Skip to content

kevinblumenfeld/Indented.SecurityPolicy

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

Indented.SecurityPolicy

Indented.SecurityPolicy

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

appveyor.yml

appveyor.yml

 
 

readme.md

readme.md

 
 

Repository files navigation

Build status

Indented.SecurityPolicy

This module provides commands and DSC resources for manipulating and maintaining User Rights Assignment, Security Options, and Group Managed Service Account installation.

Installation

Install-Module Indented.SecurityPolicy

Commands

The commands below are exported by this module.

User rights

Security Option

Service accounts

DSC resources

The following DSC resources are made available.

GroupManagedServiceAccount

  • Ensure - Optional. Present by default.
  • Name - Mandatory. The SamAccountName of the account to install.

Example usage:

GroupManagedServiceAccount AccountName {
    Ensure = 'Present'
    Name   = 'Username$'
}

RegistryPolicy

  • Ensure - Optional. Present by default.
  • Name - Key. The name of the policy, a registry value.
  • Path - Key. The path to the registry key.
  • Data - Optional. Should be defined if Ensure is present.
  • ValueType - Optional. String by default. Permissible values: String, DWord, QWord, MultiString, and Binary.

A helper resource used to configure arbitrary policies.

RegistryPolicy LocalAccountTokenFilterPolicy {
    Ensure    = 'Present'
    Name      = 'LocalAccountTokenFilterPolicy'
    Path      = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
    Data      = 0
    ValueType = 'DWord'
}

SecurityOption

  • Ensure - Optional. Present by default.
  • Name - Key. The name or descriptive name of the policy. See Resolve-SecurityOption.
  • Value - Optional. Should be defined if Ensure is present. A value consistent with the value type for the option.

Policies may be referenced either using the short name, see Resolve-SecurityOption, or the long policy name.

Example usage:

SecurityOption EnableLUA {
    Ensure = 'Present'
    Name   = 'EnableLUA'
    Value  = 'Enabled'
}

SecurityOption ShutdownWithoutLogon {
    Ensure = 'Present'
    Name   = 'Shutdown: Allow system to be shut down without having to log on'
    Value  = 'Enabled'
}

UserRightAssignment

  • Ensure - Optional. Present by default.
  • Name - Mandatory. The name or descriptive name of a policy.
  • AccountName - An array of accounts to add or remove. To clear the right, set Ensure to absent, and leave this list empty.
  • Replace - By default principals are added to, or removed from, the list. Setting replace to true rewrites the list.
  • Description - NotConfigurable Set by the resource to the descriptive name of the policy.

Rights may be referenced either using the short name, see Resolve-UserRight, or the long right name.

Example usage:

UserRightAssignment SeMachineAccountPrivilege {
    Ensure      = 'Present'
    Name        = 'Add workstations to domain'
    AccountName = 'Account1', 'Account2'
}

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • PowerShell 87.7%
  • C# 12.3%