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SafeDllSearchMode' ValueData = 1 } } - + if ($DriverLoadPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy' { - Key = '\SYSTEM\CurrentControlSet\Policies\EarlyLaunch' + Key = 'SYSTEM\CurrentControlSet\Policies\EarlyLaunch' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DriverLoadPolicy' ValueData = 1 } } - + if ($WarningLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel' { - Key = '\SYSTEM\CurrentControlSet\Services\Eventlog\Security' + Key = 'SYSTEM\CurrentControlSet\Services\Eventlog\Security' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'WarningLevel' ValueData = 90 } } - + if ($NoDefaultExempt) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt' { - Key = '\SYSTEM\CurrentControlSet\Services\IPSEC' + Key = 'SYSTEM\CurrentControlSet\Services\IPSEC' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDefaultExempt' ValueData = 3 } } - + if ($SMB1) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1' { - Key = '\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SMB1' @@ -1637,62 +1637,62 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($Start_MrxSmb10) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start' { - Key = '\SYSTEM\CurrentControlSet\Services\MrxSmb10' + Key = 'SYSTEM\CurrentControlSet\Services\MrxSmb10' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Start' ValueData = 4 } } - + if ($NoNameReleaseOnDemand) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand' { - Key = '\SYSTEM\CurrentControlSet\Services\Netbt\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Netbt\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoNameReleaseOnDemand' ValueData = 1 } } - + if ($DisableIPSourceRouting) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' ValueData = 2 } } - + if ($EnableICMPRedirect) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableICMPRedirect' ValueData = 0 } } - + if ($PerformRouterDiscovery) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PerformRouterDiscovery' ValueData = 0 } } - + if ($KeepAliveTime) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'KeepAliveTime' @@ -1703,40 +1703,40 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 if ($TcpMaxDataRetransmissions) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'TcpMaxDataRetransmissions' ValueData = 3 } } - + if ($EnableIPAutoConfigurationLimits) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIPAutoConfigurationLimits' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableIPAutoConfigurationLimits' ValueData = 1 } } - + if ($DisableIPSourceRouting_Tcpip6) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' ValueData = 2 } } - + if ($TcpMaxDataRetransmissions_Tcpip6) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissions' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'TcpMaxDataRetransmissions' @@ -1752,7 +1752,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditCredentialValidation_Failure) { AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion' { @@ -1761,7 +1761,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditComputerAccountManagement_Success) { AuditPolicySubcategory 'Audit Computer Account Management (Success) - Inclusion' { @@ -1770,7 +1770,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ( $AuditComputerAccountManagement_Failure) { AuditPolicySubcategory 'Audit Computer Account Management (Failure) - Inclusion' { @@ -1779,7 +1779,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditOtherAccountManagementEvents_Success) { AuditPolicySubcategory 'Audit Other Account Management Events (Success) - Inclusion' { @@ -1788,7 +1788,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ( $AuditOtherAccountManagementEvents_Failure) { AuditPolicySubcategory 'Audit Other Account Management Events (Failure) - Inclusion' { @@ -1797,7 +1797,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditSecurityGroupManagement_Success) { AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion' { @@ -1815,7 +1815,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditUserAccountManagement_Success) { AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion' { @@ -1824,7 +1824,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditUserAccountManagement_Failure) { AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion' { @@ -1833,7 +1833,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditProcessCreation_Success) { AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion' { @@ -1842,7 +1842,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ( $AuditProcessCreation_Failure) { AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion' { @@ -1851,7 +1851,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditDirectoryServiceAccess_Success) { AuditPolicySubcategory 'Audit Directory Service Access (Success) - Inclusion' { @@ -1860,7 +1860,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditDirectoryServiceAccess_Failure) { AuditPolicySubcategory 'Audit Directory Service Access (Failure) - Inclusion' { @@ -1878,7 +1878,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ( $AuditDirectoryServiceChanges_Failure) { AuditPolicySubcategory 'Audit Directory Service Changes (Failure) - Inclusion' { @@ -1887,7 +1887,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditAccountLockout_Failure) { AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion' { @@ -1896,7 +1896,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ( $AuditAccountLockout_Success) { AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion' { @@ -1905,7 +1905,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditLogoff_Success) { AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion' { @@ -1914,7 +1914,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ( $AuditLogoff_Failure) { AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion' { @@ -1932,7 +1932,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditLogon_Failure) { AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion' { @@ -1941,7 +1941,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditSpecialLogon_Success) { AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion' { @@ -1950,7 +1950,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ( $AuditSpecialLogon_Failure) { AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion' { @@ -1959,7 +1959,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditRemovableStorage_Success) { AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion' { @@ -1968,7 +1968,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditRemovableStorage_Failure) { AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion' { @@ -1977,7 +1977,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditCentralAccessPolicyStaging_Success) { AuditPolicySubcategory 'Audit Central Access Policy Staging (Success) - Inclusion' { @@ -1995,7 +1995,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditPolicyChange_Success) { AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion' { @@ -2004,7 +2004,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditPolicyChange_Failure) { AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion' { @@ -2013,7 +2013,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditAuthenticationPolicyChange_Success) { AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion' { @@ -2022,7 +2022,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ( $AuditAuthenticationPolicyChange_Failure) { AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion' { @@ -2031,7 +2031,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditAuthorizationPolicyChange_Success) { AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion' { @@ -2049,7 +2049,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditSensitivePrivilegeUse_Success) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion' { @@ -2058,7 +2058,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditSensitivePrivilegeUse_Failure) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion' { @@ -2067,7 +2067,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditIPsecDriver_Success) { AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion' { @@ -2076,7 +2076,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditIPsecDriver_Failure) { AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion' { @@ -2085,7 +2085,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditOtherSystemEvents_Success) { AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion' { @@ -2094,7 +2094,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditOtherSystemEvents_Failure) { AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion' { @@ -2111,7 +2111,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ( $AuditSecurityStateChange_Failure) { AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion' { @@ -2120,7 +2120,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditSecuritySystemExtension_Success) { AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion' { @@ -2129,7 +2129,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ( $AuditSecuritySystemExtension_Failure) { AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion' { @@ -2138,7 +2138,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($AuditSystemIntegrity_Success) { AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion' { @@ -2147,7 +2147,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Success' } } - + if ($AuditSystemIntegrity_Failure) { AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion' { @@ -2156,7 +2156,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 AuditFlag = 'Failure' } } - + if ($EnableComputerAndUserAccountsToBeTrustedForDelegation) { UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation' { @@ -2174,7 +2174,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Allow_log_on_through_Remote_Desktop_Services' } } - + if ($BackUpFilesAndDirectories) { UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories' { @@ -2183,7 +2183,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Back_up_files_and_directories' } } - + if ($ImpersonateAClientAfterAuthentication) { UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication' { @@ -2192,7 +2192,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Impersonate_a_client_after_authentication' } } - + if ($PerformVolumeMaintenanceTasks) { UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks' { @@ -2201,7 +2201,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Perform_volume_maintenance_tasks' } } - + if ($AccessThisComputerFromTheNetwork) { UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network' { @@ -2210,7 +2210,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Access_this_computer_from_the_network' } } - + if ($LockPagesInMemory) { UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory' { @@ -2228,7 +2228,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Take_ownership_of_files_or_other_objects' } } - + if ($CreatePermanentSharedObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects' { @@ -2237,7 +2237,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Create_permanent_shared_objects' } } - + if ($DenyAccessToThisComputerFromTheNetwork) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network' { @@ -2246,7 +2246,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Deny_access_to_this_computer_from_the_network' } } - + if ($CreateGlobalObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects' { @@ -2255,7 +2255,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Create_global_objects' } } - + if ($DenyLogOnAsABatchJob) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job' { @@ -2264,7 +2264,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Deny_log_on_as_a_batch_job' } } - + if ($RestoreFilesAndDirectories) { UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories' { @@ -2273,7 +2273,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Restore_files_and_directories' } } - + if ($AccessCredentialManagerAsATrustedCaller) { UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller' { @@ -2282,7 +2282,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Access_Credential_Manager_as_a_trusted_caller' } } - + if ($AddWorkstationsToDomain) { UserRightsAssignment 'UserRightsAssignment(INF): Add_workstations_to_domain' { @@ -2300,7 +2300,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Deny_log_on_as_a_service' } } - + if ($IncreaseSchedulingPriority) { UserRightsAssignment 'UserRightsAssignment(INF): Increase_scheduling_priority' { @@ -2309,7 +2309,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Increase_scheduling_priority' } } - + if ($ForceShutdownFromARemoteSystem) { UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system' { @@ -2318,7 +2318,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Force_shutdown_from_a_remote_system' } } - + if ($GenerateSecurityAudits) { UserRightsAssignment 'UserRightsAssignment(INF): Generate_security_audits' { @@ -2327,7 +2327,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Generate_security_audits' } } - + if ($DenyLogOnLocally) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally' { @@ -2336,7 +2336,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Deny_log_on_locally' } } - + if ($CreateSymbolicLinks) { UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links' { @@ -2345,7 +2345,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Create_symbolic_links' } } - + if ($DebugPrograms) { UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs' { @@ -2354,7 +2354,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Debug_programs' } } - + if ($AllowLogOnLocally) { UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally' { @@ -2363,7 +2363,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Allow_log_on_locally' } } - + if ($ManageAuditingAndSecurityLog) { UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log' { @@ -2372,7 +2372,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Manage_auditing_and_security_log' } } - + if ($ActAsPartOfTheOperatingSystem) { UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system' { @@ -2381,7 +2381,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Act_as_part_of_the_operating_system' } } - + if ($ProfileSingleProcess) { UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process' { @@ -2390,7 +2390,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Profile_single_process' } } - + if ($CreateATokenObject) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object' { @@ -2399,7 +2399,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Create_a_token_object' } } - + if ($LoadAndUnloadDeviceDrivers) { UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers' { @@ -2408,7 +2408,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Load_and_unload_device_drivers' } } - + if ($ModifyFirmwareEnvironmentValues) { UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values' { @@ -2417,7 +2417,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Modify_firmware_environment_values' } } - + if ($CreateAPagefile) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile' { @@ -2426,7 +2426,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Create_a_pagefile' } } - + if ($DenyLogOnThroughRemoteDesktopServices) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services' { @@ -2435,7 +2435,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Policy = 'Deny_log_on_through_Remote_Desktop_Services' } } - + if ($UACAdminApprovalMode) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' { @@ -2443,7 +2443,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' } } - + if ($RestrictAnonymousAccess) { SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' { @@ -2451,7 +2451,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' } } - + if ($RemotelyAccessibleRegistryPaths) { SecurityOption 'SecurityRegistry(INF): Network_access_Remotely_accessible_registry_paths_and_subpaths' { @@ -2459,7 +2459,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_access_Remotely_accessible_registry_paths_and_subpaths' } } - + if ($SharingAndSecurityModel) { SecurityOption 'SecurityRegistry(INF): Network_access_Sharing_and_security_model_for_local_accounts' { @@ -2467,7 +2467,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_access_Sharing_and_security_model_for_local_accounts' } } - + if ($RequireStrongSessionKey) { SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key' { @@ -2475,7 +2475,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Domain_member_Require_strong_Windows_2000_or_later_session_key' } } - + if ($OnlyElevateUIAccessAppsInSecureLocations) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' { @@ -2491,7 +2491,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Microsoft_network_server_Amount_of_idle_time_required_before_suspending_session = '15' } } - + if ($StrongKeyProtection) { SecurityOption 'SecurityRegistry(INF): System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer' { @@ -2499,7 +2499,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer = 'User must enter a password each time they use a key' } } - + if ($KerberosEncryptionTypes) { SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos' { @@ -2507,7 +2507,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos' } } - + if ($DigitallySignCommunicationsIfClientAgrees) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_if_client_agrees' { @@ -2515,7 +2515,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Microsoft_network_server_Digitally_sign_communications_if_client_agrees = 'Enabled' } } - + if ($UseFIPSCompliantAlgorithms) { SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' { @@ -2523,7 +2523,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' } } - + if ($ShutdownWithoutLogon) { SecurityOption 'SecurityRegistry(INF): Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on' { @@ -2531,7 +2531,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on' } } - + if ($AuditBackupAndRestorePrivilege) { SecurityOption 'SecurityRegistry(INF): Audit_Audit_the_use_of_Backup_and_Restore_privilege' { @@ -2547,7 +2547,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Interactive_logon_Do_not_require_CTRL_ALT_DEL' } } - + if ($LANManagerAuthenticationLevel) { SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level' { @@ -2555,7 +2555,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_security_LAN_Manager_authentication_level' } } - + if ($DisableMachineAccountPasswordChanges) { SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes' { @@ -2563,7 +2563,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Domain_member_Disable_machine_account_password_changes' } } - + if ($RemotelyAccessibleRegistryPaths) { SecurityOption 'SecurityRegistry(INF): Network_access_Remotely_accessible_registry_paths' { @@ -2571,7 +2571,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_access_Remotely_accessible_registry_paths' } } - + if ($VirtualizeFileAndRegistryWriteFailures) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' { @@ -2579,7 +2579,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' } } - + if ($LogonMessageTitle) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on' { @@ -2595,7 +2595,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible' } } - + if ($AllowUIAccessApplicationsToPromptForElevation) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop' { @@ -2603,7 +2603,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop' } } - + if ($SmartCardRemovalBehavior) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior' { @@ -2611,7 +2611,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Interactive_logon_Smart_card_removal_behavior' } } - + if ($LimitLocalAccountUseOfBlankPasswords) { SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' { @@ -2619,7 +2619,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' } } - + if ($ServerSPNTargetNameValidationLevel) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Server_SPN_target_name_validation_level' { @@ -2627,7 +2627,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Microsoft_network_server_Server_SPN_target_name_validation_level' } } - + if ($LdapServerSigningRequirements) { SecurityOption 'SecurityRegistry(INF): Domain_controller_LDAP_server_signing_requirements' { @@ -2635,7 +2635,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Domain_controller_LDAP_server_signing_requirements' } } - + if ($AllowedToFormatAndEjectRemovableMedia) { SecurityOption 'SecurityRegistry(INF): Devices_Allowed_to_format_and_eject_removable_media' { @@ -2651,7 +2651,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_access_Named_Pipes_that_can_be_accessed_anonymously' } } - + if ($SwitchToSecureDesktopForElevation) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation' { @@ -2659,7 +2659,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation' } } - + if ($MessageTextForUsersLogon) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on' { @@ -2667,7 +2667,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on' } } - + if ($SharesAccessedAnonymously) { SecurityOption 'SecurityRegistry(INF): Network_access_Shares_that_can_be_accessed_anonymously' { @@ -2675,7 +2675,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Network_access_Shares_that_can_be_accessed_anonymously = 'String' } } - + if ($EveryonePermissionsApplyToAnonymousUsers) { SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users' { @@ -2683,7 +2683,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users' } } - + if ($DigitallyEncryptSecureChannelData) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible' { @@ -2691,7 +2691,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled' } } - + if ($ElevationPromptBehaviorForStandardUsers) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' { @@ -2707,7 +2707,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Microsoft_network_server_Digitally_sign_communications_always' } } - + if ($OptionalSubsystemsEnabled) { SecurityOption 'SecurityRegistry(INF): System_settings_Optional_subsystems' { @@ -2715,7 +2715,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'System_settings_Optional_subsystems' } } - + if ($DigitallySignCommunicationsAlways_Client) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always' { @@ -2723,7 +2723,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Microsoft_network_client_Digitally_sign_communications_always' } } - + if ($MinimumSessionSecurityForNTLM) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' { @@ -2731,7 +2731,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked' } } - + if ($PromptUserToChangePasswordBeforeExpiration) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Prompt_user_to_change_password_before_expiration' { @@ -2739,7 +2739,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Interactive_logon_Prompt_user_to_change_password_before_expiration' } } - + if ($RunAllAdministratorsInAdminApprovalMode) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' { @@ -2747,7 +2747,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' } } - + if ($DigitallySignCommunicationsIfServerAgrees) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_if_server_agrees' { @@ -2763,7 +2763,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation' } } - + if ($DoNotAllowAnonymousEnumerationOfSAMAccounts) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' { @@ -2771,7 +2771,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled' } } - + if ($AllowLocalSystemToUseComputerIdentityForNTLM) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM' { @@ -2779,7 +2779,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM' } } - + if ($RequireCaseInsensitivityForNonWindowsSubsystems) { SecurityOption 'SecurityRegistry(INF): System_objects_Require_case_insensitivity_for_non_Windows_subsystems' { @@ -2787,7 +2787,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 System_objects_Require_case_insensitivity_for_non_Windows_subsystems = 'Enabled' } } - + if ($AllowLocalSystemNULLSessionFallback) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback' { @@ -2795,7 +2795,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled' } } - + if ($ForceAuditPolicySubcategorySettings) { SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' { @@ -2811,7 +2811,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 User_Account_Control_Only_elevate_executables_that_are_signed_and_validated = 'Disabled' } } - + if ($AuditAccessOfGlobalSystemObjects) { SecurityOption 'SecurityRegistry(INF): Audit_Audit_the_access_of_global_system_objects' { @@ -2819,7 +2819,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Audit_Audit_the_access_of_global_system_objects = 'Disabled' } } - + if ($SendUnencryptedPasswordToThirdPartySMBServers) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' { @@ -2827,7 +2827,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' } } - + if ($MinimumSessionSecurityForNTLMSPBASED) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' { @@ -2835,7 +2835,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked' } } - + if ($NumberOfPreviousLogonsToCache) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' { @@ -2843,7 +2843,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' } } - + if ($DoNotDisplayLastUserName) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Do_not_display_last_user_name' { @@ -2859,7 +2859,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Domain_member_Maximum_machine_account_password_age = '30' } } - + if ($DisconnectClientsWhenLogonHoursExpire) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Disconnect_clients_when_logon_hours_expire' { @@ -2867,7 +2867,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Microsoft_network_server_Disconnect_clients_when_logon_hours_expire' } } - + if ($DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' { @@ -2875,7 +2875,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled' } } - + if ($RefuseMachineAccountPasswordChanges) { SecurityOption 'SecurityRegistry(INF): Domain_controller_Refuse_machine_account_password_changes' { @@ -2883,7 +2883,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Domain_controller_Refuse_machine_account_password_changes = 'Disabled' } } - + if ($PreventUsersFromInstallingPrinterDrivers) { SecurityOption 'SecurityRegistry(INF): Devices_Prevent_users_from_installing_printer_drivers' { @@ -2891,7 +2891,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Devices_Prevent_users_from_installing_printer_drivers = 'Enabled' } } - + if ($StrengthenDefaultPermissionsOfInternalSystemObjects) { SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' { @@ -2899,7 +2899,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' } } - + if ($AllowPKU2UAuthenticationRequestsToUseOnlineIdentities) { SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities' { @@ -2915,7 +2915,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Interactive_logon_Machine_inactivity_limit = '900' } } - + if ($DoNotStoreLANManagerHashOnNextPasswordChange) { SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' { @@ -2923,7 +2923,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled' } } - + if ($DigitallyEncryptOrSignSecureChannelDataAlways) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' { @@ -2931,7 +2931,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' } } - + if ($LDAPClientSigningRequirements) { SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements' { @@ -2939,7 +2939,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Network_security_LDAP_client_signing_requirements = 'Negotiate Signing' } } - + if ($ElevationPromptBehaviorForAdmins) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' { @@ -2947,7 +2947,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent' } } - + if ($LockoutDuration) { AccountPolicy 'SecuritySetting(INF): LockoutDuration' { @@ -2955,7 +2955,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Account_lockout_duration' } } - + if ($LockoutBadCount) { AccountPolicy 'SecuritySetting(INF): LockoutBadCount' { @@ -2970,7 +2970,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Reset_account_lockout_counter_after' } } - + if ($RenameGuestAccount) { SecurityOption 'SecuritySetting(INF): NewGuestName' { @@ -2978,7 +2978,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Accounts_Rename_guest_account = 'Visitor' } } - + if ($MinimumPasswordAge) { AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge' { @@ -2986,7 +2986,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Minimum_Password_Age = 1 } } - + if ($PasswordComplexity) { AccountPolicy 'SecuritySetting(INF): PasswordComplexity' { @@ -2994,7 +2994,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Password_must_meet_complexity_requirements' } } - + if ($PasswordHistorySize) { AccountPolicy 'SecuritySetting(INF): PasswordHistorySize' { @@ -3002,7 +3002,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Enforce_password_history = 24 } } - + if ($LSAAnonymousNameLookup) { SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup' { @@ -3010,7 +3010,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_access_Allow_anonymous_SID_Name_translation' } } - + if ($MinimumPasswordLength) { AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength' { @@ -3026,7 +3026,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Accounts_Rename_administrator_account' } } - + if ($EnableGuestAccount) { SecurityOption 'SecuritySetting(INF): EnableGuestAccount' { @@ -3034,7 +3034,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Accounts_Guest_account_status = 'Disabled' } } - + if ($ClearTextPassword) { AccountPolicy 'SecuritySetting(INF): ClearTextPassword' { @@ -3042,7 +3042,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Store_passwords_using_reversible_encryption = 'Disabled' } } - + if ($MaximumPasswordAge) { AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge' { @@ -3050,7 +3050,7 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Maximum_Password_Age' } } - + if ($ForceLogoffWhenHourExpire) { SecurityOption 'SecuritySetting(INF): ForceLogoffWhenHourExpire' { @@ -3058,6 +3058,5 @@ configuration DoD_WinSvr_2012_R2_MS_and_DC_v3r7 Name = 'Network_security_Force_logoff_when_logon_hours_expire' } } - -} +} diff --git a/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.schema.psm1 b/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.schema.psm1 index 6cb2d21..2eb14bb 100644 --- a/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.schema.psm1 +++ b/DSCResources/DoD_WinSvr_2016_MS_and_DC_v2r9/DoD_WinSvr_2016_MS_and_DC_v2r9.schema.psm1 @@ -3,7 +3,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 param( [string]$EnterpriseAdmins, - [string]$DomainAdmins, + [string]$DomainAdmins, [bool]$EnumerateAdministrators = $true, [bool]$NoAutorun = $true, [bool]$NoDriveTypeAutoRun = $true, @@ -206,62 +206,62 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 if ($EnumerateAdministrators) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateAdministrators' ValueData = 0 } } - + if ($NoAutorun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutorun' ValueData = 1 } } - + if ($NoDriveTypeAutoRun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDriveTypeAutoRun' ValueData = 255 } } - + if ($DisableAutomaticRestartSignOn) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableAutomaticRestartSignOn' ValueData = 1 } } - + if ($LocalAccountTokenFilterPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LocalAccountTokenFilterPolicy' ValueData = 0 } } - + if ($ProcessCreationIncludeCmdLine_Enabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ProcessCreationIncludeCmdLine_Enabled' @@ -272,62 +272,62 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 if ($DisableEnclosureDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds' + Key = 'Software\Policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableEnclosureDownload' ValueData = 1 } } - + if ($DCSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex' { - Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DCSettingIndex' ValueData = 1 } } - + if ($ACSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex' { - Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ACSettingIndex' ValueData = 1 } } - + if ($DisableInventory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory' { - Key = '\Software\Policies\Microsoft\Windows\AppCompat' + Key = 'Software\Policies\Microsoft\Windows\AppCompat' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableInventory' ValueData = 1 } } - + if ($AllowTelemetry) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry' { - Key = '\Software\Policies\Microsoft\Windows\DataCollection' + Key = 'Software\Policies\Microsoft\Windows\DataCollection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowTelemetry' ValueData = 1 } } - + if ($EnableVirtualizationBasedSecurity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableVirtualizationBasedSecurity' @@ -338,62 +338,62 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 if ($RequirePlatformSecurityFeatures) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RequirePlatformSecurityFeatures' ValueData = 1 } } - + if ($HypervisorEnforcedCodeIntegrity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HypervisorEnforcedCodeIntegrity' ValueData = 0 } } - + if ($LsaCfgFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LsaCfgFlags' ValueData = 1 } } - + if ($MaxSizeApplication) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\Application' + Key = 'Software\Policies\Microsoft\Windows\EventLog\Application' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($MaxSizeSecurity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\Security' + Key = 'Software\Policies\Microsoft\Windows\EventLog\Security' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 196608 } } - + if ($MaxSizeSystem) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\System' + Key = 'Software\Policies\Microsoft\Windows\EventLog\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' @@ -404,51 +404,51 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 if ($NoAutoplayfornonVolume) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume' { - Key = '\Software\Policies\Microsoft\Windows\Explorer' + Key = 'Software\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutoplayfornonVolume' ValueData = 1 } } - + if ($NoBackgroundPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' { - Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoBackgroundPolicy' ValueData = 0 } } - + if ($NoGPOListChanges) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' { - Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoGPOListChanges' ValueData = 0 } } - + if ($EnableUserControl) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableUserControl' ValueData = 0 } } - + if ($AlwaysInstallElevated) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AlwaysInstallElevated' @@ -459,40 +459,40 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 if ($AllowInsecureGuestAuth) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' { - Key = '\Software\Policies\Microsoft\Windows\LanmanWorkstation' + Key = 'Software\Policies\Microsoft\Windows\LanmanWorkstation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowInsecureGuestAuth' ValueData = 0 } } - + if ($EnableScriptBlockLogging) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableScriptBlockLogging' ValueData = 1 } } - + if ($NoLockScreenSlideshow) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow' { - Key = '\Software\Policies\Microsoft\Windows\Personalization' + Key = 'Software\Policies\Microsoft\Windows\Personalization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoLockScreenSlideshow' ValueData = 1 } } - + if ($EnableScriptBlockInvocationLogging) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -500,24 +500,24 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 ValueData = '' } } - + # The following registry settings require String type handling for HardenedPaths, # thus they are implemented as separate conditions. if ($true) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON' { - Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\NETLOGON' ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' } } - + if ($true) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL' { - Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\SYSVOL' @@ -527,29 +527,29 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 if ($EnableTranscripting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableTranscripting' ValueData = 1 } } - + if ($OutputDirectory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'OutputDirectory' ValueData = 'C:\ProgramData\PS_Transcript' } } - + if ($EnableInvocationHeader) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -557,33 +557,33 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 ValueData = '' } } - + if ($DontDisplayNetworkSelectionUI) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DontDisplayNetworkSelectionUI' ValueData = 1 } } - + if ($EnumerateLocalUsers) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateLocalUsers' ValueData = 0 } } - + if ($EnableSmartScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableSmartScreen' @@ -594,62 +594,62 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 if ($AllowIndexingEncryptedStoresOrItems) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems' { - Key = '\Software\Policies\Microsoft\Windows\Windows Search' + Key = 'Software\Policies\Microsoft\Windows\Windows Search' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowIndexingEncryptedStoresOrItems' ValueData = 0 } } - + if ($WinRMClientAllowBasic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if ($WinRMClientAllowUnencryptedTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' ValueData = 0 } } - + if ($WinRMClientAllowDigest) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDigest' ValueData = 0 } } - + if ($WinRMServiceAllowBasic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if ($WinRMServiceAllowUnencryptedTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' @@ -660,62 +660,62 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 if ($DisableRunAs) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableRunAs' ValueData = 1 } } - + if ($DisableWebPnPDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload' { - Key = '\Software\Policies\Microsoft\Windows NT\Printers' + Key = 'Software\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWebPnPDownload' ValueData = 1 } } - + if ($DisableHTTPPrinting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting' { - Key = '\Software\Policies\Microsoft\Windows NT\Printers' + Key = 'Software\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableHTTPPrinting' ValueData = 1 } } - + if ($RestrictRemoteClients) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients' { - Key = '\Software\Policies\Microsoft\Windows NT\Rpc' + Key = 'Software\Policies\Microsoft\Windows NT\Rpc' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RestrictRemoteClients' ValueData = 1 } } - + if ($DisablePasswordSaving) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePasswordSaving' ValueData = 1 } } - + if ($fDisableCdm) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fDisableCdm' @@ -726,36 +726,36 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 if ($fPromptForPassword) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fPromptForPassword' ValueData = 1 } } - + if ($fEncryptRPCTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fEncryptRPCTraffic' ValueData = 1 } } - + if ($MinEncryptionLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinEncryptionLevel' ValueData = 3 } } - + if ($UseLogonCredential) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential' { @@ -766,7 +766,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 ValueData = 0 } } - + if ($SMB1) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters\SMB1' { @@ -777,7 +777,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 ValueData = 0 } } - + if ($SMB10Start) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\MrxSmb10\Start' { @@ -799,7 +799,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 ValueData = 1 } } - + if ($DisableIPSourceRouting) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting' { @@ -810,7 +810,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 ValueData = 2 } } - + if ($EnableICMPRedirect) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect' { @@ -821,7 +821,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 ValueData = 0 } } - + if ($DisableIPSourceRoutingIPv6) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting' { @@ -832,7 +832,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 ValueData = 2 } } - + if ($AuditCredentialValidationSuccess) { AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion' { @@ -841,7 +841,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditCredentialValidationFailure) { AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion' { @@ -859,7 +859,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditOtherAccountManagementFailure) { AuditPolicySubcategory 'Audit Other Account Management Events (Failure) - Inclusion' { @@ -868,7 +868,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditSecurityGroupManagementSuccess) { AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion' { @@ -877,7 +877,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditSecurityGroupManagementFailure) { AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion' { @@ -886,7 +886,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditUserAccountManagementSuccess) { AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion' { @@ -895,7 +895,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditUserAccountManagementFailure) { AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion' { @@ -904,7 +904,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditPNPActivitySuccess) { AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion' { @@ -913,7 +913,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditPNPActivityFailure) { AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion' { @@ -931,7 +931,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditProcessCreationFailure) { AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion' { @@ -940,7 +940,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditAccountLockoutFailure) { AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion' { @@ -949,7 +949,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditAccountLockoutSuccess) { AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion' { @@ -958,7 +958,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditGroupMembershipSuccess) { AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion' { @@ -967,7 +967,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditGroupMembershipFailure) { AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion' { @@ -976,7 +976,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditLogoffSuccess) { AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion' { @@ -994,7 +994,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditLogonSuccess) { AuditPolicySubcategory 'Audit Logon (Success) - Inclusion' { @@ -1003,7 +1003,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditLogonFailure) { AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion' { @@ -1012,7 +1012,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditSpecialLogonSuccess) { AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion' { @@ -1021,7 +1021,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditSpecialLogonFailure) { AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion' { @@ -1030,7 +1030,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditOtherObjectAccessEventsSuccess) { AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion' { @@ -1048,7 +1048,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditRemovableStorageSuccess) { AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion' { @@ -1057,7 +1057,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditRemovableStorageFailure) { AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion' { @@ -1066,7 +1066,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion' { @@ -1075,7 +1075,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditPolicyChangeFailure) { AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion' { @@ -1084,7 +1084,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditAuthenticationPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion' { @@ -1093,7 +1093,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditAuthenticationPolicyChangeFailure) { AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion' { @@ -1111,7 +1111,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditAuthorizationPolicyChangeFailure) { AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion' { @@ -1120,7 +1120,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditSensitivePrivilegeUseSuccess) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion' { @@ -1129,7 +1129,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditSensitivePrivilegeUseFailure) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion' { @@ -1138,7 +1138,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditIPsecDriverSuccess) { AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion' { @@ -1147,7 +1147,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditIPsecDriverFailure) { AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion' { @@ -1156,7 +1156,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditOtherSystemEventsSuccess) { AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion' { @@ -1165,7 +1165,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditOtherSystemEventsFailure) { AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion' { @@ -1183,7 +1183,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditSecurityStateChangeFailure) { AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion' { @@ -1192,7 +1192,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditSecuritySystemExtensionSuccess) { AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion' { @@ -1201,7 +1201,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditSecuritySystemExtensionFailure) { AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion' { @@ -1210,7 +1210,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditSystemIntegritySuccess) { AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion' { @@ -1219,7 +1219,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditSystemIntegrityFailure) { AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion' { @@ -1237,7 +1237,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditComputerAccountManagementFailure) { AuditPolicySubcategory 'Audit Computer Account Management (Failure) - Inclusion' { @@ -1246,7 +1246,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditDirectoryServiceAccessSuccess) { AuditPolicySubcategory 'Audit Directory Service Access (Success) - Inclusion' { @@ -1255,7 +1255,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditDirectoryServiceAccessFailure) { AuditPolicySubcategory 'Audit Directory Service Access (Failure) - Inclusion' { @@ -1264,7 +1264,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Failure' } } - + if ($AuditDirectoryServiceChangesSuccess) { AuditPolicySubcategory 'Audit Directory Service Changes (Success) - Inclusion' { @@ -1273,7 +1273,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 AuditFlag = 'Success' } } - + if ($AuditDirectoryServiceChangesFailure) { AuditPolicySubcategory 'Audit Directory Service Changes (Failure) - Inclusion' { @@ -1289,7 +1289,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' } } - + if ($NetworkAccessRestrictAnonymousAccess) { SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' { @@ -1297,7 +1297,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' } } - + if ($DomainMemberRequireStrongSessionKey) { SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key' { @@ -1305,7 +1305,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled' } } - + if ($UserAccountControlOnlyElevateUIAccess) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' { @@ -1313,7 +1313,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' } } - + if ($SystemCryptographyForceStrongKeyProtection) { SecurityOption 'SecurityRegistry(INF): System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer' { @@ -1321,7 +1321,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer = 'User must enter a password each time they use a key' } } - + if ($NetworkSecurityConfigureEncryptionTypesAllowedForKerberos) { SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos' { @@ -1329,7 +1329,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos' } } - + if ($MicrosoftNetworkServerDigitallySignCommunications) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_if_client_agrees' { @@ -1344,7 +1344,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM = 'O:BAG:BAD:(A;;RC;;;BA)' } } - + if ($SystemCryptographyUseFIPSCompliantAlgorithms) { SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' { @@ -1352,7 +1352,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' } } - + if ($NetworkSecurityLANManagerAuthenticationLevel) { SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level' { @@ -1360,7 +1360,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Network_security_LAN_Manager_authentication_level' } } - + if ($NetworkSecurityAllowLocalSystemToUseComputerIdentity) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM' { @@ -1368,7 +1368,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM' } } - + if ($InteractiveLogonMessageTitle) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on' { @@ -1376,7 +1376,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Interactive_logon_Message_title_for_users_attempting_to_log_on = 'US Department of Defense Warning Statement' } } - + if ($DomainMemberDigitallySignSecureChannelData) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible' { @@ -1391,7 +1391,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop' } } - + if ($InteractiveLogonSmartCardRemovalBehavior) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior' { @@ -1399,7 +1399,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Interactive_logon_Smart_card_removal_behavior' } } - + if ($AccountsLimitLocalAccountUseOfBlankPasswords) { SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' { @@ -1407,7 +1407,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' } } - + if ($UserAccountControlVirtualizeWriteFailures) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' { @@ -1415,7 +1415,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' } } - + if ($InteractiveLogonMessageText) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on' { @@ -1423,7 +1423,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on' } } - + if ($NetworkAccessLetEveryonePermissionsApply) { SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users' { @@ -1431,7 +1431,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users' } } - + if ($DomainMemberDigitallyEncryptSecureChannelData) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible' { @@ -1439,7 +1439,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled' } } - + if ($UserAccountControlBehaviorOfElevationPrompt) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' { @@ -1455,7 +1455,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Microsoft_network_server_Digitally_sign_communications_always' } } - + if ($MicrosoftNetworkClientDigitallySignCommunicationsAlways) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always' { @@ -1463,7 +1463,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Microsoft_network_client_Digitally_sign_communications_always' } } - + if ($NetworkSecurityMinimumSessionSecurityForNTLMSSP) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' { @@ -1471,7 +1471,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked' } } - + if ($DomainMemberDisableMachineAccountPasswordChanges) { SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes' { @@ -1479,7 +1479,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Domain_member_Disable_machine_account_password_changes' } } - + if ($MicrosoftNetworkClientDigitallySignCommunicationsIfServerAgrees) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_if_server_agrees' { @@ -1487,7 +1487,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Microsoft_network_client_Digitally_sign_communications_if_server_agrees = 'Enabled' } } - + if ($UserAccountControlDetectApplicationInstallations) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation' { @@ -1503,7 +1503,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled' } } - + if ($NetworkSecurityAllowLocalSystemNullSessionFallback) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback' { @@ -1511,7 +1511,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled' } } - + if ($UserAccountControlAdminApprovalMode) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' { @@ -1519,7 +1519,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' } } - + if ($MicrosoftNetworkClientSendUnencryptedPassword) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' { @@ -1527,7 +1527,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' } } - + if ($NetworkSecurityMinimumSessionSecurityForNTLMSSPServers) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' { @@ -1535,7 +1535,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked' } } - + if ($InteractiveLogonNumberOfPreviousLogonsToCache) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' { @@ -1551,7 +1551,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Domain_member_Maximum_machine_account_password_age = '30' } } - + if ($NetworkAccessDoNotAllowAnonymousEnumerationSAMAndShares) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' { @@ -1559,7 +1559,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled' } } - + if ($AuditForceAuditPolicySubcategorySettings) { SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' { @@ -1567,7 +1567,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled' } } - + if ($SystemObjectsStrengthenDefaultPermissions) { SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' { @@ -1575,7 +1575,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' } } - + if ($NetworkSecurityAllowPKU2UAuthenticationRequests) { SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities' { @@ -1583,7 +1583,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities' } } - + if ($InteractiveLogonMachineInactivityLimit) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit' { @@ -1599,7 +1599,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled' } } - + if ($DomainMemberDigitallyEncryptOrSignDataAlways) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' { @@ -1607,7 +1607,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' } } - + if ($NetworkSecurityLDAPClientSigningRequirements) { SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements' { @@ -1615,7 +1615,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Network_security_LDAP_client_signing_requirements = 'Negotiate Signing' } } - + if ($UserAccountControlBehaviorElevationPrompt) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' { @@ -1623,7 +1623,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop' } } - + if ($AccountLockoutDurationEnabled) { AccountPolicy 'SecuritySetting(INF): LockoutDuration' { @@ -1631,7 +1631,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Account_lockout_duration' } } - + if ($AccountLockoutThresholdEnabled) { AccountPolicy 'SecuritySetting(INF): LockoutBadCount' { @@ -1647,7 +1647,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Reset_account_lockout_counter_after' } } - + if ($AccountsRenameGuestAccount) { SecurityOption 'SecuritySetting(INF): NewGuestName' { @@ -1655,7 +1655,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Accounts_Rename_guest_account = 'Visitor' } } - + if ($MinimumPasswordAgeEnabled) { AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge' { @@ -1663,7 +1663,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Minimum_Password_Age = 1 } } - + if ($PasswordComplexityEnabled) { AccountPolicy 'SecuritySetting(INF): PasswordComplexity' { @@ -1671,7 +1671,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Password_must_meet_complexity_requirements' } } - + if ($PasswordHistoryEnforcementEnabled) { AccountPolicy 'SecuritySetting(INF): PasswordHistorySize' { @@ -1679,7 +1679,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Enforce_password_history = 24 } } - + if ($NetworkAccessAllowAnonymousSIDNameTranslation) { SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup' { @@ -1695,7 +1695,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Minimum_Password_Length = 14 } } - + if ($AccountsRenameAdministratorAccount) { SecurityOption 'SecuritySetting(INF): NewAdministratorName' { @@ -1703,7 +1703,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Accounts_Rename_administrator_account' } } - + if ($AccountsGuestAccountStatusEnabled) { SecurityOption 'SecuritySetting(INF): EnableGuestAccount' { @@ -1711,7 +1711,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Accounts_Guest_account_status = 'Disabled' } } - + if ($MaximumPasswordAgeEnabled) { AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge' { @@ -1719,7 +1719,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Maximum_Password_Age' } } - + if ($ClearTextPasswordEnabled) { AccountPolicy 'SecuritySetting(INF): ClearTextPassword' { @@ -1736,7 +1736,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation' } } - + if ($AccessThisComputerFromTheNetwork) { UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network' { @@ -1745,7 +1745,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Access_this_computer_from_the_network' } } - + if ($BackUpFilesAndDirectories) { UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories' { @@ -1754,7 +1754,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Back_up_files_and_directories' } } - + if ($ImpersonateClientAfterAuthentication) { UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication' { @@ -1763,7 +1763,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Impersonate_a_client_after_authentication' } } - + if ($PerformVolumeMaintenanceTasks) { UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks' { @@ -1781,7 +1781,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Load_and_unload_device_drivers' } } - + if ($LockPagesInMemory) { UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory' { @@ -1790,7 +1790,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Lock_pages_in_memory' } } - + if ($TakeOwnershipOfFilesOrOtherObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects' { @@ -1799,7 +1799,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Take_ownership_of_files_or_other_objects' } } - + if ($CreatePermanentSharedObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects' { @@ -1817,7 +1817,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Deny_access_to_this_computer_from_the_network' } } - + if ($CreateGlobalObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects' { @@ -1826,7 +1826,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Create_global_objects' } } - + if ($DenyLogOnAsABatchJob) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job' { @@ -1835,7 +1835,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Deny_log_on_as_a_batch_job' } } - + if ($RestoreFilesAndDirectories) { UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories' { @@ -1853,7 +1853,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Access_Credential_Manager_as_a_trusted_caller' } } - + if ($DenyLogOnAsAService) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service' { @@ -1862,7 +1862,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Deny_log_on_as_a_service' } } - + if ($IncreaseSchedulingPriority) { UserRightsAssignment 'UserRightsAssignment(INF): Increase_scheduling_priority' { @@ -1871,7 +1871,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Increase_scheduling_priority' } } - + if ($ForceShutdownFromRemoteSystem) { UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system' { @@ -1880,7 +1880,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Force_shutdown_from_a_remote_system' } } - + if ($GenerateSecurityAudits) { UserRightsAssignment 'UserRightsAssignment(INF): Generate_security_audits' { @@ -1889,7 +1889,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Generate_security_audits' } } - + if ($DenyLogOnLocally) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally' { @@ -1898,7 +1898,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Deny_log_on_locally' } } - + if ($CreateSymbolicLinks) { UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links' { @@ -1916,7 +1916,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Debug_programs' } } - + if ($AllowLogOnLocally) { UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally' { @@ -1925,7 +1925,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Allow_log_on_locally' } } - + if ($ManageAuditingAndSecurityLog) { UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log' { @@ -1934,7 +1934,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Manage_auditing_and_security_log' } } - + if ($ActAsPartOfTheOperatingSystem) { UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system' { @@ -1943,7 +1943,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Act_as_part_of_the_operating_system' } } - + if ($ProfileSingleProcess) { UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process' { @@ -1961,7 +1961,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Create_a_token_object' } } - + if ($ModifyFirmwareEnvironmentValues) { UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values' { @@ -1970,7 +1970,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Modify_firmware_environment_values' } } - + if ($CreateAPagefile) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile' { @@ -1979,7 +1979,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Create_a_pagefile' } } - + if ($DenyLogOnThroughRemoteDesktopServices) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services' { @@ -1988,7 +1988,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Policy = 'Deny_log_on_through_Remote_Desktop_Services' } } - + if ($DomainControllerLDAPServerSigningRequirements) { SecurityOption 'SecurityRegistry(INF): Domain_controller_LDAP_server_signing_requirements' { @@ -1996,7 +1996,7 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 Name = 'Domain_controller_LDAP_server_signing_requirements' } } - + if ($DomainControllerRefuseMachineAccountPasswordChanges) { SecurityOption 'SecurityRegistry(INF): Domain_controller_Refuse_machine_account_password_changes' { @@ -2005,4 +2005,3 @@ configuration DoD_WinSvr_2016_MS_and_DC_v2r9 } } } - diff --git a/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.schema.psm1 b/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.schema.psm1 index 5442364..9eee905 100644 --- a/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.schema.psm1 +++ b/DSCResources/DoD_WinSvr_2019_MS_and_DC_v3r2/DoD_WinSvr_2019_MS_and_DC_v3r2.schema.psm1 @@ -212,62 +212,62 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($EnumerateAdministrators) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateAdministrators' ValueData = 0 } } - + if ($NoAutorun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutorun' ValueData = 1 } } - + if ($NoDriveTypeAutoRun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDriveTypeAutoRun' ValueData = 255 } } - + if ($PasswordComplexity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordComplexity' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordComplexity' ValueData = 4 } } - + if ($PasswordLength) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordLength' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordLength' ValueData = 14 } } - + if ($PasswordAgeDays) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordAgeDays' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordAgeDays' @@ -278,73 +278,73 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($DisableAutomaticRestartSignOn) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableAutomaticRestartSignOn' ValueData = 1 } } - + if ($LocalAccountTokenFilterPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LocalAccountTokenFilterPolicy' ValueData = 0 } } - + if ($ProcessCreationIncludeCmdLine_Enabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ProcessCreationIncludeCmdLine_Enabled' ValueData = 1 } } - + if ($DisableEnclosureDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds' + Key = 'Software\Policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableEnclosureDownload' ValueData = 1 } } - + if ($DCSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex' { - Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DCSettingIndex' ValueData = 1 } } - + if ($ACSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex' { - Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ACSettingIndex' ValueData = 1 } } - + if ($DisableInventory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory' { - Key = '\Software\Policies\Microsoft\Windows\AppCompat' + Key = 'Software\Policies\Microsoft\Windows\AppCompat' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableInventory' @@ -355,51 +355,51 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($AllowProtectedCreds) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds' { - Key = '\Software\Policies\Microsoft\Windows\CredentialsDelegation' + Key = 'Software\Policies\Microsoft\Windows\CredentialsDelegation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowProtectedCreds' ValueData = 1 } } - + if ($AllowTelemetry) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry' { - Key = '\Software\Policies\Microsoft\Windows\DataCollection' + Key = 'Software\Policies\Microsoft\Windows\DataCollection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowTelemetry' ValueData = 1 } } - + if ($DODownloadMode) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeliveryOptimization\DODownloadMode' { - Key = '\Software\Policies\Microsoft\Windows\DeliveryOptimization' + Key = 'Software\Policies\Microsoft\Windows\DeliveryOptimization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DODownloadMode' ValueData = 2 } } - + if ($EnableVirtualizationBasedSecurity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableVirtualizationBasedSecurity' ValueData = 1 } } - + if ($RequirePlatformSecurityFeatures) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RequirePlatformSecurityFeatures' @@ -410,62 +410,62 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($HypervisorEnforcedCodeIntegrity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HypervisorEnforcedCodeIntegrity' ValueData = 3 } } - + if ($HVCIMATRequired) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HVCIMATRequired' ValueData = 0 } } - + if ($LsaCfgFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LsaCfgFlags' ValueData = 1 } } - + if ($ConfigureSystemGuardLaunch) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ConfigureSystemGuardLaunch' ValueData = 0 } } - + if ($MaxSizeApplication) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\Application' + Key = 'Software\Policies\Microsoft\Windows\EventLog\Application' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($MaxSizeSecurity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\Security' + Key = 'Software\Policies\Microsoft\Windows\EventLog\Security' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' @@ -476,40 +476,40 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($MaxSizeSystem) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\System' + Key = 'Software\Policies\Microsoft\Windows\EventLog\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($NoAutoplayfornonVolume) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume' { - Key = '\Software\Policies\Microsoft\Windows\Explorer' + Key = 'Software\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutoplayfornonVolume' ValueData = 1 } } - + if ($NoBackgroundPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' { - Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoBackgroundPolicy' ValueData = 0 } } - + if ($NoGPOListChanges) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' { - Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoGPOListChanges' @@ -520,62 +520,62 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($EnableUserControl) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableUserControl' ValueData = 0 } } - + if ($AlwaysInstallElevated) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AlwaysInstallElevated' ValueData = 0 } } - + if ($AllowInsecureGuestAuth) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' { - Key = '\Software\Policies\Microsoft\Windows\LanmanWorkstation' + Key = 'Software\Policies\Microsoft\Windows\LanmanWorkstation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowInsecureGuestAuth' ValueData = 0 } } - + if ($HardenedPaths_NETLOGON) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON' { - Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\NETLOGON' ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' } } - + if ($HardenedPaths_SYSVOL) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL' { - Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\SYSVOL' ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' } } - + if ($NoLockScreenSlideshow) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow' { - Key = '\Software\Policies\Microsoft\Windows\Personalization' + Key = 'Software\Policies\Microsoft\Windows\Personalization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoLockScreenSlideshow' @@ -586,18 +586,18 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($EnableScriptBlockLogging) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableScriptBlockLogging' ValueData = 1 } } - + if (-not $EnableScriptBlockInvocationLogging) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -605,33 +605,33 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 ValueData = '' } } - + if ($EnableTranscripting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableTranscripting' ValueData = 1 } } - + if ($SetOutputDirectory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'OutputDirectory' ValueData = 'C:\ProgramData\PS_Transcript' # Default output directory } } - + if (-not $EnableInvocationHeader) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -639,11 +639,11 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 ValueData = '' } } - + if ($DontDisplayNetworkSelectionUI) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DontDisplayNetworkSelectionUI' @@ -654,62 +654,62 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if (-not $EnumerateLocalUsers) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateLocalUsers' ValueData = 0 } } - + if ($EnableSmartScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableSmartScreen' ValueData = 1 } } - + if (-not $AllowIndexingEncryptedStoresOrItems) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems' { - Key = '\Software\Policies\Microsoft\Windows\Windows Search' + Key = 'Software\Policies\Microsoft\Windows\Windows Search' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowIndexingEncryptedStoresOrItems' ValueData = 0 } } - + if (-not $AllowBasic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if (-not $AllowUnencryptedTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' ValueData = 0 } } - + if (-not $AllowDigest) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDigest' @@ -720,62 +720,62 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if (-not $AllowBasic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if (-not $AllowUnencryptedTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' ValueData = 0 } } - + if ($DisableRunAs) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableRunAs' ValueData = 1 } } - + if ($DisableWebPnPDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload' { - Key = '\Software\Policies\Microsoft\Windows NT\Printers' + Key = 'Software\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWebPnPDownload' ValueData = 1 } } - + if ($DisableHTTPPrinting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting' { - Key = '\Software\Policies\Microsoft\Windows NT\Printers' + Key = 'Software\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableHTTPPrinting' ValueData = 1 } } - + if ($RestrictRemoteClients) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients' { - Key = '\Software\Policies\Microsoft\Windows NT\Rpc' + Key = 'Software\Policies\Microsoft\Windows NT\Rpc' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RestrictRemoteClients' @@ -786,62 +786,62 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($DisablePasswordSaving) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePasswordSaving' ValueData = 1 } } - + if ($fDisableCdm) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fDisableCdm' ValueData = 1 } } - + if ($fPromptForPassword) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fPromptForPassword' ValueData = 1 } } - + if ($fEncryptRPCTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fEncryptRPCTraffic' ValueData = 1 } } - + if ($SetMinEncryptionLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinEncryptionLevel' ValueData = 3 # Set to a default value if condition is true } } - + if (-not $UseLogonCredential) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential' { - Key = '\System\CurrentControlSet\Control\SecurityProviders\WDigest' + Key = 'System\CurrentControlSet\Control\SecurityProviders\WDigest' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseLogonCredential' @@ -852,51 +852,51 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($DisableSMB1) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters\SMB1' { - Key = '\System\CurrentControlSet\Services\LanmanServer\Parameters' + Key = 'System\CurrentControlSet\Services\LanmanServer\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SMB1' ValueData = 0 } } - + if ($StopMrxSmb10) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\MrxSmb10\Start' { - Key = '\System\CurrentControlSet\Services\MrxSmb10' + Key = 'System\CurrentControlSet\Services\MrxSmb10' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Start' ValueData = 4 } } - + if ($NoNameReleaseOnDemand) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand' { - Key = '\System\CurrentControlSet\Services\Netbt\Parameters' + Key = 'System\CurrentControlSet\Services\Netbt\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoNameReleaseOnDemand' ValueData = 1 } } - + if ($DisableIPSourceRouting) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting' { - Key = '\System\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'System\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' ValueData = 2 } } - + if ($DisableICMPRedirect) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect' { - Key = '\System\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'System\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableICMPRedirect' @@ -907,14 +907,14 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 if ($DisableIPSourceRouting) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting' { - Key = '\System\CurrentControlSet\Services\Tcpip6\Parameters' + Key = 'System\CurrentControlSet\Services\Tcpip6\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' ValueData = 2 } } - + if ($AuditCredentialValidationSuccess) { AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion' { @@ -923,7 +923,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if ($AuditCredentialValidationFailure) { AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion' { @@ -932,7 +932,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditOtherAccountManagementEventsSuccess) { AuditPolicySubcategory 'Audit Other Account Management Events (Success) - Inclusion' { @@ -941,7 +941,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditOtherAccountManagementEventsFailure) { AuditPolicySubcategory 'Audit Other Account Management Events (Failure) - Inclusion' { @@ -950,7 +950,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditSecurityGroupManagementSuccess) { AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion' { @@ -959,7 +959,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditSecurityGroupManagementFailure) { AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion' { @@ -968,7 +968,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditUserAccountManagementSuccess) { AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion' { @@ -986,7 +986,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditPNPActivitySuccess) { AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion' { @@ -995,7 +995,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditPNPActivityFailure) { AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion' { @@ -1004,7 +1004,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditProcessCreationSuccess) { AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion' { @@ -1013,7 +1013,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditProcessCreationFailure) { AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion' { @@ -1022,7 +1022,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditAccountLockoutFailure) { AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion' { @@ -1031,7 +1031,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if (-not $AuditAccountLockoutSuccess) { AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion' { @@ -1049,7 +1049,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditGroupMembershipFailure) { AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion' { @@ -1058,7 +1058,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditLogoffSuccess) { AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion' { @@ -1067,7 +1067,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditLogoffFailure) { AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion' { @@ -1076,7 +1076,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditLogonSuccess) { AuditPolicySubcategory 'Audit Logon (Success) - Inclusion' { @@ -1085,7 +1085,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if ($AuditLogonFailure) { AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion' { @@ -1103,7 +1103,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditSpecialLogonFailure) { AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion' { @@ -1112,7 +1112,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditOtherObjectAccessEventsSuccess) { AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion' { @@ -1121,7 +1121,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if ($AuditOtherObjectAccessEventsFailure) { AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion' { @@ -1130,7 +1130,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditRemovableStorageSuccess) { AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion' { @@ -1139,7 +1139,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if ($AuditRemovableStorageFailure) { AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion' { @@ -1148,7 +1148,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion' { @@ -1166,7 +1166,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditAuthenticationPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion' { @@ -1175,7 +1175,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditAuthenticationPolicyChangeFailure) { AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion' { @@ -1184,7 +1184,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditAuthorizationPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion' { @@ -1193,7 +1193,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditAuthorizationPolicyChangeFailure) { AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion' { @@ -1202,7 +1202,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditSensitivePrivilegeUseSuccess) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion' { @@ -1220,7 +1220,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditIPsecDriverSuccess) { AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion' { @@ -1229,7 +1229,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if ($AuditIPsecDriverFailure) { AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion' { @@ -1238,7 +1238,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditOtherSystemEventsSuccess) { AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion' { @@ -1247,7 +1247,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if ($AuditOtherSystemEventsFailure) { AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion' { @@ -1256,7 +1256,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditSecurityStateChangeSuccess) { AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion' { @@ -1265,7 +1265,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditSecurityStateChangeFailure) { AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion' { @@ -1283,7 +1283,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditSecuritySystemExtensionFailure) { AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion' { @@ -1292,7 +1292,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditSystemIntegritySuccess) { AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion' { @@ -1301,7 +1301,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if ($AuditSystemIntegrityFailure) { AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion' { @@ -1310,7 +1310,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditComputerAccountManagementSuccess) { AuditPolicySubcategory 'Audit Computer Account Management (Success) - Inclusion' { @@ -1319,7 +1319,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditComputerAccountManagementFailure) { AuditPolicySubcategory 'Audit Computer Account Management (Failure) - Inclusion' { @@ -1337,7 +1337,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if ($AuditDirectoryServiceAccessFailure) { AuditPolicySubcategory 'Audit Directory Service Access (Failure) - Inclusion' { @@ -1346,7 +1346,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + if ($AuditDirectoryServiceChangesSuccess) { AuditPolicySubcategory 'Audit Directory Service Changes (Success) - Inclusion' { @@ -1355,7 +1355,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Success' } } - + if (-not $AuditDirectoryServiceChangesFailure) { AuditPolicySubcategory 'Audit Directory Service Changes (Failure) - Inclusion' { @@ -1364,7 +1364,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 AuditFlag = 'Failure' } } - + SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM' { Name = 'Network_access_Restrict_clients_allowed_to_make_remote_calls_to_SAM' @@ -1378,7 +1378,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' } } - + if ($RequireStrongSessionKey) { SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key' { @@ -1386,7 +1386,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled' } } - + if ($ElevateUIAccessApplications) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' { @@ -1394,7 +1394,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' } } - + if ($MinimumSessionSecurityForNTLM) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' { @@ -1402,7 +1402,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked' } } - + if ($DigitallySignCommunicationsIfClientAgrees) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_if_client_agrees' { @@ -1410,7 +1410,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Microsoft_network_server_Digitally_sign_communications_if_client_agrees = 'Enabled' } } - + if (-not $AllowLocalSystemNullSessionFallback) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback' { @@ -1418,7 +1418,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Network_security_Allow_LocalSystem_NULL_session_fallback = 'Disabled' } } - + if ($UseFIPSCompliantAlgorithms) { SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' { @@ -1426,7 +1426,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' } } - + if ($LANManagerAuthenticationLevel) { SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level' { @@ -1434,7 +1434,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Network_security_LAN_Manager_authentication_level' } } - + if ($AllowLocalSystemToUseComputerIdentityForNTLM) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM' { @@ -1450,7 +1450,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Interactive_logon_Message_title_for_users_attempting_to_log_on = 'US Department of Defense Warning Statement' } } - + if ($DigitallySignSecureChannelData) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible' { @@ -1458,7 +1458,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible' } } - + if ($AllowUIAccessApplicationsElevation) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop' { @@ -1466,7 +1466,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop' } } - + if ($LimitLocalAccountUseOfBlankPasswords) { SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' { @@ -1474,7 +1474,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' } } - + if ($VirtualizeFileAndRegistryWriteFailures) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' { @@ -1482,7 +1482,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' } } - + if ($InteractiveLogonMachineInactivityLimit) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit' { @@ -1490,7 +1490,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Interactive_logon_Machine_inactivity_limit = '900' } } - + if ($InteractiveLogonMessageText) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on' { @@ -1498,7 +1498,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on' } } - + if ($DigitallyEncryptSecureChannelData) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible' { @@ -1514,7 +1514,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' } } - + if ($AdminApprovalModeForBuiltInAdmin) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' { @@ -1522,7 +1522,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' } } - + if ($DigitallySignCommunicationsAlwaysForServer) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always' { @@ -1530,7 +1530,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Microsoft_network_server_Digitally_sign_communications_always' } } - + if ($DigitallySignCommunicationsAlwaysForClient) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always' { @@ -1538,7 +1538,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Microsoft_network_client_Digitally_sign_communications_always' } } - + if ($MinimumSessionSecurityForNTLM) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' { @@ -1546,7 +1546,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked' } } - + if (-not $DisableMachineAccountPasswordChanges) { SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes' { @@ -1554,7 +1554,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Domain_member_Disable_machine_account_password_changes' } } - + if ($RunAllAdministratorsInAdminApprovalMode) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' { @@ -1570,7 +1570,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Microsoft_network_client_Digitally_sign_communications_if_server_agrees = 'Enabled' } } - + if ($DetectApplicationInstallationsAndPromptForElevation) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation' { @@ -1578,7 +1578,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation' } } - + if ($DoNotAllowAnonymousEnumerationOfSAMAccounts) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' { @@ -1586,7 +1586,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled' } } - + if ($ConfigureEncryptionTypesForKerberos) { SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos' { @@ -1594,7 +1594,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos' } } - + if (-not $SendUnencryptedPasswordToThirdPartySMBServers) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' { @@ -1602,7 +1602,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' } } - + if ($CachePreviousLogons) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' { @@ -1610,7 +1610,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' } } - + if ($SetMaximumMachineAccountPasswordAge) { SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age' { @@ -1626,7 +1626,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled' } } - + if ($ForceAuditPolicySubcategorySettings) { SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' { @@ -1634,7 +1634,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled' } } - + if ($StrengthenDefaultPermissionsOfInternalSystemObjects) { SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' { @@ -1642,7 +1642,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' } } - + if (-not $AllowPKU2UAuthenticationRequests) { SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities' { @@ -1650,7 +1650,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities' } } - + if ($DigitallyEncryptOrSignSecureChannelDataAlways) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' { @@ -1658,7 +1658,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' } } - + if ($SmartCardRemovalBehaviorLockWorkstation) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior' { @@ -1666,7 +1666,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Interactive_logon_Smart_card_removal_behavior' } } - + if ($DoNotStoreLANManagerHashValueOnNextPasswordChange) { SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' { @@ -1682,7 +1682,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users' } } - + if ($LDAPClientSigningRequirements) { SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements' { @@ -1690,7 +1690,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Network_security_LDAP_client_signing_requirements = 'Negotiate Signing' } } - + if ($ForceStrongKeyProtectionForUserKeys) { SecurityOption 'SecurityRegistry(INF): System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer' { @@ -1698,7 +1698,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer = 'User must enter