empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

CIS_WIN_18.5.9.2-BUG-FIX (#10955)

Browse Source 
1. FIX for **18.5.9.2** - successfully tested for positive/negative
cases.

2. BUG in **18.5.11.3** and **18.5.11.4** - Registry keys do not appear.
Moved to **`NON-COMPLETED`**
This commit is contained in:
Sharon Katz 2023-04-11 13:35:32 -04:00 committed by GitHub
parent a7f2b5244d
commit e76adbecc8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
ee/cis/win-10/cis-NON-COMPLETED-policy-queries.yml
View File

@ -340,6 +340,44 @@ spec:
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
platforms: win10
platform: windows
description: |
Although this "legacy" setting traditionally applied to the use of Internet Connection Sharing (ICS) in Windows 2000, Windows XP & Server 2003, this setting now freshly applies to the Mobile Hotspot feature in Windows 10 & Server 2016.
The recommended state for this setting is: Enabled.
resolution: |
To establish the recommended configuration via GP, set the following UI path to On (recommended):
'Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Sharing on your DNS domain network'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI' AND data = 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.11.3
contributors: DefensiveDepth
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'
platforms: win10
platform: windows
description: |
This policy setting determines whether to require domain users to elevate when setting a network's location.
The recommended state for this setting is: Enabled.
resolution: |
To establish the recommended configuration via GP, set the following UI path to On (recommended):
'Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Require domain users to elevate when setting a network's location'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.11.4
contributors: DefensiveDepth
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'

40
ee/cis/win-10/cis-policy-queries.yml
View File

@ -3950,7 +3950,7 @@ spec:
This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Service activities such as bandwidth estimation and network health analysis.
The recommended state for this setting is: Disabled.
resolution: |
To establish the recommended configuration via GP, set the following UI path to On (recommended):
To establish the recommended configuration via GP, set the following UI path to Disabled (recommended):
'Computer Configuration\Policies\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) driver'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD\EnableRspndr' AND data = 0);
@ -3998,44 +3998,6 @@ spec:
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
platforms: win10
platform: windows
description: |
Although this "legacy" setting traditionally applied to the use of Internet Connection Sharing (ICS) in Windows 2000, Windows XP & Server 2003, this setting now freshly applies to the Mobile Hotspot feature in Windows 10 & Server 2016.
The recommended state for this setting is: Enabled.
resolution: |
To establish the recommended configuration via GP, set the following UI path to On (recommended):
'Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Sharing on your DNS domain network'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI' AND data = 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.11.3
contributors: DefensiveDepth
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'
platforms: win10
platform: windows
description: |
This policy setting determines whether to require domain users to elevate when setting a network's location.
The recommended state for this setting is: Enabled.
resolution: |
To establish the recommended configuration via GP, set the following UI path to On (recommended):
'Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Require domain users to elevate when setting a network's location'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.11.4
contributors: DefensiveDepth
---
apiVersion: v1
kind: policy
spec:
name: >
CIS - Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled'