empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

CIS - WIN10 - 18.6.x and 18.7.x policies (#10344)

Browse Source
This commit is contained in:
RachelElysia 2023-03-10 14:29:26 -05:00 committed by GitHub
parent c80bec6f69
commit 3ee113911c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 81 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
ee/cis/win-10/cis-policy-queries.yml
View File

@ -1744,7 +1744,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\ForceKeyProtection' AND CAST(data AS INTEGER) >= 1);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.14.1
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -1769,7 +1769,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\kernel\\obcaseinsensitive' AND data != 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.15.1
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -1791,7 +1791,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\ProtectionMode' AND data != 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.15.2
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -2060,7 +2060,7 @@ spec:
To establish the recommended configuration via GP, set the following UI path to 16,384 KB or greater:
'Computer Configuration\Policies\Windows Settings\Security Settings\Windows Defender Firewall with Advanced Security\Windows Defender Firewall with Advanced Security - Local Group Policy Object\Windows Defender Firewall Properties\Domain Profile\Logging Customize\Size limit (KB)'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFileSize' and CAST(data as integer) >= 16384 );
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFileSize' and CAST(data as integer) >= 16384 );
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.6
contributors: DefensiveDepth
@ -2098,7 +2098,7 @@ spec:
To establish the recommended configuration via GP, set the following UI path to Yes.
'Computer Configuration\Policies\Windows Settings\Security Settings\Windows Defender Firewall with Advanced Security\Windows Defender Firewall with Advanced Security - Local Group Policy Object\Windows Defender Firewall Properties\Domain Profile\Logging Customize\Log successful connections'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogSuccessfulConnections' and data = 1 );
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogSuccessfulConnections' and data = 1 );
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.8
contributors: DefensiveDepth
@ -2521,3 +2521,76 @@ spec:
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.1.3
contributors: rachelelysia
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled'
platforms: win10
platform: windows
description: |
This policy setting controls whether the Print Spooler service will accept client connections.
resolution: |
To establish the recommended configuration via GP, set the following UI path to Disabled:
'Computer Configuration\Policies\Administrative Templates\Printers\Allow Print Spooler to accept client connections'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Printers\RegisterSpoolerRemoteRpcEndPoint' AND data = 2);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.6.1
contributors: rachelelysia
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'
platforms: win10
platform: windows
description: |
This policy setting controls whether computers will show a warning and a security elevation prompt when users create a new printer connection using Point and Print.
resolution: |
To establish the recommended configuration via GP, set the following UI path to 'Enabled: Show warning and elevation prompt':
'Computer Configuration\Policies\Administrative Templates\Printers\Point and Print Restrictions: When installing drivers for a new connection'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Printers\PointAndPrint\\NoWarningNoElevationOnInstall' AND data = 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.6.2
contributors: rachelelysia
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt'
platforms: win10
platform: windows
description: |
This policy setting controls whether computers will show a warning and a security elevation prompt when users are updating drivers for an existing connection using Point and Print.
resolution: |
To establish the recommended configuration via GP, set the following UI path to 'Enabled: Show warning and elevation prompt':
'Computer Configuration\Policies\Administrative Templates\Printers\Point and Print Restrictions: When updating drivers for an existing connection'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Printers\PointAndPrint\\UpdatePromptSettings' AND data = 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.6.3
contributors: rachelelysia
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Turn off notifications network usage' is set to 'Enabled'
platforms: win10
platform: windows
description: |
This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw notifications. This policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to poll application services to update tiles.
resolution: |
To establish the recommended configuration via GP, set the following UI path to Enabled:
'Computer Configuration\Policies\Administrative Templates\Start Menu and Taskbar\Turn off notifications network usage'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications\NoCloudApplicationNotification' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.7.1.1
contributors: rachelelysia
---

3
ee/cis/win-10/test/instructions/CIS_18.6-18.7.txt Normal file
View File

@ -0,0 +1,3 @@
This page is intentionally left blank.
Please see policy queries' description and resolution to properly set and remediate group policy.