a password each time they use a key' } } - + if ($BehaviorOfElevationPromptForAdmins) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' { @@ -1706,7 +1706,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop' } } - + if ($SetLockoutDuration) { AccountPolicy 'SecuritySetting(INF): LockoutDuration' { @@ -1714,7 +1714,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Account_lockout_duration' } } - + if ($SetLockoutThreshold) { AccountPolicy 'SecuritySetting(INF): LockoutBadCount' { @@ -1722,7 +1722,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Account_lockout_threshold' } } - + if ($SetResetLockoutCount) { AccountPolicy 'SecuritySetting(INF): ResetLockoutCount' { @@ -1730,7 +1730,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Reset_account_lockout_counter_after' } } - + if ($RenameGuestAccount) { SecurityOption 'SecuritySetting(INF): NewGuestName' { @@ -1746,7 +1746,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Minimum_Password_Age = '1' } } - + if ($EnablePasswordComplexity) { AccountPolicy 'SecuritySetting(INF): PasswordComplexity' { @@ -1754,7 +1754,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Password_must_meet_complexity_requirements' } } - + if ($SetPasswordHistorySize) { AccountPolicy 'SecuritySetting(INF): PasswordHistorySize' { @@ -1762,7 +1762,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Enforce_password_history = '24' } } - + if ($DisableAnonymousSIDNameLookup) { SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup' { @@ -1770,7 +1770,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Network_access_Allow_anonymous_SID_Name_translation' } } - + if ($SetMinimumPasswordLength) { AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength' { @@ -1778,7 +1778,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Minimum_Password_Length = '14' } } - + if ($RenameAdministratorAccount) { SecurityOption 'SecuritySetting(INF): NewAdministratorName' { @@ -1786,7 +1786,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Accounts_Rename_administrator_account' } } - + if ($DisableGuestAccount) { SecurityOption 'SecuritySetting(INF): EnableGuestAccount' { @@ -1794,7 +1794,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Accounts_Guest_account_status = 'Disabled' } } - + if ($SetMaximumPasswordAge) { AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge' { @@ -1810,7 +1810,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Store_passwords_using_reversible_encryption = 'Disabled' } } - + if ($EnableTrustedForDelegation) { UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation' { @@ -1819,7 +1819,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation' } } - + if ($AccessThisComputerFromNetwork) { UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network' { @@ -1828,7 +1828,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Access_this_computer_from_the_network' } } - + if ($BackupFilesAndDirectories) { UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories' { @@ -1837,7 +1837,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Back_up_files_and_directories' } } - + if ($ImpersonateClientAfterAuthentication) { UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication' { @@ -1846,7 +1846,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Impersonate_a_client_after_authentication' } } - + if ($PerformVolumeMaintenanceTasks) { UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks' { @@ -1864,7 +1864,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Load_and_unload_device_drivers' } } - + if ($LockPagesInMemory) { UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory' { @@ -1873,7 +1873,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Lock_pages_in_memory' } } - + if ($TakeOwnershipOfFilesOrOtherObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects' { @@ -1882,7 +1882,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Take_ownership_of_files_or_other_objects' } } - + if ($CreatePermanentSharedObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects' { @@ -1891,7 +1891,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Create_permanent_shared_objects' } } - + if ($DenyAccessFromNetwork) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network' { @@ -1900,7 +1900,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Deny_access_to_this_computer_from_the_network' } } - + if ($CreateGlobalObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects' { @@ -1910,7 +1910,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 } } - + if ($DenyLogOnAsBatchJob) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job' { @@ -1982,7 +1982,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Deny_log_on_locally' } } - + if ($CreateSymbolicLinks) { UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links' { @@ -1991,7 +1991,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Create_symbolic_links' } } - + if ($DebugPrograms) { UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs' { @@ -2000,7 +2000,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Debug_programs' } } - + if ($AllowLogOnLocally) { UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally' { @@ -2009,7 +2009,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Allow_log_on_locally' } } - + if ($ManageAuditingAndSecurityLog) { UserRightsAssignment 'UserRightsAssignment(INF): Manage_auditing_and_security_log' { @@ -2027,7 +2027,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Act_as_part_of_the_operating_system' } } - + if ($ProfileSingleProcess) { UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process' { @@ -2036,7 +2036,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Profile_single_process' } } - + if ($CreateATokenObject) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object' { @@ -2045,7 +2045,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Create_a_token_object' } } - + if ($ModifyFirmwareEnvironmentValues) { UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values' { @@ -2063,7 +2063,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Create_a_pagefile' } } - + if ($DenyLogOnThroughRemoteDesktopServices) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services' { @@ -2072,7 +2072,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Deny_log_on_through_Remote_Desktop_Services' } } - + if ($RequireLDAPServerSigning) { SecurityOption 'SecurityRegistry(INF): Domain_controller_LDAP_server_signing_requirements' { @@ -2080,7 +2080,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Name = 'Domain_controller_LDAP_server_signing_requirements' } } - + if ($RefuseMachineAccountPasswordChanges) { SecurityOption 'SecurityRegistry(INF): Domain_controller_Refuse_machine_account_password_changes' { @@ -2088,7 +2088,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Domain_controller_Refuse_machine_account_password_changes = 'Disabled' } } - + if ($AddWorkstationsToDomain) { UserRightsAssignment 'UserRightsAssignment(INF): Add_workstations_to_domain' { @@ -2097,7 +2097,7 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 Policy = 'Add_workstations_to_domain' } } - + if ($AllowLogOnThroughRemoteDesktopServices) { UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_through_Remote_Desktop_Services' { @@ -2107,4 +2107,3 @@ configuration DoD_WinSvr_2019_MS_and_DC_v3r2 } } } - diff --git a/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.schema.psm1 b/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.schema.psm1 index 02a2297..ef2f064 100644 --- a/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.schema.psm1 +++ b/DSCResources/DoD_WinSvr_2022_MS_and_DC_v2r2/DoD_WinSvr_2022_MS_and_DC_v2r2.schema.psm1 @@ -217,8 +217,8 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 [bool]$Ticket_Validate_Client = $true, [bool]$Max_Renew_Age = $true ) - - + + Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' Import-DSCResource -ModuleName 'AuditPolicyDSC' Import-DSCResource -ModuleName 'SecurityPolicyDSC' @@ -226,62 +226,62 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if ($EnumerateAdministrators) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateAdministrators' ValueData = 0 } } - + if ($NoAutorun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutorun' ValueData = 1 } } - + if ($NoDriveTypeAutoRun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDriveTypeAutoRun' ValueData = 255 } } - + if ($PreXPSP2ShellProtocolBehavior) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreXPSP2ShellProtocolBehavior' ValueData = 0 } } - + if ($PasswordComplexity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordComplexity' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordComplexity' ValueData = 4 } } - + if ($PasswordLength) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordLength' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordLength' @@ -292,51 +292,51 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if ($PasswordAgeDays) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordAgeDays' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordAgeDays' ValueData = 60 } } - + if ($DisableAutomaticRestartSignOn) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableAutomaticRestartSignOn' ValueData = 1 } } - + if ($LocalAccountTokenFilterPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LocalAccountTokenFilterPolicy' ValueData = 0 } } - + if ($ProcessCreationIncludeCmdLine_Enabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ProcessCreationIncludeCmdLine_Enabled' ValueData = 1 } } - + if ($DisableEnclosureDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds' + Key = 'Software\Policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableEnclosureDownload' @@ -347,51 +347,51 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if ($AllowBasicAuthInClear) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds' + Key = 'Software\Policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasicAuthInClear' ValueData = 0 } } - + if ($DCSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex' { - Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DCSettingIndex' ValueData = 1 } } - + if ($ACSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex' { - Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ACSettingIndex' ValueData = 1 } } - + if ($DisableInventory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory' { - Key = '\Software\Policies\Microsoft\Windows\AppCompat' + Key = 'Software\Policies\Microsoft\Windows\AppCompat' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableInventory' ValueData = 1 } } - + if ($AllowProtectedCreds) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds' { - Key = '\Software\Policies\Microsoft\Windows\CredentialsDelegation' + Key = 'Software\Policies\Microsoft\Windows\CredentialsDelegation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowProtectedCreds' @@ -402,62 +402,62 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if ($AllowTelemetry) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry' { - Key = '\Software\Policies\Microsoft\Windows\DataCollection' + Key = 'Software\Policies\Microsoft\Windows\DataCollection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowTelemetry' ValueData = 1 } } - + if ($DODownloadMode) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeliveryOptimization\DODownloadMode' { - Key = '\Software\Policies\Microsoft\Windows\DeliveryOptimization' + Key = 'Software\Policies\Microsoft\Windows\DeliveryOptimization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DODownloadMode' ValueData = 2 } } - + if ($EnableVirtualizationBasedSecurity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableVirtualizationBasedSecurity' ValueData = 1 } } - + if ($RequirePlatformSecurityFeatures) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RequirePlatformSecurityFeatures' ValueData = 1 } } - + if ($HypervisorEnforcedCodeIntegrity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HypervisorEnforcedCodeIntegrity' ValueData = 3 } } - + if ($HVCIMATRequired) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HVCIMATRequired' @@ -468,62 +468,62 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if ($LsaCfgFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LsaCfgFlags' ValueData = 1 } } - + if ($ConfigureSystemGuardLaunch) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ConfigureSystemGuardLaunch' ValueData = 0 } } - + if ($MaxSizeApplicationLog) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\Application' + Key = 'Software\Policies\Microsoft\Windows\EventLog\Application' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($MaxSizeSecurityLog) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\Security' + Key = 'Software\Policies\Microsoft\Windows\EventLog\Security' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 196608 } } - + if ($MaxSizeSystemLog) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\System' + Key = 'Software\Policies\Microsoft\Windows\EventLog\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($NoAutoplayfornonVolume) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume' { - Key = '\Software\Policies\Microsoft\Windows\Explorer' + Key = 'Software\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutoplayfornonVolume' @@ -534,62 +534,62 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if ($NoDataExecutionPrevention) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention' { - Key = '\Software\Policies\Microsoft\Windows\Explorer' + Key = 'Software\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDataExecutionPrevention' ValueData = 0 } } - + if ($NoHeapTerminationOnCorruption) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption' { - Key = '\Software\Policies\Microsoft\Windows\Explorer' + Key = 'Software\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoHeapTerminationOnCorruption' ValueData = 0 } } - + if ($NoBackgroundPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' { - Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoBackgroundPolicy' ValueData = 0 } } - + if ($NoGPOListChanges) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' { - Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoGPOListChanges' ValueData = 0 } } - + if ($EnableUserControl) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableUserControl' ValueData = 0 } } - + if ($AlwaysInstallElevated) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AlwaysInstallElevated' @@ -599,62 +599,62 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if ($SafeForScripting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\SafeForScripting' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SafeForScripting' ValueData = 0 } } - + if ($AllowInsecureGuestAuth) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' { - Key = '\Software\Policies\Microsoft\Windows\LanmanWorkstation' + Key = 'Software\Policies\Microsoft\Windows\LanmanWorkstation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowInsecureGuestAuth' ValueData = 0 } } - + if ($HardenedPathsSYSVOL) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL' { - Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\SYSVOL' ValueData = 'RequireMutualAuthentication=1, RequireIntegrity=1' } } - + if ($HardenedPathsNETLOGON) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON' { - Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\NETLOGON' ValueData = 'RequireMutualAuthentication=1, RequireIntegrity=1' } } - + if ($NoLockScreenSlideshow) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow' { - Key = '\Software\Policies\Microsoft\Windows\Personalization' + Key = 'Software\Policies\Microsoft\Windows\Personalization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoLockScreenSlideshow' ValueData = 1 } } - + if ($EnableScriptBlockLogging) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableScriptBlockLogging' @@ -665,7 +665,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if (-not $EnableScriptBlockInvocationLogging) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -673,33 +673,33 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 ValueData = '' } } - + if ($EnableTranscripting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableTranscripting' ValueData = 1 } } - + if ($SetOutputDirectory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'OutputDirectory' ValueData = 'C:\ProgramData\PS_Transcript' } } - + if (-not $EnableInvocationHeader) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -707,11 +707,11 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 ValueData = '' } } - + if ($DontDisplayNetworkSelectionUI) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DontDisplayNetworkSelectionUI' @@ -722,62 +722,62 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if ($EnableSmartScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableSmartScreen' ValueData = 1 } } - + if ($BlockShellSmartScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'ShellSmartScreenLevel' ValueData = 'Block' } } - + if ($EnumerateLocalUsers) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateLocalUsers' ValueData = 0 } } - + if ($AllowIndexingEncryptedStoresOrItems) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems' { - Key = '\Software\Policies\Microsoft\Windows\Windows Search' + Key = 'Software\Policies\Microsoft\Windows\Windows Search' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowIndexingEncryptedStoresOrItems' ValueData = 0 } } - + if ($AllowBasic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if ($AllowUnencryptedTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' @@ -788,73 +788,73 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if (-not $AllowDigest) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDigest' ValueData = 0 } } - + if (-not $AllowBasicWinRMService) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if (-not $AllowUnencryptedTrafficService) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' ValueData = 0 } } - + if ($DisableRunAs) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableRunAs' ValueData = 1 } } - + if ($DisableWebPnPDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload' { - Key = '\Software\Policies\Microsoft\Windows NT\Printers' + Key = 'Software\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWebPnPDownload' ValueData = 1 } } - + if ($DisableHTTPPrinting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting' { - Key = '\Software\Policies\Microsoft\Windows NT\Printers' + Key = 'Software\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableHTTPPrinting' ValueData = 1 } } - + if ($RestrictRemoteClients) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients' { - Key = '\Software\Policies\Microsoft\Windows NT\Rpc' + Key = 'Software\Policies\Microsoft\Windows NT\Rpc' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RestrictRemoteClients' @@ -865,73 +865,73 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if ($DisablePasswordSaving) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePasswordSaving' ValueData = 1 } } - + if ($fDisableCdm) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fDisableCdm' ValueData = 1 } } - + if ($fPromptForPassword) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fPromptForPassword' ValueData = 1 } } - + if ($fEncryptRPCTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fEncryptRPCTraffic' ValueData = 1 } } - + if ($MinEncryptionLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinEncryptionLevel' ValueData = 3 } } - + if (-not $UseLogonCredential) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential' { - Key = '\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' + Key = 'SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseLogonCredential' ValueData = 0 } } - + if ($DriverLoadPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy' { - Key = '\SYSTEM\CurrentControlSet\Policies\EarlyLaunch' + Key = 'SYSTEM\CurrentControlSet\Policies\EarlyLaunch' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DriverLoadPolicy' @@ -942,62 +942,62 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 if (-not $SMB1) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1' { - Key = '\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SMB1' ValueData = 0 } } - + if ($StartMrxSmb10) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start' { - Key = '\SYSTEM\CurrentControlSet\Services\MrxSmb10' + Key = 'SYSTEM\CurrentControlSet\Services\MrxSmb10' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Start' ValueData = 4 } } - + if ($NoNameReleaseOnDemand) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand' { - Key = '\SYSTEM\CurrentControlSet\Services\Netbt\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Netbt\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoNameReleaseOnDemand' ValueData = 1 } } - + if ($DisableIPSourceRouting) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' ValueData = 2 } } - + if (-not $EnableICMPRedirect) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableICMPRedirect' ValueData = 0 } } - + if ($DisableIPSourceRoutingIPv6) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' @@ -1013,7 +1013,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditCredentialValidationFailure) { AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion' { @@ -1022,7 +1022,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditOtherAccountManagementEventsSuccess) { AuditPolicySubcategory 'Audit Other Account Management Events (Success) - Inclusion' { @@ -1031,7 +1031,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditOtherAccountManagementEventsFailure) { AuditPolicySubcategory 'Audit Other Account Management Events (Failure) - Inclusion' { @@ -1040,7 +1040,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSecurityGroupManagementSuccess) { AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion' { @@ -1049,7 +1049,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditSecurityGroupManagementFailure) { AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion' { @@ -1058,7 +1058,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditUserAccountManagementSuccess) { AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion' { @@ -1067,7 +1067,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditUserAccountManagementFailure) { AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion' { @@ -1085,7 +1085,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditPnpActivityFailure) { AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion' { @@ -1094,7 +1094,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditProcessCreationSuccess) { AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion' { @@ -1103,7 +1103,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditProcessCreationFailure) { AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion' { @@ -1112,7 +1112,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditAccountLockoutFailure) { AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion' { @@ -1121,7 +1121,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if (-not $AuditAccountLockoutSuccess) { AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion' { @@ -1138,7 +1138,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditGroupMembershipFailure) { AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion' { @@ -1147,7 +1147,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditLogoffSuccess) { AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion' { @@ -1156,7 +1156,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditLogoffFailure) { AuditPolicySubcategory 'Audit Logoff (Failure) - Inclusion' { @@ -1165,7 +1165,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditLogonSuccess) { AuditPolicySubcategory 'Audit Logon (Success) - Inclusion' { @@ -1174,7 +1174,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditLogonFailure) { AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion' { @@ -1183,7 +1183,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSpecialLogonSuccess) { AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion' { @@ -1192,7 +1192,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditSpecialLogonFailure) { AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion' { @@ -1209,7 +1209,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditOtherObjectAccessEventsFailure) { AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion' { @@ -1218,7 +1218,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditRemovableStorageSuccess) { AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion' { @@ -1227,7 +1227,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditRemovableStorageFailure) { AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion' { @@ -1236,7 +1236,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion' { @@ -1245,7 +1245,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditPolicyChangeFailure) { AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion' { @@ -1254,7 +1254,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditAuthenticationPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion' { @@ -1263,7 +1263,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditAuthenticationPolicyChangeFailure) { AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion' { @@ -1281,7 +1281,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditAuthorizationPolicyChangeFailure) { AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion' { @@ -1290,7 +1290,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSensitivePrivilegeUseSuccess) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion' { @@ -1299,7 +1299,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditSensitivePrivilegeUseFailure) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion' { @@ -1308,7 +1308,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditIpsecDriverSuccess) { AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion' { @@ -1317,7 +1317,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditIpsecDriverFailure) { AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion' { @@ -1326,7 +1326,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditOtherSystemEventsSuccess) { AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion' { @@ -1344,7 +1344,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSecurityStateChangeSuccess) { AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion' { @@ -1353,7 +1353,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditSecurityStateChangeFailure) { AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion' { @@ -1362,7 +1362,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSecuritySystemExtensionSuccess) { AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion' { @@ -1371,7 +1371,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditSecuritySystemExtensionFailure) { AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion' { @@ -1380,7 +1380,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSystemIntegritySuccess) { AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion' { @@ -1389,7 +1389,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditSystemIntegrityFailure) { AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion' { @@ -1407,7 +1407,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditComputerAccountManagementFailure) { AuditPolicySubcategory 'Audit Computer Account Management (Failure) - Inclusion' { @@ -1416,7 +1416,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditDirectoryServiceAccessSuccess) { AuditPolicySubcategory 'Audit Directory Service Access (Success) - Inclusion' { @@ -1425,7 +1425,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if ($AuditDirectoryServiceAccessFailure) { AuditPolicySubcategory 'Audit Directory Service Access (Failure) - Inclusion' { @@ -1434,7 +1434,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Failure' } } - + if ($AuditDirectoryServiceChangesSuccess) { AuditPolicySubcategory 'Audit Directory Service Changes (Success) - Inclusion' { @@ -1443,7 +1443,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 AuditFlag = 'Success' } } - + if (-not $AuditDirectoryServiceChangesFailure) { AuditPolicySubcategory 'Audit Directory Service Changes (Failure) - Inclusion' { @@ -1475,7 +1475,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 } } - + if ($RestrictAnonymousAccess) { SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' { @@ -1483,7 +1483,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' } } - + if ($RequireStrongSessionKey) { SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key' { @@ -1491,7 +1491,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled' } } - + if ($ElevateUIAccessApplications) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' { @@ -1499,7 +1499,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' } } - + if ($MinimumSessionSecurityNTLM) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' { @@ -1507,7 +1507,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked' } } - + if ($ConfigureKerberosEncryptionTypes) { SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos' { @@ -1515,7 +1515,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos' } } - + if ($DigitallySignCommunications) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_if_client_agrees' { @@ -1523,7 +1523,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Microsoft_network_server_Digitally_sign_communications_if_client_agrees = 'Enabled' } } - + if ($UseFIPSCompliantAlgorithms) { SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' { @@ -1539,7 +1539,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Network_security_LAN_Manager_authentication_level' } } - + if ($AllowLocalSystemNTLM) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM' { @@ -1547,7 +1547,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM' } } - + if ($InteractiveLogonMessageTitle) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on' { @@ -1555,7 +1555,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Interactive_logon_Message_title_for_users_attempting_to_log_on = 'US Department of Defense Warning Statement' } } - + if ($DigitallySignSecureChannelData) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible' { @@ -1563,7 +1563,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible' } } - + if (-not $AllowUIAccessElevateWithoutSecureDesktop) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop' { @@ -1571,7 +1571,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop' } } - + if ($SmartCardRemovalBehavior) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior' { @@ -1579,7 +1579,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Interactive_logon_Smart_card_removal_behavior' } } - + if ($LimitLocalAccountBlankPasswords) { SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' { @@ -1587,7 +1587,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' } } - + if ($VirtualizeFileAndRegistryWriteFailures) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' { @@ -1603,7 +1603,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on' } } - + if (-not $LetEveryonePermissionsApplyToAnonymousUsers) { SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users' { @@ -1611,7 +1611,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users' } } - + if ($DigitallyEncryptSecureChannelData) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible' { @@ -1619,7 +1619,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled' } } - + if (-not $ElevationPromptBehavior) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' { @@ -1627,7 +1627,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' } } - + if ($DigitallySignCommunicationsAlwaysServer) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_server_Digitally_sign_communications_always' { @@ -1635,7 +1635,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Microsoft_network_server_Digitally_sign_communications_always' } } - + if ($ForceStrongKeyProtection) { SecurityOption 'SecurityRegistry(INF): System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer' { @@ -1643,7 +1643,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer = 'User must enter a password each time they use a key' } } - + if ($DigitallySignCommunicationsAlwaysClient) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always' { @@ -1659,7 +1659,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked' } } - + if (-not $DisableMachineAccountPasswordChanges) { SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes' { @@ -1667,7 +1667,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Domain_member_Disable_machine_account_password_changes' } } - + if ($RunAllAdministratorsInAdminApprovalMode) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' { @@ -1675,7 +1675,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' } } - + if ($DigitallySignCommunicationsIfServerAgrees) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_if_server_agrees' { @@ -1683,7 +1683,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Microsoft_network_client_Digitally_sign_communications_if_server_agrees = 'Enabled' } } - + if ($DetectApplicationInstallationsPromptForElevation) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation' { @@ -1691,7 +1691,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation' } } - + if ($DoNotAllowAnonymousEnumerationOfSAMAccounts) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' { @@ -1699,7 +1699,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled' } } - + if (-not $AllowLocalSystemNullSessionFallback) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback' { @@ -1715,7 +1715,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' } } - + if (-not $SendUnencryptedPasswordToThirdPartySMBServers) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' { @@ -1723,7 +1723,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' } } - + if ($PreviousLogonsToCache) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' { @@ -1731,7 +1731,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' } } - + if ($MaximumMachineAccountPasswordAge) { SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age' { @@ -1739,7 +1739,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Domain_member_Maximum_machine_account_password_age = '30' } } - + if ($DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' { @@ -1747,7 +1747,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled' } } - + if ($ForceAuditPolicySubcategorySettings) { SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' { @@ -1755,7 +1755,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled' } } - + if ($StrengthenDefaultPermissionsOfInternalSystemObjects) { SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' { @@ -1771,7 +1771,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities' } } - + if ($Machine_Inactivity_Limit) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit' { @@ -1779,7 +1779,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Interactive_logon_Machine_inactivity_limit = '900' } } - + if ($Do_Not_Store_LM_Hash) { SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' { @@ -1787,7 +1787,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled' } } - + if ($Encrypt_Secure_Channel_Data) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' { @@ -1795,7 +1795,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' } } - + if ($LDAP_Client_Signing_Requirements) { SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements' { @@ -1803,7 +1803,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Network_security_LDAP_client_signing_requirements = 'Negotiate Signing' } } - + if ($UAC_Elevation_Prompt_Behavior) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' { @@ -1811,7 +1811,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop' } } - + if ($Lockout_Duration) { AccountPolicy 'SecuritySetting(INF): LockoutDuration' { @@ -1819,7 +1819,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Account_lockout_duration' } } - + if ($Lockout_Bad_Count) { AccountPolicy 'SecuritySetting(INF): LockoutBadCount' { @@ -1834,7 +1834,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Reset_account_lockout_counter_after' } } - + if ($Rename_Guest_Account) { SecurityOption 'SecuritySetting(INF): NewGuestName' { @@ -1842,7 +1842,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Accounts_Rename_guest_account = 'Visitor' } } - + if ($Minimum_Password_Age) { AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge' { @@ -1850,7 +1850,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Minimum_Password_Age = 1 } } - + if ($Password_Complexity) { AccountPolicy 'SecuritySetting(INF): PasswordComplexity' { @@ -1858,7 +1858,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Password_must_meet_complexity_requirements' } } - + if ($Password_History_Size) { AccountPolicy 'SecuritySetting(INF): PasswordHistorySize' { @@ -1866,7 +1866,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Enforce_password_history = 24 } } - + if ($LSA_Anonymous_Name_Lookup) { SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup' { @@ -1874,7 +1874,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Network_access_Allow_anonymous_SID_Name_translation' } } - + if ($Minimum_Password_Length) { AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength' { @@ -1890,7 +1890,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Accounts_Rename_administrator_account' } } - + if ($Enable_Guest_Account) { SecurityOption 'SecuritySetting(INF): EnableGuestAccount' { @@ -1898,7 +1898,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Accounts_Guest_account_status = 'Disabled' } } - + if ($Maximum_Password_Age) { AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge' { @@ -1906,7 +1906,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Maximum_Password_Age' } } - + if ($Clear_Text_Password) { AccountPolicy 'SecuritySetting(INF): ClearTextPassword' { @@ -1914,7 +1914,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Store_passwords_using_reversible_encryption = 'Disabled' } } - + if ($Trusted_For_Delegation) { UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation' { @@ -1923,7 +1923,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation' } } - + if ($Access_From_Network) { UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network' { @@ -1932,7 +1932,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Access_this_computer_from_the_network' } } - + if ($Backup_Files_And_Directories) { UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories' { @@ -1950,7 +1950,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Impersonate_a_client_after_authentication' } } - + if ($Perform_Volume_Maintenance_Tasks) { UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks' { @@ -1959,7 +1959,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Perform_volume_maintenance_tasks' } } - + if ($Load_Unload_Device_Drivers) { UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers' { @@ -1968,7 +1968,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Load_and_unload_device_drivers' } } - + if ($Take_Ownership_Of_Files) { UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects' { @@ -1977,7 +1977,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Take_ownership_of_files_or_other_objects' } } - + if ($Create_Permanent_Shared_Objects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects' { @@ -1986,7 +1986,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Create_permanent_shared_objects' } } - + if ($Deny_Access_From_Network) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network' { @@ -2004,7 +2004,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Create_global_objects' } } - + if ($Deny_Log_On_As_Batch_Job) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_batch_job' { @@ -2013,7 +2013,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Deny_log_on_as_a_batch_job' } } - + if ($Restore_Files_And_Directories) { UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories' { @@ -2022,7 +2022,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Restore_files_and_directories' } } - + if ($Lock_Pages_In_Memory) { UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory' { @@ -2031,7 +2031,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Lock_pages_in_memory' } } - + if ($Deny_Log_On_As_Service) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service' { @@ -2049,7 +2049,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Increase_scheduling_priority' } } - + if ($Force_Shutdown_From_Remote_System) { UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system' { @@ -2058,7 +2058,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Force_shutdown_from_a_remote_system' } } - + if ($Generate_Security_Audits) { UserRightsAssignment 'UserRightsAssignment(INF): Generate_security_audits' { @@ -2067,7 +2067,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Generate_security_audits' } } - + if ($Deny_Log_On_Locally) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally' { @@ -2076,7 +2076,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Deny_log_on_locally' } } - + if ($Create_Symbolic_Links) { UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links' { @@ -2085,7 +2085,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Create_symbolic_links' } } - + if ($Debug_Programs) { UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs' { @@ -2094,7 +2094,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Debug_programs' } } - + if ($Allow_Log_On_Locally) { UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally' { @@ -2112,7 +2112,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Manage_auditing_and_security_log' } } - + if ($Act_As_Part_Of_Operating_System) { UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system' { @@ -2121,7 +2121,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Act_as_part_of_the_operating_system' } } - + if ($Profile_Single_Process) { UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process' { @@ -2130,7 +2130,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Profile_single_process' } } - + if ($Create_Token_Object) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object' { @@ -2139,7 +2139,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Create_a_token_object' } } - + if ($Access_Credential_Manager) { UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller' { @@ -2148,7 +2148,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Access_Credential_Manager_as_a_trusted_caller' } } - + if ($Modify_Firmware_Environment_Values) { UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values' { @@ -2157,7 +2157,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Modify_firmware_environment_values' } } - + if ($Create_Pagefile) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile' { @@ -2166,7 +2166,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Create_a_pagefile' } } - + if ($Deny_Log_On_Through_RDS) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services' { @@ -2184,7 +2184,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Add_workstations_to_domain' } } - + if ($Allow_Log_On_Through_RDS) { UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_through_Remote_Desktop_Services' { @@ -2193,7 +2193,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Policy = 'Allow_log_on_through_Remote_Desktop_Services' } } - + if ($LDAP_Server_Signing_Requirements) { SecurityOption 'SecurityRegistry(INF): Domain_controller_LDAP_server_signing_requirements' { @@ -2201,7 +2201,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Domain_controller_LDAP_server_signing_requirements' } } - + if ($Refuse_Machine_Account_Password_Changes) { SecurityOption 'SecurityRegistry(INF): Domain_controller_Refuse_machine_account_password_changes' { @@ -2209,7 +2209,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Domain_controller_Refuse_machine_account_password_changes = 'Disabled' } } - + if ($Ticket_Validate_Client) { AccountPolicy 'SecuritySetting(INF): TicketValidateClient' { @@ -2217,7 +2217,7 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 Name = 'Enforce_user_logon_restrictions' } } - + if ($Max_Renew_Age) { AccountPolicy 'SecuritySetting(INF): MaxRenewAge' { @@ -2226,6 +2226,5 @@ configuration DoD_WinSvr_2022_MS_and_DC_v2r2 } } - -} +} diff --git a/DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.schema.psm1 b/DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.schema.psm1 index 0278542..81b6d36 100644 --- a/DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.schema.psm1 +++ b/DSCResources/DoD_Windows_10_v3r2/DoD_Windows_10_v3r2.schema.psm1 @@ -261,62 +261,62 @@ configuration DoD_Windows_10_v3r2 if ($BatFile_SuppressionPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Classes\batfile\shell\runasuser\SuppressionPolicy' { - Key = '\Software\Classes\batfile\shell\runasuser' + Key = 'Software\Classes\batfile\shell\runasuser' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SuppressionPolicy' ValueData = 4096 } } - + if ($CmdFile_SuppressionPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Classes\cmdfile\shell\runasuser\SuppressionPolicy' { - Key = '\Software\Classes\cmdfile\shell\runasuser' + Key = 'Software\Classes\cmdfile\shell\runasuser' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SuppressionPolicy' ValueData = 4096 } } - + if ($ExeFile_SuppressionPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Classes\exefile\shell\runasuser\SuppressionPolicy' { - Key = '\Software\Classes\exefile\shell\runasuser' + Key = 'Software\Classes\exefile\shell\runasuser' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SuppressionPolicy' ValueData = 4096 } } - + if ($MscFile_SuppressionPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Classes\mscfile\shell\runasuser\SuppressionPolicy' { - Key = '\Software\Classes\mscfile\shell\runasuser' + Key = 'Software\Classes\mscfile\shell\runasuser' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SuppressionPolicy' ValueData = 4096 } } - + if ($AutoConnectAllowedOEM) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\wcmsvc\wifinetworkmanager\config\AutoConnectAllowedOEM' { - Key = '\Software\Microsoft\wcmsvc\wifinetworkmanager\config' + Key = 'Software\Microsoft\wcmsvc\wifinetworkmanager\config' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AutoConnectAllowedOEM' ValueData = 0 } } - + if ($EnumerateAdministrators) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateAdministrators' @@ -327,51 +327,51 @@ configuration DoD_Windows_10_v3r2 if ($NoWebServices) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoWebServices' ValueData = 1 } } - + if ($NoAutorun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutorun' ValueData = 1 } } - + if ($NoDriveTypeAutoRun) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDriveTypeAutoRun' ValueData = 255 } } - + if ($NoStartBanner) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartBanner' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoStartBanner' ValueData = 1 } } - + if ($PreXPSP2ShellProtocolBehavior) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreXPSP2ShellProtocolBehavior' @@ -382,62 +382,62 @@ configuration DoD_Windows_10_v3r2 if ($PasswordComplexity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordComplexity' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordComplexity' ValueData = 4 } } - + if ($PasswordLength) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordLength' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordLength' ValueData = 14 } } - + if ($PasswordAgeDays) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordAgeDays' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordAgeDays' ValueData = 60 } } - + if ($MSAOptional) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MSAOptional' ValueData = 1 } } - + if ($DisableAutomaticRestartSignOn) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableAutomaticRestartSignOn' ValueData = 1 } } - + if ($LocalAccountTokenFilterPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LocalAccountTokenFilterPolicy' @@ -448,40 +448,40 @@ configuration DoD_Windows_10_v3r2 if ($ProcessCreationIncludeCmdLine_Enabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ProcessCreationIncludeCmdLine_Enabled' ValueData = 1 } } - + if ($DevicePKInitEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DevicePKInitEnabled' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DevicePKInitEnabled' ValueData = 1 } } - + if ($DevicePKInitBehavior) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DevicePKInitBehavior' { - Key = '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' + Key = 'Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DevicePKInitBehavior' ValueData = 0 } } - + if ($EnhancedAntiSpoofing) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing' { - Key = '\Software\Policies\Microsoft\Biometrics\FacialFeatures' + Key = 'Software\Policies\Microsoft\Biometrics\FacialFeatures' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnhancedAntiSpoofing' @@ -492,62 +492,62 @@ configuration DoD_Windows_10_v3r2 if ($EccCurves) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Cryptography\Configuration\SSL\00010002\EccCurves' { - Key = '\Software\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' + Key = 'Software\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' ValueType = 'MultiString' TargetType = 'ComputerConfiguration' ValueName = 'EccCurves' ValueData = 'NistP384NistP256' } } - + if ($UseAdvancedStartup) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseAdvancedStartup' { - Key = '\Software\Policies\Microsoft\FVE' + Key = 'Software\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseAdvancedStartup' ValueData = 1 } } - + if ($EnableBDEWithNoTPM) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\EnableBDEWithNoTPM' { - Key = '\Software\Policies\Microsoft\FVE' + Key = 'Software\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableBDEWithNoTPM' ValueData = 1 } } - + if ($UseTPM) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseTPM' { - Key = '\Software\Policies\Microsoft\FVE' + Key = 'Software\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseTPM' ValueData = 2 } } - + if ($UseTPMPIN) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseTPMPIN' { - Key = '\Software\Policies\Microsoft\FVE' + Key = 'Software\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseTPMPIN' ValueData = 1 } } - + if ($UseTPMKey) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseTPMKey' { - Key = '\Software\Policies\Microsoft\FVE' + Key = 'Software\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseTPMKey' @@ -558,62 +558,62 @@ configuration DoD_Windows_10_v3r2 if ($UseTPMKeyPIN) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\UseTPMKeyPIN' { - Key = '\Software\Policies\Microsoft\FVE' + Key = 'Software\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseTPMKeyPIN' ValueData = 2 } } - + if ($MinimumPIN) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\FVE\MinimumPIN' { - Key = '\Software\Policies\Microsoft\FVE' + Key = 'Software\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinimumPIN' ValueData = 6 } } - + if ($DisableEnclosureDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds' + Key = 'Software\Policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableEnclosureDownload' ValueData = 1 } } - + if ($AllowBasicAuthInClear) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Feeds' + Key = 'Software\Policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasicAuthInClear' ValueData = 0 } } - + if ($NotifyDisableIEOptions) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\NotifyDisableIEOptions' { - Key = '\Software\Policies\Microsoft\Internet Explorer\Main' + Key = 'Software\Policies\Microsoft\Internet Explorer\Main' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NotifyDisableIEOptions' ValueData = 0 } } - + if ($PreventCertErrorOverrides) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings\PreventCertErrorOverrides' { - Key = '\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings' + Key = 'Software\Policies\Microsoft\MicrosoftEdge\Internet Settings' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventCertErrorOverrides' @@ -624,62 +624,62 @@ configuration DoD_Windows_10_v3r2 if ($FormSuggest_Passwords) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\Main\FormSuggest Passwords' { - Key = '\Software\Policies\Microsoft\MicrosoftEdge\Main' + Key = 'Software\Policies\Microsoft\MicrosoftEdge\Main' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'FormSuggest Passwords' ValueData = 'no' } } - + if ($EnabledV9) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\EnabledV9' { - Key = '\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter' + Key = 'Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnabledV9' ValueData = 1 } } - + if ($PreventOverrideAppRepUnknown) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\PreventOverrideAppRepUnknown' { - Key = '\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter' + Key = 'Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventOverrideAppRepUnknown' ValueData = 1 } } - + if ($PreventOverride) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\PreventOverride' { - Key = '\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter' + Key = 'Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreventOverride' ValueData = 1 } } - + if ($RequireSecurityDevice) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\PassportForWork\RequireSecurityDevice' { - Key = '\Software\Policies\Microsoft\PassportForWork' + Key = 'Software\Policies\Microsoft\PassportForWork' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RequireSecurityDevice' ValueData = 1 } } - + if ($ExcludeSecurityDevices_TPM12) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices\TPM12' { - Key = '\Software\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices' + Key = 'Software\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'TPM12' @@ -690,62 +690,62 @@ configuration DoD_Windows_10_v3r2 if ($MinimumPINLength) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\PassportForWork\PINComplexity\MinimumPINLength' { - Key = '\Software\Policies\Microsoft\PassportForWork\PINComplexity' + Key = 'Software\Policies\Microsoft\PassportForWork\PINComplexity' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinimumPINLength' ValueData = 6 } } - + if ($DCSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex' { - Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DCSettingIndex' ValueData = 1 } } - + if ($ACSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex' { - Key = '\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ACSettingIndex' ValueData = 1 } } - + if ($DisableInventory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory' { - Key = '\Software\Policies\Microsoft\Windows\AppCompat' + Key = 'Software\Policies\Microsoft\Windows\AppCompat' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableInventory' ValueData = 1 } } - + if ($LetAppsActivateWithVoiceAboveLock) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\AppPrivacy\LetAppsActivateWithVoiceAboveLock' { - Key = '\Software\Policies\Microsoft\Windows\AppPrivacy' + Key = 'Software\Policies\Microsoft\Windows\AppPrivacy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LetAppsActivateWithVoiceAboveLock' ValueData = 2 } } - + if ($DisableWindowsConsumerFeatures) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CloudContent\DisableWindowsConsumerFeatures' { - Key = '\Software\Policies\Microsoft\Windows\CloudContent' + Key = 'Software\Policies\Microsoft\Windows\CloudContent' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWindowsConsumerFeatures' @@ -756,62 +756,62 @@ configuration DoD_Windows_10_v3r2 if ($AllowProtectedCreds) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds' { - Key = '\Software\Policies\Microsoft\Windows\CredentialsDelegation' + Key = 'Software\Policies\Microsoft\Windows\CredentialsDelegation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowProtectedCreds' ValueData = 1 } } - + if ($AllowTelemetry) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry' { - Key = '\Software\Policies\Microsoft\Windows\DataCollection' + Key = 'Software\Policies\Microsoft\Windows\DataCollection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowTelemetry' ValueData = 2 } } - + if ($LimitEnhancedDiagnosticDataWindowsAnalytics) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DataCollection\LimitEnhancedDiagnosticDataWindowsAnalytics' { - Key = '\Software\Policies\Microsoft\Windows\DataCollection' + Key = 'Software\Policies\Microsoft\Windows\DataCollection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LimitEnhancedDiagnosticDataWindowsAnalytics' ValueData = 1 } } - + if ($DODownloadMode) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeliveryOptimization\DODownloadMode' { - Key = '\Software\Policies\Microsoft\Windows\DeliveryOptimization' + Key = 'Software\Policies\Microsoft\Windows\DeliveryOptimization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DODownloadMode' ValueData = 2 } } - + if ($EnableVirtualizationBasedSecurity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableVirtualizationBasedSecurity' ValueData = 1 } } - + if ($RequirePlatformSecurityFeatures) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RequirePlatformSecurityFeatures' @@ -822,62 +822,62 @@ configuration DoD_Windows_10_v3r2 if ($HypervisorEnforcedCodeIntegrity) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HypervisorEnforcedCodeIntegrity' ValueData = 1 } } - + if ($HVCIMATRequired) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HVCIMATRequired' ValueData = 0 } } - + if ($LsaCfgFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LsaCfgFlags' ValueData = 1 } } - + if ($ConfigureSystemGuardLaunch) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch' { - Key = '\Software\Policies\Microsoft\Windows\DeviceGuard' + Key = 'Software\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ConfigureSystemGuardLaunch' ValueData = 0 } } - + if ($MaxSize_Application) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\Application' + Key = 'Software\Policies\Microsoft\Windows\EventLog\Application' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($MaxSize_Security) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\Security' + Key = 'Software\Policies\Microsoft\Windows\EventLog\Security' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' @@ -888,62 +888,62 @@ configuration DoD_Windows_10_v3r2 if ($MaxSize_System) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize' { - Key = '\Software\Policies\Microsoft\Windows\EventLog\System' + Key = 'Software\Policies\Microsoft\Windows\EventLog\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($NoAutoplayfornonVolume) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume' { - Key = '\Software\Policies\Microsoft\Windows\Explorer' + Key = 'Software\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutoplayfornonVolume' ValueData = 1 } } - + if ($NoDataExecutionPrevention) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention' { - Key = '\Software\Policies\Microsoft\Windows\Explorer' + Key = 'Software\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDataExecutionPrevention' ValueData = 0 } } - + if ($NoHeapTerminationOnCorruption) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption' { - Key = '\Software\Policies\Microsoft\Windows\Explorer' + Key = 'Software\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoHeapTerminationOnCorruption' ValueData = 0 } } - + if ($AllowGameDVR) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\GameDVR\AllowGameDVR' { - Key = '\Software\Policies\Microsoft\Windows\GameDVR' + Key = 'Software\Policies\Microsoft\Windows\GameDVR' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowGameDVR' ValueData = 0 } } - + if ($NoBackgroundPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' { - Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoBackgroundPolicy' @@ -954,62 +954,62 @@ configuration DoD_Windows_10_v3r2 if ($NoGPOListChanges) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' { - Key = '\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoGPOListChanges' ValueData = 0 } } - + if ($EnableUserControl) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\EnableUserControl' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableUserControl' ValueData = 0 } } - + if ($AlwaysInstallElevated) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AlwaysInstallElevated' ValueData = 0 } } - + if ($SafeForScripting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Installer\SafeForScripting' { - Key = '\Software\Policies\Microsoft\Windows\Installer' + Key = 'Software\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SafeForScripting' ValueData = 0 } } - + if ($DeviceEnumerationPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Kernel DMA Protection\DeviceEnumerationPolicy' { - Key = '\Software\Policies\Microsoft\Windows\Kernel DMA Protection' + Key = 'Software\Policies\Microsoft\Windows\Kernel DMA Protection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DeviceEnumerationPolicy' ValueData = 0 } } - + if ($AllowInsecureGuestAuth) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' { - Key = '\Software\Policies\Microsoft\Windows\LanmanWorkstation' + Key = 'Software\Policies\Microsoft\Windows\LanmanWorkstation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowInsecureGuestAuth' @@ -1020,62 +1020,62 @@ configuration DoD_Windows_10_v3r2 if ($NC_ShowSharedAccessUI) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI' { - Key = '\Software\Policies\Microsoft\Windows\Network Connections' + Key = 'Software\Policies\Microsoft\Windows\Network Connections' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NC_ShowSharedAccessUI' ValueData = 0 } } - + if ($HardenedPaths_SYSVOL) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL' { - Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\SYSVOL' ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' } } - + if ($HardenedPaths_NETLOGON) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON' { - Key = '\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\NETLOGON' ValueData = 'RequireMutualAuthentication=1,RequireIntegrity=1' } } - + if ($NoLockScreenCamera) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenCamera' { - Key = '\Software\Policies\Microsoft\Windows\Personalization' + Key = 'Software\Policies\Microsoft\Windows\Personalization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoLockScreenCamera' ValueData = 1 } } - + if ($NoLockScreenSlideshow) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow' { - Key = '\Software\Policies\Microsoft\Windows\Personalization' + Key = 'Software\Policies\Microsoft\Windows\Personalization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoLockScreenSlideshow' ValueData = 1 } } - + if ($EnableScriptBlockLogging) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableScriptBlockLogging' @@ -1086,7 +1086,7 @@ configuration DoD_Windows_10_v3r2 if ($EnableScriptBlockInvocationLogging) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1094,33 +1094,33 @@ configuration DoD_Windows_10_v3r2 ValueData = '' } } - + if ($EnableTranscripting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableTranscripting' ValueData = 1 } } - + if ($OutputDirectory) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'OutputDirectory' ValueData = 'C:\ProgramData\PS_Transcript' } } - + if ($EnableInvocationHeader) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader' { - Key = '\Software\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'Software\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1128,11 +1128,11 @@ configuration DoD_Windows_10_v3r2 ValueData = '' } } - + if ($DontDisplayNetworkSelectionUI) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DontDisplayNetworkSelectionUI' @@ -1143,62 +1143,62 @@ configuration DoD_Windows_10_v3r2 if ($EnumerateLocalUsers) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateLocalUsers' ValueData = 0 } } - + if ($EnableSmartScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableSmartScreen' ValueData = 1 } } - + if ($ShellSmartScreenLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'ShellSmartScreenLevel' ValueData = 'Block' } } - + if ($AllowDomainPINLogon) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\AllowDomainPINLogon' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDomainPINLogon' ValueData = 0 } } - + if ($fBlockNonDomain) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fBlockNonDomain' { - Key = '\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' + Key = 'Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fBlockNonDomain' ValueData = 1 } } - + if ($fMinimizeConnections) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fMinimizeConnections' { - Key = '\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' + Key = 'Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fMinimizeConnections' @@ -1209,62 +1209,62 @@ configuration DoD_Windows_10_v3r2 if ($EnumerateLocalUsers) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateLocalUsers' ValueData = 0 } } - + if ($EnableSmartScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\EnableSmartScreen' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableSmartScreen' ValueData = 1 } } - + if ($ShellSmartScreenLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'ShellSmartScreenLevel' ValueData = 'Block' } } - + if ($AllowDomainPINLogon) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\System\AllowDomainPINLogon' { - Key = '\Software\Policies\Microsoft\Windows\System' + Key = 'Software\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDomainPINLogon' ValueData = 0 } } - + if ($fBlockNonDomain) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fBlockNonDomain' { - Key = '\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' + Key = 'Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fBlockNonDomain' ValueData = 1 } } - + if ($fMinimizeConnections) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fMinimizeConnections' { - Key = '\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' + Key = 'Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fMinimizeConnections' @@ -1275,73 +1275,73 @@ configuration DoD_Windows_10_v3r2 if ($AllowIndexingEncryptedStoresOrItems) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems' { - Key = '\Software\Policies\Microsoft\Windows\Windows Search' + Key = 'Software\Policies\Microsoft\Windows\Windows Search' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowIndexingEncryptedStoresOrItems' ValueData = 0 } } - + if ($AllowBasic_Client) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if ($AllowUnencryptedTraffic_Client) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' ValueData = 0 } } - + if ($AllowDigest_Client) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Client' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDigest' ValueData = 0 } } - + if ($AllowBasic_Service) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if ($AllowUnencryptedTraffic_Service) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' ValueData = 0 } } - + if ($DisableRunAs) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs' { - Key = '\Software\Policies\Microsoft\Windows\WinRM\Service' + Key = 'Software\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableRunAs' @@ -1352,51 +1352,51 @@ configuration DoD_Windows_10_v3r2 if ($DisableWebPnPDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload' { - Key = '\Software\Policies\Microsoft\Windows NT\Printers' + Key = 'Software\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWebPnPDownload' ValueData = 1 } } - + if ($DisableHTTPPrinting) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting' { - Key = '\Software\Policies\Microsoft\Windows NT\Printers' + Key = 'Software\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableHTTPPrinting' ValueData = 1 } } - + if ($RestrictRemoteClients) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients' { - Key = '\Software\Policies\Microsoft\Windows NT\Rpc' + Key = 'Software\Policies\Microsoft\Windows NT\Rpc' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RestrictRemoteClients' ValueData = 1 } } - + if ($fAllowToGetHelp) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fAllowToGetHelp' ValueData = 0 } } - + if ($fAllowFullControl) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowFullControl' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1404,11 +1404,11 @@ configuration DoD_Windows_10_v3r2 ValueData = '' } } - + if ($MaxTicketExpiry) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiry' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1416,11 +1416,11 @@ configuration DoD_Windows_10_v3r2 ValueData = '' } } - + if ($MaxTicketExpiryUnits) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiryUnits' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1432,7 +1432,7 @@ configuration DoD_Windows_10_v3r2 if ($fUseMailto) { RegistryPolicyFile 'DEL_\Software\Policies\Microsoft\Windows NT\Terminal Services\fUseMailto' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1440,66 +1440,66 @@ configuration DoD_Windows_10_v3r2 ValueData = '' } } - + if ($DisablePasswordSaving) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePasswordSaving' ValueData = 1 } } - + if ($fDisableCdm) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fDisableCdm' ValueData = 1 } } - + if ($fPromptForPassword) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fPromptForPassword' ValueData = 1 } } - + if ($fEncryptRPCTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fEncryptRPCTraffic' ValueData = 1 } } - + if ($MinEncryptionLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel' { - Key = '\Software\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'Software\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinEncryptionLevel' ValueData = 3 } } - + if ($AllowWindowsInkWorkspace) { RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace\AllowWindowsInkWorkspace' { - Key = '\Software\Policies\Microsoft\WindowsInkWorkspace' + Key = 'Software\Policies\Microsoft\WindowsInkWorkspace' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowWindowsInkWorkspace' @@ -1510,73 +1510,73 @@ configuration DoD_Windows_10_v3r2 if ($UseLogonCredential) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential' { - Key = '\System\CurrentControlSet\Control\SecurityProviders\WDigest' + Key = 'System\CurrentControlSet\Control\SecurityProviders\WDigest' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseLogonCredential' ValueData = 0 } } - + if ($DisableExceptionChainValidation) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation' { - Key = '\System\CurrentControlSet\Control\Session Manager\kernel' + Key = 'System\CurrentControlSet\Control\Session Manager\kernel' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableExceptionChainValidation' ValueData = 0 } } - + if ($DriverLoadPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy' { - Key = '\System\CurrentControlSet\Policies\EarlyLaunch' + Key = 'System\CurrentControlSet\Policies\EarlyLaunch' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DriverLoadPolicy' ValueData = 3 } } - + if ($SMB1) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters\SMB1' { - Key = '\System\CurrentControlSet\Services\LanmanServer\Parameters' + Key = 'System\CurrentControlSet\Services\LanmanServer\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SMB1' ValueData = 0 } } - + if ($Start_MrxSmb10) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\MrxSmb10\Start' { - Key = '\System\CurrentControlSet\Services\MrxSmb10' + Key = 'System\CurrentControlSet\Services\MrxSmb10' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Start' ValueData = 4 } } - + if ($NoNameReleaseOnDemand) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand' { - Key = '\System\CurrentControlSet\Services\Netbt\Parameters' + Key = 'System\CurrentControlSet\Services\Netbt\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoNameReleaseOnDemand' ValueData = 1 } } - + if ($DisableIPSourceRouting) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting' { - Key = '\System\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'System\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' @@ -1587,25 +1587,25 @@ configuration DoD_Windows_10_v3r2 if ($EnableICMPRedirect) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect' { - Key = '\System\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'System\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableICMPRedirect' ValueData = 0 } } - + if ($DisableIPSourceRouting_Tcpip6) { RegistryPolicyFile 'Registry(POL): HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting' { - Key = '\System\CurrentControlSet\Services\Tcpip6\Parameters' + Key = 'System\CurrentControlSet\Services\Tcpip6\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' ValueData = 2 } } - + if ($AuditCredentialValidationSuccess) { AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion' { @@ -1614,7 +1614,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditCredentialValidationFailure) { AuditPolicySubcategory 'Audit Credential Validation (Failure) - Inclusion' { @@ -1623,7 +1623,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditSecurityGroupManagementSuccess) { AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion' { @@ -1632,7 +1632,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditSecurityGroupManagementFailure) { AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion' { @@ -1641,7 +1641,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditUserAccountManagementSuccess) { AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion' { @@ -1659,7 +1659,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditPNPActivitySuccess) { AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion' { @@ -1668,7 +1668,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditPNPActivityFailure) { AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion' { @@ -1677,7 +1677,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditProcessCreationSuccess) { AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion' { @@ -1686,7 +1686,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditProcessCreationFailure) { AuditPolicySubcategory 'Audit Process Creation (Failure) - Inclusion' { @@ -1695,7 +1695,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditAccountLockoutFailure) { AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion' { @@ -1704,7 +1704,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditAccountLockoutSuccess) { AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion' { @@ -1713,7 +1713,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditGroupMembershipSuccess) { AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion' { @@ -1722,7 +1722,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditGroupMembershipFailure) { AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion' { @@ -1731,7 +1731,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditLogoffSuccess) { AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion' { @@ -1749,7 +1749,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditLogonSuccess) { AuditPolicySubcategory 'Audit Logon (Success) - Inclusion' { @@ -1758,7 +1758,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditLogonFailure) { AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion' { @@ -1767,7 +1767,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditOtherLogonLogoffEventsSuccess) { AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Success) - Inclusion' { @@ -1776,7 +1776,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditOtherLogonLogoffEventsFailure) { AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Failure) - Inclusion' { @@ -1785,7 +1785,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditSpecialLogonSuccess) { AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion' { @@ -1794,7 +1794,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditSpecialLogonFailure) { AuditPolicySubcategory 'Audit Special Logon (Failure) - Inclusion' { @@ -1803,7 +1803,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditDetailedFileShareFailure) { AuditPolicySubcategory 'Audit Detailed File Share (Failure) - Inclusion' { @@ -1812,7 +1812,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditDetailedFileShareSuccess) { AuditPolicySubcategory 'Audit Detailed File Share (Success) - Inclusion' { @@ -1830,7 +1830,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditFileShareFailure) { AuditPolicySubcategory 'Audit File Share (Failure) - Inclusion' { @@ -1839,7 +1839,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditOtherObjectAccessEventsSuccess) { AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion' { @@ -1848,7 +1848,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditOtherObjectAccessEventsFailure) { AuditPolicySubcategory 'Audit Other Object Access Events (Failure) - Inclusion' { @@ -1857,7 +1857,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditRemovableStorageSuccess) { AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion' { @@ -1866,7 +1866,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditRemovableStorageFailure) { AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion' { @@ -1875,7 +1875,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion' { @@ -1884,7 +1884,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditPolicyChangeFailure) { AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion' { @@ -1893,7 +1893,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditAuthenticationPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Authentication Policy Change (Success) - Inclusion' { @@ -1902,7 +1902,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditAuthenticationPolicyChangeFailure) { AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion' { @@ -1911,7 +1911,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditAuthorizationPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion' { @@ -1929,7 +1929,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditMPSSVCRuleLevelPolicyChangeSuccess) { AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Success) - Inclusion' { @@ -1938,7 +1938,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditMPSSVCRuleLevelPolicyChangeFailure) { AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Failure) - Inclusion' { @@ -1947,7 +1947,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditOtherPolicyChangeEventsFailure) { AuditPolicySubcategory 'Audit Other Policy Change Events (Failure) - Inclusion' { @@ -1956,7 +1956,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditOtherPolicyChangeEventsSuccess) { AuditPolicySubcategory 'Audit Other Policy Change Events (Success) - Inclusion' { @@ -1965,7 +1965,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditSensitivePrivilegeUseSuccess) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion' { @@ -1974,7 +1974,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditSensitivePrivilegeUseFailure) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion' { @@ -1983,7 +1983,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditIPsecDriverFailure) { AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion' { @@ -1992,7 +1992,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditIPsecDriverSuccess) { AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion' { @@ -2001,7 +2001,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditOtherSystemEventsSuccess) { AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion' { @@ -2019,7 +2019,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditSecurityStateChangeSuccess) { AuditPolicySubcategory 'Audit Security State Change (Success) - Inclusion' { @@ -2028,7 +2028,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditSecurityStateChangeFailure) { AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion' { @@ -2037,7 +2037,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditSecuritySystemExtensionSuccess) { AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion' { @@ -2046,7 +2046,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditSecuritySystemExtensionFailure) { AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion' { @@ -2055,7 +2055,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($AuditSystemIntegritySuccess) { AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion' { @@ -2064,7 +2064,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Success' } } - + if ($AuditSystemIntegrityFailure) { AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion' { @@ -2073,7 +2073,7 @@ configuration DoD_Windows_10_v3r2 AuditFlag = 'Failure' } } - + if ($EnableComputerAndUserAccountsToBeTrustedForDelegation) { UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation' { @@ -2082,7 +2082,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation' } } - + if ($AccessThisComputerFromTheNetwork) { UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network' { @@ -2091,7 +2091,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Access_this_computer_from_the_network' } } - + if ($BackupFilesAndDirectories) { UserRightsAssignment 'UserRightsAssignment(INF): Back_up_files_and_directories' { @@ -2109,7 +2109,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Impersonate_a_client_after_authentication' } } - + if ($Perform_volume_maintenance_tasks) { UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks' { @@ -2118,7 +2118,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Perform_volume_maintenance_tasks' } } - + if ($Load_and_unload_device_drivers) { UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers' { @@ -2127,7 +2127,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Load_and_unload_device_drivers' } } - + if ($Lock_pages_in_memory) { UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory' { @@ -2136,7 +2136,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Lock_pages_in_memory' } } - + if ($Take_ownership_of_files_or_other_objects) { UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects' { @@ -2145,7 +2145,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Take_ownership_of_files_or_other_objects' } } - + if ($Create_permanent_shared_objects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects' { @@ -2154,7 +2154,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Create_permanent_shared_objects' } } - + if ($Deny_access_to_this_computer_from_the_network) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network' { @@ -2163,7 +2163,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Deny_access_to_this_computer_from_the_network' } } - + if ($Create_global_objects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects' { @@ -2181,7 +2181,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Deny_log_on_as_a_batch_job' } } - + if ($Restore_files_and_directories) { UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories' { @@ -2190,7 +2190,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Restore_files_and_directories' } } - + if ($Access_Credential_Manager_as_a_trusted_caller) { UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller' { @@ -2199,7 +2199,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Access_Credential_Manager_as_a_trusted_caller' } } - + if ($Deny_log_on_as_a_service) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service' { @@ -2208,7 +2208,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Deny_log_on_as_a_service' } } - + if ($Force_shutdown_from_a_remote_system) { UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system' { @@ -2217,7 +2217,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Force_shutdown_from_a_remote_system' } } - + if ($Deny_log_on_locally) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally' { @@ -2226,7 +2226,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Deny_log_on_locally' } } - + if ($Create_symbolic_links) { UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links' { @@ -2235,7 +2235,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Create_symbolic_links' } } - + if ($Debug_programs) { UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs' { @@ -2244,7 +2244,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Debug_programs' } } - + if ($Allow_log_on_locally) { UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally' { @@ -2262,7 +2262,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Manage_auditing_and_security_log' } } - + if ($Act_as_part_of_the_operating_system) { UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system' { @@ -2271,7 +2271,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Act_as_part_of_the_operating_system' } } - + if ($Profile_single_process) { UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process' { @@ -2280,7 +2280,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Profile_single_process' } } - + if ($Create_a_token_object) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object' { @@ -2289,7 +2289,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Create_a_token_object' } } - + if ($Change_the_system_time) { UserRightsAssignment 'UserRightsAssignment(INF): Change_the_system_time' { @@ -2298,7 +2298,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Change_the_system_time' } } - + if ($Modify_firmware_environment_values) { UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values' { @@ -2307,7 +2307,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Modify_firmware_environment_values' } } - + if ($Create_a_pagefile) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile' { @@ -2316,7 +2316,7 @@ configuration DoD_Windows_10_v3r2 Policy = 'Create_a_pagefile' } } - + if ($Deny_log_on_through_Remote_Desktop_Services) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services' { @@ -2348,7 +2348,7 @@ configuration DoD_Windows_10_v3r2 } } - + if ($Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares) { SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' { @@ -2356,7 +2356,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' } } - + if ($Domain_member_Require_strong_Windows_2000_or_later_session_key) { SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key' { @@ -2364,7 +2364,7 @@ configuration DoD_Windows_10_v3r2 Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled' } } - + if ($User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' { @@ -2372,7 +2372,7 @@ configuration DoD_Windows_10_v3r2 Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' } } - + if ($Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' { @@ -2380,7 +2380,7 @@ configuration DoD_Windows_10_v3r2 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked' } } - + if ($Network_security_Configure_encryption_types_allowed_for_Kerberos) { SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos' { @@ -2388,7 +2388,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Network_security_Configure_encryption_types_allowed_for_Kerberos' } } - + if ($System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing) { SecurityOption 'SecurityRegistry(INF): System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' { @@ -2396,7 +2396,7 @@ configuration DoD_Windows_10_v3r2 Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' } } - + if ($Network_security_LAN_Manager_authentication_level) { SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level' { @@ -2412,7 +2412,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Domain_member_Disable_machine_account_password_changes' } } - + if ($Interactive_logon_Message_title_for_users_attempting_to_log_on) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on' { @@ -2428,7 +2428,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible' } } - + if ($Interactive_logon_Smart_card_removal_behavior) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior' { @@ -2436,7 +2436,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Interactive_logon_Smart_card_removal_behavior' } } - + if ($Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only) { SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' { @@ -2444,7 +2444,7 @@ configuration DoD_Windows_10_v3r2 Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' } } - + if ($User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' { @@ -2452,7 +2452,7 @@ configuration DoD_Windows_10_v3r2 Name = 'User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' } } - + if ($Interactive_logon_Message_text_for_users_attempting_to_log_on) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on' { @@ -2460,7 +2460,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on' } } - + if ($Domain_member_Digitally_encrypt_secure_channel_data_when_possible) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible' { @@ -2468,7 +2468,7 @@ configuration DoD_Windows_10_v3r2 Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled' } } - + if ($User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' { @@ -2484,7 +2484,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Microsoft_network_server_Digitally_sign_communications_always' } } - + if ($Microsoft_network_client_Digitally_sign_communications_always) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always' { @@ -2492,7 +2492,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Microsoft_network_client_Digitally_sign_communications_always' } } - + if ($Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' { @@ -2500,7 +2500,7 @@ configuration DoD_Windows_10_v3r2 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked' } } - + if ($User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' { @@ -2508,7 +2508,7 @@ configuration DoD_Windows_10_v3r2 Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' } } - + if ($User_Account_Control_Detect_application_installations_and_prompt_for_elevation) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation' { @@ -2516,7 +2516,7 @@ configuration DoD_Windows_10_v3r2 Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation' } } - + if ($Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' { @@ -2524,7 +2524,7 @@ configuration DoD_Windows_10_v3r2 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled' } } - + if ($Network_security_Allow_LocalSystem_NULL_session_fallback) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback' { @@ -2540,7 +2540,7 @@ configuration DoD_Windows_10_v3r2 Name = 'User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' } } - + if ($Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' { @@ -2548,7 +2548,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' } } - + if ($Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' { @@ -2556,7 +2556,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' } } - + if ($Domain_member_Maximum_machine_account_password_age) { SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age' { @@ -2564,7 +2564,7 @@ configuration DoD_Windows_10_v3r2 Domain_member_Maximum_machine_account_password_age = '30' } } - + if ($Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' { @@ -2572,7 +2572,7 @@ configuration DoD_Windows_10_v3r2 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled' } } - + if ($Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings) { SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' { @@ -2580,7 +2580,7 @@ configuration DoD_Windows_10_v3r2 Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled' } } - + if ($System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links) { SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' { @@ -2596,7 +2596,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities' } } - + if ($Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' { @@ -2604,7 +2604,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' } } - + if ($Interactive_logon_Machine_inactivity_limit) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Machine_inactivity_limit' { @@ -2612,7 +2612,7 @@ configuration DoD_Windows_10_v3r2 Interactive_logon_Machine_inactivity_limit = '900' } } - + if ($Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change) { SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' { @@ -2620,7 +2620,7 @@ configuration DoD_Windows_10_v3r2 Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled' } } - + if ($Network_access_Let_Everyone_permissions_apply_to_anonymous_users) { SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users' { @@ -2628,7 +2628,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users' } } - + if ($Network_security_LDAP_client_signing_requirements) { SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements' { @@ -2636,7 +2636,7 @@ configuration DoD_Windows_10_v3r2 Network_security_LDAP_client_signing_requirements = 'Negotiate Signing' } } - + if ($User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' { @@ -2651,7 +2651,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Account_lockout_duration' } } - + if ($Account_lockout_threshold) { AccountPolicy 'SecuritySetting(INF): LockoutBadCount' { @@ -2659,7 +2659,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Account_lockout_threshold' } } - + if ($Reset_account_lockout_counter_after) { AccountPolicy 'SecuritySetting(INF): ResetLockoutCount' { @@ -2667,7 +2667,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Reset_account_lockout_counter_after' } } - + if ($Accounts_Rename_guest_account) { SecurityOption 'SecuritySetting(INF): NewGuestName' { @@ -2675,7 +2675,7 @@ configuration DoD_Windows_10_v3r2 Accounts_Rename_guest_account = 'Visitor' } } - + if ($Minimum_Password_Age) { AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge' { @@ -2683,7 +2683,7 @@ configuration DoD_Windows_10_v3r2 Minimum_Password_Age = 1 } } - + if ($Password_must_meet_complexity_requirements) { AccountPolicy 'SecuritySetting(INF): PasswordComplexity' { @@ -2691,7 +2691,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Password_must_meet_complexity_requirements' } } - + if ($Enforce_password_history) { AccountPolicy 'SecuritySetting(INF): PasswordHistorySize' { @@ -2706,7 +2706,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Network_access_Allow_anonymous_SID_Name_translation' } } - + if ($Minimum_Password_Length) { AccountPolicy 'SecuritySetting(INF): MinimumPasswordLength' { @@ -2714,7 +2714,7 @@ configuration DoD_Windows_10_v3r2 Minimum_Password_Length = 14 } } - + if ($Accounts_Administrator_account_status) { SecurityOption 'SecuritySetting(INF): EnableAdminAccount' { @@ -2722,7 +2722,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Accounts_Administrator_account_status' } } - + if ($Accounts_Rename_administrator_account) { SecurityOption 'SecuritySetting(INF): NewAdministratorName' { @@ -2730,7 +2730,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Accounts_Rename_administrator_account' } } - + if ($Accounts_Guest_account_status) { SecurityOption 'SecuritySetting(INF): EnableGuestAccount' { @@ -2738,7 +2738,7 @@ configuration DoD_Windows_10_v3r2 Accounts_Guest_account_status = 'Disabled' } } - + if ($Maximum_Password_Age) { AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge' { @@ -2746,7 +2746,7 @@ configuration DoD_Windows_10_v3r2 Name = 'Maximum_Password_Age' } } - + if ($Store_passwords_using_reversible_encryption) { AccountPolicy 'SecuritySetting(INF): ClearTextPassword' { @@ -2755,4 +2755,3 @@ configuration DoD_Windows_10_v3r2 } } } - diff --git a/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.schema.psm1 b/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.schema.psm1 index 3f502ad..90ef80f 100644 --- a/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.schema.psm1 +++ b/DSCResources/DoD_Windows_11_v2r2/DoD_Windows_11_v2r2.schema.psm1 @@ -254,62 +254,62 @@ configuration DoD_Windows_11_v2r2 if ($SuppressionPolicy_BatFile) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Classes\batfile\shell\runasuser\SuppressionPolicy' { - Key = '\SOFTWARE\Classes\batfile\shell\runasuser' + Key = 'SOFTWARE\Classes\batfile\shell\runasuser' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SuppressionPolicy' ValueData = 4096 } } - + if ($SuppressionPolicy_CmdFile) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Classes\cmdfile\shell\runasuser\SuppressionPolicy' { - Key = '\SOFTWARE\Classes\cmdfile\shell\runasuser' + Key = 'SOFTWARE\Classes\cmdfile\shell\runasuser' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SuppressionPolicy' ValueData = 4096 } } - + if ($SuppressionPolicy_ExeFile) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicy' { - Key = '\SOFTWARE\Classes\exefile\shell\runasuser' + Key = 'SOFTWARE\Classes\exefile\shell\runasuser' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SuppressionPolicy' ValueData = 4096 } } - + if ($SuppressionPolicy_MscFile) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Classes\mscfile\shell\runasuser\SuppressionPolicy' { - Key = '\SOFTWARE\Classes\mscfile\shell\runasuser' + Key = 'SOFTWARE\Classes\mscfile\shell\runasuser' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SuppressionPolicy' ValueData = 4096 } } - + if ($AutoConnectAllowedOEM) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\wcmsvc\wifinetworkmanager\config\AutoConnectAllowedOEM' { - Key = '\SOFTWARE\Microsoft\wcmsvc\wifinetworkmanager\config' + Key = 'SOFTWARE\Microsoft\wcmsvc\wifinetworkmanager\config' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AutoConnectAllowedOEM' ValueData = 0 } } - + if ($EnumerateAdministrators) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateAdministrators' @@ -320,62 +320,62 @@ configuration DoD_Windows_11_v2r2 if ($NoStartBanner) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartBanner' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoStartBanner' ValueData = 1 } } - + if ($NoWebServices) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoWebServices' ValueData = 1 } } - + if ($NoAutorun) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutorun' ValueData = 1 } } - + if ($NoDriveTypeAutoRun) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDriveTypeAutoRun' ValueData = 255 } } - + if ($PreXPSP2ShellProtocolBehavior) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PreXPSP2ShellProtocolBehavior' ValueData = 0 } } - + if ($PasswordComplexity) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordComplexity' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordComplexity' @@ -386,73 +386,73 @@ configuration DoD_Windows_11_v2r2 if ($PasswordLength) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordLength' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordLength' ValueData = 14 } } - + if ($PasswordAgeDays) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS\PasswordAgeDays' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PasswordAgeDays' ValueData = 60 } } - + if ($LocalAccountTokenFilterPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LocalAccountTokenFilterPolicy' ValueData = 0 } } - + if ($MSAOptional) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MSAOptional' ValueData = 1 } } - + if ($DisableAutomaticRestartSignOn) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableAutomaticRestartSignOn' ValueData = 1 } } - + if ($ProcessCreationIncludeCmdLine_Enabled) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ProcessCreationIncludeCmdLine_Enabled' ValueData = 1 } } - + if ($DevicePKInitEnabled) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DevicePKInitEnabled' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DevicePKInitEnabled' @@ -463,73 +463,73 @@ configuration DoD_Windows_11_v2r2 if ($DevicePKInitBehavior) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DevicePKInitBehavior' { - Key = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' + Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DevicePKInitBehavior' ValueData = 0 } } - + if ($EnhancedAntiSpoofing) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing' { - Key = '\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures' + Key = 'SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnhancedAntiSpoofing' ValueData = 1 } } - + if ($EccCurves) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002\EccCurves' { - Key = '\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' + Key = 'SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' ValueType = 'MultiString' TargetType = 'ComputerConfiguration' ValueName = 'EccCurves' ValueData = 'NistP384NistP256' } } - + if ($UseAdvancedStartup) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseAdvancedStartup' { - Key = '\SOFTWARE\Policies\Microsoft\FVE' + Key = 'SOFTWARE\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseAdvancedStartup' ValueData = 1 } } - + if ($EnableBDEWithNoTPM) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\EnableBDEWithNoTPM' { - Key = '\SOFTWARE\Policies\Microsoft\FVE' + Key = 'SOFTWARE\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableBDEWithNoTPM' ValueData = 1 } } - + if ($UseTPM) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseTPM' { - Key = '\SOFTWARE\Policies\Microsoft\FVE' + Key = 'SOFTWARE\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseTPM' ValueData = 2 } } - + if ($UseTPMPIN) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseTPMPIN' { - Key = '\SOFTWARE\Policies\Microsoft\FVE' + Key = 'SOFTWARE\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseTPMPIN' @@ -540,73 +540,73 @@ configuration DoD_Windows_11_v2r2 if ($UseTPMKey) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseTPMKey' { - Key = '\SOFTWARE\Policies\Microsoft\FVE' + Key = 'SOFTWARE\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseTPMKey' ValueData = 2 } } - + if ($UseTPMKeyPIN) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\UseTPMKeyPIN' { - Key = '\SOFTWARE\Policies\Microsoft\FVE' + Key = 'SOFTWARE\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseTPMKeyPIN' ValueData = 2 } } - + if ($MinimumPIN) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\FVE\MinimumPIN' { - Key = '\SOFTWARE\Policies\Microsoft\FVE' + Key = 'SOFTWARE\Policies\Microsoft\FVE' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinimumPIN' ValueData = 6 } } - + if ($DisableEnclosureDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload' { - Key = '\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds' + Key = 'SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableEnclosureDownload' ValueData = 1 } } - + if ($AllowBasicAuthInClear) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear' { - Key = '\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds' + Key = 'SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasicAuthInClear' ValueData = 0 } } - + if ($NotifyDisableIEOptions) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\NotifyDisableIEOptions' { - Key = '\SOFTWARE\Policies\Microsoft\Internet Explorer\Main' + Key = 'SOFTWARE\Policies\Microsoft\Internet Explorer\Main' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NotifyDisableIEOptions' ValueData = 0 } } - + if ($RequireSecurityDevice) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork\RequireSecurityDevice' { - Key = '\SOFTWARE\Policies\Microsoft\PassportForWork' + Key = 'SOFTWARE\Policies\Microsoft\PassportForWork' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RequireSecurityDevice' @@ -617,84 +617,84 @@ configuration DoD_Windows_11_v2r2 if ($TPM12) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices\TPM12' { - Key = '\SOFTWARE\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices' + Key = 'SOFTWARE\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'TPM12' ValueData = 0 } } - + if ($MinimumPINLength) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity\MinimumPINLength' { - Key = '\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity' + Key = 'SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinimumPINLength' ValueData = 6 } } - + if ($DCSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex' { - Key = '\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DCSettingIndex' ValueData = 1 } } - + if ($ACSettingIndex) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex' { - Key = '\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' + Key = 'SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ACSettingIndex' ValueData = 1 } } - + if ($DisableInventory) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\DisableInventory' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\AppCompat' + Key = 'SOFTWARE\Policies\Microsoft\Windows\AppCompat' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableInventory' ValueData = 1 } } - + if ($LetAppsActivateWithVoiceAboveLock) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy\LetAppsActivateWithVoiceAboveLock' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' + Key = 'SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LetAppsActivateWithVoiceAboveLock' ValueData = 2 } } - + if ($DisableWindowsConsumerFeatures) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent\DisableWindowsConsumerFeatures' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\CloudContent' + Key = 'SOFTWARE\Policies\Microsoft\Windows\CloudContent' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWindowsConsumerFeatures' ValueData = 1 } } - + if ($AllowProtectedCreds) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCreds' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation' + Key = 'SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowProtectedCreds' @@ -705,73 +705,73 @@ configuration DoD_Windows_11_v2r2 if ($LimitEnhancedDiagnosticDataWindowsAnalytics) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\LimitEnhancedDiagnosticDataWindowsAnalytics' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\DataCollection' + Key = 'SOFTWARE\Policies\Microsoft\Windows\DataCollection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LimitEnhancedDiagnosticDataWindowsAnalytics' ValueData = 1 } } - + if ($AllowTelemetry) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\DataCollection' + Key = 'SOFTWARE\Policies\Microsoft\Windows\DataCollection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowTelemetry' ValueData = 1 } } - + if ($DODownloadMode) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DODownloadMode' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization' + Key = 'SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DODownloadMode' ValueData = 2 } } - + if ($EnableVirtualizationBasedSecurity) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + Key = 'SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableVirtualizationBasedSecurity' ValueData = 1 } } - + if ($RequirePlatformSecurityFeatures) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + Key = 'SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RequirePlatformSecurityFeatures' ValueData = 1 } } - + if ($HypervisorEnforcedCodeIntegrity) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HypervisorEnforcedCodeIntegrity' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + Key = 'SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HypervisorEnforcedCodeIntegrity' ValueData = 1 } } - + if ($HVCIMATRequired) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\HVCIMATRequired' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + Key = 'SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'HVCIMATRequired' @@ -782,73 +782,73 @@ configuration DoD_Windows_11_v2r2 if ($LsaCfgFlags) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + Key = 'SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LsaCfgFlags' ValueData = 1 } } - + if ($ConfigureSystemGuardLaunch) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\ConfigureSystemGuardLaunch' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' + Key = 'SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'ConfigureSystemGuardLaunch' ValueData = 0 } } - + if ($MaxSizeApplicationLog) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application' + Key = 'SOFTWARE\Policies\Microsoft\Windows\EventLog\Application' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($MaxSizeSecurityLog) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security' + Key = 'SOFTWARE\Policies\Microsoft\Windows\EventLog\Security' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 1024000 } } - + if ($MaxSizeSystemLog) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\System\MaxSize' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\EventLog\System' + Key = 'SOFTWARE\Policies\Microsoft\Windows\EventLog\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MaxSize' ValueData = 32768 } } - + if ($NoAutoplayForNonVolume) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Explorer' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoAutoplayfornonVolume' ValueData = 1 } } - + if ($NoDataExecutionPrevention) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Explorer' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoDataExecutionPrevention' @@ -859,62 +859,62 @@ configuration DoD_Windows_11_v2r2 if ($NoHeapTerminationOnCorruption) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Explorer' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Explorer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoHeapTerminationOnCorruption' ValueData = 0 } } - + if ($AllowGameDVR) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR\AllowGameDVR' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\GameDVR' + Key = 'SOFTWARE\Policies\Microsoft\Windows\GameDVR' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowGameDVR' ValueData = 0 } } - + if ($NoBackgroundPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoBackgroundPolicy' ValueData = 0 } } - + if ($NoGPOListChanges) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoGPOListChanges' ValueData = 0 } } - + if ($EnableUserControl) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\EnableUserControl' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Installer' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableUserControl' ValueData = 0 } } - + if ($AlwaysInstallElevated) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Installer' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AlwaysInstallElevated' @@ -925,73 +925,73 @@ configuration DoD_Windows_11_v2r2 if ($SafeForScripting) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\SafeForScripting' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Installer' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Installer' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SafeForScripting' ValueData = 0 } } - + if ($DeviceEnumerationPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection\DeviceEnumerationPolicy' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DeviceEnumerationPolicy' ValueData = 0 } } - + if ($AllowInsecureGuestAuth) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation' + Key = 'SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowInsecureGuestAuth' ValueData = 0 } } - + if ($NC_ShowSharedAccessUI) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Network Connections' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Network Connections' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NC_ShowSharedAccessUI' ValueData = 0 } } - + if ($HardenedPaths_SYSVOL) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\SYSVOL' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\SYSVOL' ValueData = 'RequireMutualAuthentication=1, RequireIntegrity=1' } } - + if ($HardenedPaths_NETLOGON) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\*\NETLOGON' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' + Key = 'SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = '\\*\NETLOGON' ValueData = 'RequireMutualAuthentication=1, RequireIntegrity=1' } } - + if ($NoLockScreenCamera) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization\NoLockScreenCamera' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Personalization' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Personalization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoLockScreenCamera' @@ -1002,29 +1002,29 @@ configuration DoD_Windows_11_v2r2 if ($NoLockScreenSlideshow) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Personalization' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Personalization' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoLockScreenSlideshow' ValueData = 1 } } - + if ($EnableScriptBlockLogging) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableScriptBlockLogging' ValueData = 1 } } - + if ($EnableScriptBlockInvocationLogging) { RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + Key = 'SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1032,33 +1032,33 @@ configuration DoD_Windows_11_v2r2 ValueData = '' } } - + if ($EnableTranscripting) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableTranscripting' ValueData = 1 } } - + if ($OutputDirectory) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription\OutputDirectory' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'OutputDirectory' ValueData = 'C:\ProgramData\PS_Transcript' } } - + if ($EnableInvocationHeader) { RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription\EnableInvocationHeader' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription' + Key = 'SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1070,62 +1070,62 @@ configuration DoD_Windows_11_v2r2 if ($DontDisplayNetworkSelectionUI) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\System' + Key = 'SOFTWARE\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DontDisplayNetworkSelectionUI' ValueData = 1 } } - + if ($EnumerateLocalUsers) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\EnumerateLocalUsers' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\System' + Key = 'SOFTWARE\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnumerateLocalUsers' ValueData = 0 } } - + if ($EnableSmartScreen) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\EnableSmartScreen' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\System' + Key = 'SOFTWARE\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableSmartScreen' ValueData = 1 } } - + if ($ShellSmartScreenLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\ShellSmartScreenLevel' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\System' + Key = 'SOFTWARE\Policies\Microsoft\Windows\System' ValueType = 'String' TargetType = 'ComputerConfiguration' ValueName = 'ShellSmartScreenLevel' ValueData = 'Block' } } - + if ($AllowDomainPINLogon) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\AllowDomainPINLogon' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\System' + Key = 'SOFTWARE\Policies\Microsoft\Windows\System' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDomainPINLogon' ValueData = 0 } } - + if ($fMinimizeConnections) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fMinimizeConnections' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' + Key = 'SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fMinimizeConnections' @@ -1136,62 +1136,62 @@ configuration DoD_Windows_11_v2r2 if ($fBlockNonDomain) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\fBlockNonDomain' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' + Key = 'SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fBlockNonDomain' ValueData = 1 } } - + if ($AllowIndexingEncryptedStoresOrItems) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\Windows Search' + Key = 'SOFTWARE\Policies\Microsoft\Windows\Windows Search' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowIndexingEncryptedStoresOrItems' ValueData = 0 } } - + if ($AllowBasicClient) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\AllowBasic' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client' + Key = 'SOFTWARE\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' ValueData = 0 } } - + if ($AllowUnencryptedTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client' + Key = 'SOFTWARE\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' ValueData = 0 } } - + if ($AllowDigest) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\AllowDigest' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client' + Key = 'SOFTWARE\Policies\Microsoft\Windows\WinRM\Client' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowDigest' ValueData = 0 } } - + if ($AllowBasicService) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\AllowBasic' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service' + Key = 'SOFTWARE\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowBasic' @@ -1202,62 +1202,62 @@ configuration DoD_Windows_11_v2r2 if ($AllowUnencryptedTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service' + Key = 'SOFTWARE\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowUnencryptedTraffic' ValueData = 0 } } - + if ($DisableRunAs) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs' { - Key = '\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service' + Key = 'SOFTWARE\Policies\Microsoft\Windows\WinRM\Service' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableRunAs' ValueData = 1 } } - + if ($DisableWebPnPDownload) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Printers' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableWebPnPDownload' ValueData = 1 } } - + if ($DisableHTTPPrinting) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Printers' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Printers' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableHTTPPrinting' ValueData = 1 } } - + if ($RestrictRemoteClients) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Rpc' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Rpc' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'RestrictRemoteClients' ValueData = 1 } } - + if ($fAllowToGetHelp) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fAllowToGetHelp' @@ -1268,7 +1268,7 @@ configuration DoD_Windows_11_v2r2 if ($fAllowFullControl) { RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fAllowFullControl' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1276,11 +1276,11 @@ configuration DoD_Windows_11_v2r2 ValueData = '' } } - + if ($MaxTicketExpiry) { RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiry' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1288,11 +1288,11 @@ configuration DoD_Windows_11_v2r2 ValueData = '' } } - + if ($MaxTicketExpiryUnits) { RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiryUnits' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1300,11 +1300,11 @@ configuration DoD_Windows_11_v2r2 ValueData = '' } } - + if ($fUseMailto) { RegistryPolicyFile 'DEL_\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fUseMailto' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'String' Ensure = 'Absent' TargetType = 'ComputerConfiguration' @@ -1312,11 +1312,11 @@ configuration DoD_Windows_11_v2r2 ValueData = '' } } - + if ($DisablePasswordSaving) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisablePasswordSaving' @@ -1327,62 +1327,62 @@ configuration DoD_Windows_11_v2r2 if ($fDisableCdm) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fDisableCdm' ValueData = 1 } } - + if ($fPromptForPassword) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fPromptForPassword' ValueData = 1 } } - + if ($fEncryptRPCTraffic) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'fEncryptRPCTraffic' ValueData = 1 } } - + if ($MinEncryptionLevel) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel' { - Key = '\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' + Key = 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'MinEncryptionLevel' ValueData = 3 } } - + if ($AllowWindowsInkWorkspace) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsInkWorkspace\AllowWindowsInkWorkspace' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsInkWorkspace' + Key = 'SOFTWARE\Policies\Microsoft\WindowsInkWorkspace' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowWindowsInkWorkspace' ValueData = 1 } } - + if ($UseLogonCredential) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential' { - Key = '\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' + Key = 'SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'UseLogonCredential' @@ -1393,51 +1393,51 @@ configuration DoD_Windows_11_v2r2 if ($DisableExceptionChainValidation) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation' { - Key = '\SYSTEM\CurrentControlSet\Control\Session Manager\kernel' + Key = 'SYSTEM\CurrentControlSet\Control\Session Manager\kernel' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableExceptionChainValidation' ValueData = 0 } } - + if ($DriverLoadPolicy) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy' { - Key = '\SYSTEM\CurrentControlSet\Policies\EarlyLaunch' + Key = 'SYSTEM\CurrentControlSet\Policies\EarlyLaunch' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DriverLoadPolicy' ValueData = 3 } } - + if ($SMB1) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1' { - Key = '\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'SMB1' ValueData = 0 } } - + if ($StartMrxSmb10) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10\Start' { - Key = '\SYSTEM\CurrentControlSet\Services\MrxSmb10' + Key = 'SYSTEM\CurrentControlSet\Services\MrxSmb10' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'Start' ValueData = 4 } } - + if ($NoNameReleaseOnDemand) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand' { - Key = '\SYSTEM\CurrentControlSet\Services\Netbt\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Netbt\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'NoNameReleaseOnDemand' @@ -1448,36 +1448,36 @@ configuration DoD_Windows_11_v2r2 if ($DisableIPSourceRouting) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' ValueData = 2 } } - + if ($EnableICMPRedirect) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableICMPRedirect' ValueData = 0 } } - + if ($DisableIPSourceRoutingIPv6) { RegistryPolicyFile 'Registry(POL): HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting' { - Key = '\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' + Key = 'SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DisableIPSourceRouting' ValueData = 2 } } - + if ($AuditCredentialValidation) { AuditPolicySubcategory 'Audit Credential Validation (Success) - Inclusion' { @@ -1495,7 +1495,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSecurityGroupManagementSuccess) { AuditPolicySubcategory 'Audit Security Group Management (Success) - Inclusion' { @@ -1504,7 +1504,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditSecurityGroupManagementFailure) { AuditPolicySubcategory 'Audit Security Group Management (Failure) - Inclusion' { @@ -1513,7 +1513,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditUserAccountManagementSuccess) { AuditPolicySubcategory 'Audit User Account Management (Success) - Inclusion' { @@ -1522,7 +1522,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditUserAccountManagementFailure) { AuditPolicySubcategory 'Audit User Account Management (Failure) - Inclusion' { @@ -1531,7 +1531,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditPNPActivitySuccess) { AuditPolicySubcategory 'Audit PNP Activity (Success) - Inclusion' { @@ -1540,7 +1540,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditPNPActivityFailure) { AuditPolicySubcategory 'Audit PNP Activity (Failure) - Inclusion' { @@ -1549,7 +1549,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditProcessCreationSuccess) { AuditPolicySubcategory 'Audit Process Creation (Success) - Inclusion' { @@ -1567,7 +1567,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditAccountLockoutFailure) { AuditPolicySubcategory 'Audit Account Lockout (Failure) - Inclusion' { @@ -1576,7 +1576,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditAccountLockoutSuccess) { AuditPolicySubcategory 'Audit Account Lockout (Success) - Inclusion' { @@ -1585,7 +1585,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditGroupMembershipSuccess) { AuditPolicySubcategory 'Audit Group Membership (Success) - Inclusion' { @@ -1594,7 +1594,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditGroupMembershipFailure) { AuditPolicySubcategory 'Audit Group Membership (Failure) - Inclusion' { @@ -1603,7 +1603,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditLogoffSuccess) { AuditPolicySubcategory 'Audit Logoff (Success) - Inclusion' { @@ -1621,7 +1621,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditLogonSuccess) { AuditPolicySubcategory 'Audit Logon (Success) - Inclusion' { @@ -1630,7 +1630,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditLogonFailure) { AuditPolicySubcategory 'Audit Logon (Failure) - Inclusion' { @@ -1639,7 +1639,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditOtherLogonLogoffEventsSuccess) { AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Success) - Inclusion' { @@ -1648,7 +1648,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditOtherLogonLogoffEventsFailure) { AuditPolicySubcategory 'Audit Other Logon/Logoff Events (Failure) - Inclusion' { @@ -1657,7 +1657,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSpecialLogonSuccess) { AuditPolicySubcategory 'Audit Special Logon (Success) - Inclusion' { @@ -1675,7 +1675,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditDetailedFileShareFailure) { AuditPolicySubcategory 'Audit Detailed File Share (Failure) - Inclusion' { @@ -1684,7 +1684,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditDetailedFileShareSuccess) { AuditPolicySubcategory 'Audit Detailed File Share (Success) - Inclusion' { @@ -1693,7 +1693,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditFileShareSuccess) { AuditPolicySubcategory 'Audit File Share (Success) - Inclusion' { @@ -1702,7 +1702,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditFileShareFailure) { AuditPolicySubcategory 'Audit File Share (Failure) - Inclusion' { @@ -1711,7 +1711,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditOtherObjectAccessEventsSuccess) { AuditPolicySubcategory 'Audit Other Object Access Events (Success) - Inclusion' { @@ -1729,7 +1729,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditRemovableStorageSuccess) { AuditPolicySubcategory 'Audit Removable Storage (Success) - Inclusion' { @@ -1738,7 +1738,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditRemovableStorageFailure) { AuditPolicySubcategory 'Audit Removable Storage (Failure) - Inclusion' { @@ -1747,7 +1747,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditAuditPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Audit Policy Change (Success) - Inclusion' { @@ -1756,7 +1756,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditAuditPolicyChangeFailure) { AuditPolicySubcategory 'Audit Audit Policy Change (Failure) - Inclusion' { @@ -1774,7 +1774,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditAuthenticationPolicyChangeFailure) { AuditPolicySubcategory 'Audit Authentication Policy Change (Failure) - Inclusion' { @@ -1783,7 +1783,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditAuthorizationPolicyChangeSuccess) { AuditPolicySubcategory 'Audit Authorization Policy Change (Success) - Inclusion' { @@ -1792,7 +1792,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditAuthorizationPolicyChangeFailure) { AuditPolicySubcategory 'Audit Authorization Policy Change (Failure) - Inclusion' { @@ -1801,7 +1801,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditMPSSVCRuleLevelPolicyChangeSuccess) { AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Success) - Inclusion' { @@ -1810,7 +1810,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditMPSSVCRuleLevelPolicyChangeFailure) { AuditPolicySubcategory 'Audit MPSSVC Rule-Level Policy Change (Failure) - Inclusion' { @@ -1828,7 +1828,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditOtherPolicyChangeEventsFailure) { AuditPolicySubcategory 'Audit Other Policy Change Events (Failure) - Inclusion' { @@ -1837,7 +1837,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSensitivePrivilegeUseSuccess) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Success) - Inclusion' { @@ -1846,7 +1846,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditSensitivePrivilegeUseFailure) { AuditPolicySubcategory 'Audit Sensitive Privilege Use (Failure) - Inclusion' { @@ -1855,7 +1855,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditIPsecDriverFailure) { AuditPolicySubcategory 'Audit IPsec Driver (Failure) - Inclusion' { @@ -1864,7 +1864,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditIPsecDriverSuccess) { AuditPolicySubcategory 'Audit IPsec Driver (Success) - Inclusion' { @@ -1873,7 +1873,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditOtherSystemEventsSuccess) { AuditPolicySubcategory 'Audit Other System Events (Success) - Inclusion' { @@ -1882,7 +1882,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditOtherSystemEventsFailure) { AuditPolicySubcategory 'Audit Other System Events (Failure) - Inclusion' { @@ -1900,7 +1900,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditSecurityStateChangeFailure) { AuditPolicySubcategory 'Audit Security State Change (Failure) - Inclusion' { @@ -1909,7 +1909,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSecuritySystemExtensionSuccess) { AuditPolicySubcategory 'Audit Security System Extension (Success) - Inclusion' { @@ -1918,7 +1918,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditSecuritySystemExtensionFailure) { AuditPolicySubcategory 'Audit Security System Extension (Failure) - Inclusion' { @@ -1927,7 +1927,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($AuditSystemIntegritySuccess) { AuditPolicySubcategory 'Audit System Integrity (Success) - Inclusion' { @@ -1936,7 +1936,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Success' } } - + if ($AuditSystemIntegrityFailure) { AuditPolicySubcategory 'Audit System Integrity (Failure) - Inclusion' { @@ -1945,7 +1945,7 @@ configuration DoD_Windows_11_v2r2 AuditFlag = 'Failure' } } - + if ($UserRightsAssignmentDelegation) { UserRightsAssignment 'UserRightsAssignment(INF): Enable_computer_and_user_accounts_to_be_trusted_for_delegation' { @@ -1954,7 +1954,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Enable_computer_and_user_accounts_to_be_trusted_for_delegation' } } - + if ($UserRightsAssignmentNetworkAccess) { UserRightsAssignment 'UserRightsAssignment(INF): Access_this_computer_from_the_network' { @@ -1972,7 +1972,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Back_up_files_and_directories' } } - + if ($UserRightsAssignmentRestoreFiles) { UserRightsAssignment 'UserRightsAssignment(INF): Restore_files_and_directories' { @@ -1981,7 +1981,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Restore_files_and_directories' } } - + if ($UserRightsAssignmentVolumeMaintenance) { UserRightsAssignment 'UserRightsAssignment(INF): Perform_volume_maintenance_tasks' { @@ -1990,7 +1990,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Perform_volume_maintenance_tasks' } } - + if ($UserRightsAssignmentLoadUnloadDrivers) { UserRightsAssignment 'UserRightsAssignment(INF): Load_and_unload_device_drivers' { @@ -1999,7 +1999,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Load_and_unload_device_drivers' } } - + if ($UserRightsAssignmentLockPages) { UserRightsAssignment 'UserRightsAssignment(INF): Lock_pages_in_memory' { @@ -2008,7 +2008,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Lock_pages_in_memory' } } - + if ($UserRightsAssignmentTakeOwnership) { UserRightsAssignment 'UserRightsAssignment(INF): Take_ownership_of_files_or_other_objects' { @@ -2017,7 +2017,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Take_ownership_of_files_or_other_objects' } } - + if ($UserRightsAssignmentCreatePermanentSharedObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_permanent_shared_objects' { @@ -2026,7 +2026,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Create_permanent_shared_objects' } } - + if ($UserRightsAssignmentDenyNetworkAccess) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_access_to_this_computer_from_the_network' { @@ -2035,7 +2035,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Deny_access_to_this_computer_from_the_network' } } - + if ($UserRightsAssignmentCreateGlobalObjects) { UserRightsAssignment 'UserRightsAssignment(INF): Create_global_objects' { @@ -2053,7 +2053,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Deny_log_on_as_a_batch_job' } } - + if ($UserRightsAssignmentAccessCredentialManager) { UserRightsAssignment 'UserRightsAssignment(INF): Access_Credential_Manager_as_a_trusted_caller' { @@ -2062,7 +2062,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Access_Credential_Manager_as_a_trusted_caller' } } - + if ($UserRightsAssignmentImpersonateClient) { UserRightsAssignment 'UserRightsAssignment(INF): Impersonate_a_client_after_authentication' { @@ -2071,7 +2071,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Impersonate_a_client_after_authentication' } } - + if ($UserRightsAssignmentDenyLogOnAsService) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_as_a_service' { @@ -2080,7 +2080,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Deny_log_on_as_a_service' } } - + if ($UserRightsAssignmentForceShutdownRemote) { UserRightsAssignment 'UserRightsAssignment(INF): Force_shutdown_from_a_remote_system' { @@ -2089,7 +2089,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Force_shutdown_from_a_remote_system' } } - + if ($UserRightsAssignmentDenyLogOnLocally) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_locally' { @@ -2098,7 +2098,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Deny_log_on_locally' } } - + if ($UserRightsAssignmentCreateSymbolicLinks) { UserRightsAssignment 'UserRightsAssignment(INF): Create_symbolic_links' { @@ -2107,7 +2107,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Create_symbolic_links' } } - + if ($UserRightsAssignmentDebugPrograms) { UserRightsAssignment 'UserRightsAssignment(INF): Debug_programs' { @@ -2116,7 +2116,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Debug_programs' } } - + if ($UserRightsAssignmentAllowLogOnLocally) { UserRightsAssignment 'UserRightsAssignment(INF): Allow_log_on_locally' { @@ -2134,7 +2134,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Manage_auditing_and_security_log' } } - + if ($UserRightsAssignmentActAsPartOfOS) { UserRightsAssignment 'UserRightsAssignment(INF): Act_as_part_of_the_operating_system' { @@ -2143,7 +2143,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Act_as_part_of_the_operating_system' } } - + if ($UserRightsAssignmentProfileSingleProcess) { UserRightsAssignment 'UserRightsAssignment(INF): Profile_single_process' { @@ -2152,7 +2152,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Profile_single_process' } } - + if ($UserRightsAssignmentCreateTokenObject) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_token_object' { @@ -2161,7 +2161,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Create_a_token_object' } } - + if ($UserRightsAssignmentChangeSystemTime) { UserRightsAssignment 'UserRightsAssignment(INF): Change_the_system_time' { @@ -2170,7 +2170,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Change_the_system_time' } } - + if ($UserRightsAssignmentModifyFirmwareValues) { UserRightsAssignment 'UserRightsAssignment(INF): Modify_firmware_environment_values' { @@ -2179,7 +2179,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Modify_firmware_environment_values' } } - + if ($UserRightsAssignmentCreatePagefile) { UserRightsAssignment 'UserRightsAssignment(INF): Create_a_pagefile' { @@ -2188,7 +2188,7 @@ configuration DoD_Windows_11_v2r2 Policy = 'Create_a_pagefile' } } - + if ($UserRightsAssignmentDenyLogOnThroughRDS) { UserRightsAssignment 'UserRightsAssignment(INF): Deny_log_on_through_Remote_Desktop_Services' { @@ -2220,7 +2220,7 @@ configuration DoD_Windows_11_v2r2 } } - + if ($RestrictAnonymousAccess) { SecurityOption 'SecurityRegistry(INF): Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' { @@ -2228,7 +2228,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares' } } - + if ($StrongSessionKey) { SecurityOption 'SecurityRegistry(INF): Domain_member_Require_strong_Windows_2000_or_later_session_key' { @@ -2236,7 +2236,7 @@ configuration DoD_Windows_11_v2r2 Domain_member_Require_strong_Windows_2000_or_later_session_key = 'Enabled' } } - + if ($ElevateUIAccessApps) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' { @@ -2244,7 +2244,7 @@ configuration DoD_Windows_11_v2r2 Name = 'User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations' } } - + if ($MinimumSessionSecurityNTLM) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers' { @@ -2252,7 +2252,7 @@ configuration DoD_Windows_11_v2r2 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers = 'Both options checked' } } - + if ($AllowLocalSystemNullSessionFallback) { SecurityOption 'SecurityRegistry(INF): Network_security_Allow_LocalSystem_NULL_session_fallback' { @@ -2268,7 +2268,7 @@ configuration DoD_Windows_11_v2r2 Name = 'System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing' } } - + if ($LANManagerAuthenticationLevel) { SecurityOption 'SecurityRegistry(INF): Network_security_LAN_Manager_authentication_level' { @@ -2276,7 +2276,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Network_security_LAN_Manager_authentication_level' } } - + if ($DisableMachineAccountPasswordChanges) { SecurityOption 'SecurityRegistry(INF): Domain_member_Disable_machine_account_password_changes' { @@ -2284,7 +2284,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Domain_member_Disable_machine_account_password_changes' } } - + if ($InteractiveLogonMessageTitle) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_title_for_users_attempting_to_log_on' { @@ -2292,7 +2292,7 @@ configuration DoD_Windows_11_v2r2 Interactive_logon_Message_title_for_users_attempting_to_log_on = 'US Department of Defense Warning Statement' } } - + if ($DigitallySignSecureChannelData) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_sign_secure_channel_data_when_possible' { @@ -2300,7 +2300,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Domain_member_Digitally_sign_secure_channel_data_when_possible' } } - + if ($LimitLocalAccountUseOfBlankPasswords) { SecurityOption 'SecurityRegistry(INF): Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only' { @@ -2308,7 +2308,7 @@ configuration DoD_Windows_11_v2r2 Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' } } - + if ($VirtualizeFileAndRegistryFailures) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations' { @@ -2324,7 +2324,7 @@ configuration DoD_Windows_11_v2r2 Interactive_logon_Machine_inactivity_limit = '900' } } - + if ($InteractiveLogonMessageText) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Message_text_for_users_attempting_to_log_on' { @@ -2332,7 +2332,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Interactive_logon_Message_text_for_users_attempting_to_log_on' } } - + if ($DigitallyEncryptSecureChannelData) { SecurityOption 'SecurityRegistry(INF): Domain_member_Digitally_encrypt_secure_channel_data_when_possible' { @@ -2340,7 +2340,7 @@ configuration DoD_Windows_11_v2r2 Domain_member_Digitally_encrypt_secure_channel_data_when_possible = 'Enabled' } } - + if ($UACStandardUserElevationPrompt) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' { @@ -2348,7 +2348,7 @@ configuration DoD_Windows_11_v2r2 Name = 'User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users' } } - + if ($UACAdminApprovalMode) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account' { @@ -2364,7 +2364,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Microsoft_network_server_Digitally_sign_communications_always' } } - + if ($NetworkClientDigitallySignCommunications) { SecurityOption 'SecurityRegistry(INF): Microsoft_network_client_Digitally_sign_communications_always' { @@ -2372,7 +2372,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Microsoft_network_client_Digitally_sign_communications_always' } } - + if ($MinimumSessionSecurityNTLMSP) { SecurityOption 'SecurityRegistry(INF): Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients' { @@ -2380,7 +2380,7 @@ configuration DoD_Windows_11_v2r2 Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients = 'Both options checked' } } - + if ($UACRunAllAdminsInAdminApprovalMode) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' { @@ -2388,7 +2388,7 @@ configuration DoD_Windows_11_v2r2 Name = 'User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode' } } - + if ($UACDetectApplicationInstallations) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Detect_application_installations_and_prompt_for_elevation' { @@ -2396,7 +2396,7 @@ configuration DoD_Windows_11_v2r2 Name = 'User_Account_Control_Detect_application_installations_and_prompt_for_elevation' } } - + if ($DoNotAllowAnonymousEnumeration) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts' { @@ -2404,7 +2404,7 @@ configuration DoD_Windows_11_v2r2 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = 'Enabled' } } - + if ($ConfigureEncryptionTypesKerberos) { SecurityOption 'SecurityRegistry(INF): Network_security_Configure_encryption_types_allowed_for_Kerberos' { @@ -2420,7 +2420,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers' } } - + if ($InteractiveLogonPreviousLogonsCache) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' { @@ -2428,7 +2428,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available' } } - + if ($MaxMachineAccountPasswordAge) { SecurityOption 'SecurityRegistry(INF): Domain_member_Maximum_machine_account_password_age' { @@ -2436,7 +2436,7 @@ configuration DoD_Windows_11_v2r2 Domain_member_Maximum_machine_account_password_age = '30' } } - + if ($DoNotAllowAnonymousEnumerationShares) { SecurityOption 'SecurityRegistry(INF): Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares' { @@ -2444,7 +2444,7 @@ configuration DoD_Windows_11_v2r2 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = 'Enabled' } } - + if ($ForceAuditPolicySubcategorySettings) { SecurityOption 'SecurityRegistry(INF): Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings' { @@ -2452,7 +2452,7 @@ configuration DoD_Windows_11_v2r2 Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings = 'Enabled' } } - + if ($StrengthenDefaultPermissions) { SecurityOption 'SecurityRegistry(INF): System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' { @@ -2460,7 +2460,7 @@ configuration DoD_Windows_11_v2r2 Name = 'System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links' } } - + if ($AllowPKU2UAuthenticationRequests) { SecurityOption 'SecurityRegistry(INF): Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities' { @@ -2476,7 +2476,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always' } } - + if ($SmartCardRemovalBehavior) { SecurityOption 'SecurityRegistry(INF): Interactive_logon_Smart_card_removal_behavior' { @@ -2484,7 +2484,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Interactive_logon_Smart_card_removal_behavior' } } - + if ($DoNotStoreLANManagerHash) { SecurityOption 'SecurityRegistry(INF): Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change' { @@ -2492,7 +2492,7 @@ configuration DoD_Windows_11_v2r2 Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change = 'Enabled' } } - + if ($EveryonePermissionsForAnonymousUsers) { SecurityOption 'SecurityRegistry(INF): Network_access_Let_Everyone_permissions_apply_to_anonymous_users' { @@ -2500,7 +2500,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Network_access_Let_Everyone_permissions_apply_to_anonymous_users' } } - + if ($LDAPClientSigningRequirements) { SecurityOption 'SecurityRegistry(INF): Network_security_LDAP_client_signing_requirements' { @@ -2508,7 +2508,7 @@ configuration DoD_Windows_11_v2r2 Network_security_LDAP_client_signing_requirements = 'Negotiate Signing' } } - + if ($UACAdminElevationPromptBehavior) { SecurityOption 'SecurityRegistry(INF): User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode' { @@ -2516,7 +2516,7 @@ configuration DoD_Windows_11_v2r2 User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode = 'Prompt for consent on the secure desktop' } } - + if ($AccountLockoutDuration) { AccountPolicy 'SecuritySetting(INF): LockoutDuration' { @@ -2524,7 +2524,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Account_lockout_duration' } } - + if ($AccountLockoutThreshold) { AccountPolicy 'SecuritySetting(INF): LockoutBadCount' { @@ -2540,7 +2540,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Reset_account_lockout_counter_after' } } - + if ($RenameGuestAccount) { SecurityOption 'SecuritySetting(INF): NewGuestName' { @@ -2548,7 +2548,7 @@ configuration DoD_Windows_11_v2r2 Accounts_Rename_guest_account = 'Visitor' } } - + if ($MinimumPasswordAge) { AccountPolicy 'SecuritySetting(INF): MinimumPasswordAge' { @@ -2556,7 +2556,7 @@ configuration DoD_Windows_11_v2r2 Minimum_Password_Age = 1 } } - + if ($PasswordComplexity) { AccountPolicy 'SecuritySetting(INF): PasswordComplexity' { @@ -2564,7 +2564,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Password_must_meet_complexity_requirements' } } - + if ($PasswordHistorySize) { AccountPolicy 'SecuritySetting(INF): PasswordHistorySize' { @@ -2572,7 +2572,7 @@ configuration DoD_Windows_11_v2r2 Enforce_password_history = 24 } } - + if ($AnonymousNameLookup) { SecurityOption 'SecuritySetting(INF): LSAAnonymousNameLookup' { @@ -2588,7 +2588,7 @@ configuration DoD_Windows_11_v2r2 Minimum_Password_Length = 14 } } - + if ($EnableAdminAccount) { SecurityOption 'SecuritySetting(INF): EnableAdminAccount' { @@ -2596,7 +2596,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Accounts_Administrator_account_status' } } - + if ($NewAdministratorName) { SecurityOption 'SecuritySetting(INF): NewAdministratorName' { @@ -2604,7 +2604,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Accounts_Rename_administrator_account' } } - + if ($EnableGuestAccount) { SecurityOption 'SecuritySetting(INF): EnableGuestAccount' { @@ -2612,7 +2612,7 @@ configuration DoD_Windows_11_v2r2 Accounts_Guest_account_status = 'Disabled' } } - + if ($MaximumPasswordAge) { AccountPolicy 'SecuritySetting(INF): MaximumPasswordAge' { @@ -2620,7 +2620,7 @@ configuration DoD_Windows_11_v2r2 Name = 'Maximum_Password_Age' } } - + if ($ClearTextPassword) { AccountPolicy 'SecuritySetting(INF): ClearTextPassword' { @@ -2630,4 +2630,3 @@ configuration DoD_Windows_11_v2r2 } } - diff --git a/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.schema.psm1 b/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.schema.psm1 index 97218b0..487f6ee 100644 --- a/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.schema.psm1 +++ b/DSCResources/DoD_Windows_Defender_Firewall_v2r2/DoD_Windows_Defender_Firewall_v2r2.schema.psm1 @@ -32,51 +32,51 @@ configuration DoD_Windows_Defender_Firewall_v2r2 if ($PolicyVersion) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PolicyVersion' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'PolicyVersion' ValueData = 539 } } - + if ($EnableFirewall) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableFirewall' ValueData = 1 } } - + if ($DefaultOutboundAction) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultOutboundAction' ValueData = 0 } } - + if ($DefaultInboundAction) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultInboundAction' ValueData = 1 } } - + if ($LogFileSize) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFileSize' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LogFileSize' @@ -87,73 +87,73 @@ configuration DoD_Windows_Defender_Firewall_v2r2 if ($LogDroppedPackets_Domain) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogDroppedPackets' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LogDroppedPackets' ValueData = 1 } } - + if ($LogSuccessfulConnections_Domain) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogSuccessfulConnections' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LogSuccessfulConnections' ValueData = 1 } } - + if ($EnableFirewall_Private) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableFirewall' ValueData = 1 } } - + if ($DefaultOutboundAction_Private) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultOutboundAction' ValueData = 0 } } - + if ($DefaultInboundAction_Private) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultInboundAction' ValueData = 1 } } - + if ($LogFileSize_Private) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogFileSize' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LogFileSize' ValueData = 16384 } } - + if ($LogDroppedPackets_Private) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogDroppedPackets' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LogDroppedPackets' @@ -164,62 +164,62 @@ configuration DoD_Windows_Defender_Firewall_v2r2 if ($LogSuccessfulConnections_Private) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\LogSuccessfulConnections' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LogSuccessfulConnections' ValueData = 1 } } - + if ($EnableFirewall_Public) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'EnableFirewall' ValueData = 1 } } - + if ($DefaultOutboundAction_Public) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultOutboundAction' ValueData = 0 } } - + if ($DefaultInboundAction_Public) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'DefaultInboundAction' ValueData = 1 } } - + if ($AllowLocalPolicyMerge) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowLocalPolicyMerge' ValueData = 0 } } - + if ($AllowLocalIPsecPolicyMerge) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'AllowLocalIPsecPolicyMerge' @@ -230,29 +230,29 @@ configuration DoD_Windows_Defender_Firewall_v2r2 if ($LogFileSize_Public) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogFileSize' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LogFileSize' ValueData = 16384 } } - + if ($LogDroppedPackets_Public) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogDroppedPackets' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LogDroppedPackets' ValueData = 1 } } - + if ($LogSuccessfulConnections_Public) { RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\LogSuccessfulConnections' { - Key = '\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' + Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' ValueType = 'Dword' TargetType = 'ComputerConfiguration' ValueName = 'LogSuccessfulConnections' @@ -260,4 +260,3 @@ configuration DoD_Windows_Defender_Firewall_v2r2 } } } -