Skip to content
/ SecurityPolicyDsc Public
forked from dsccommunity/SecurityPolicyDsc

A wrapper around secedit.exe to confiugre local security policies

License

MIT license
0 stars 53 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bobbytreed/SecurityPolicyDsc

BranchesTags
 
 

Repository files navigation

SecurityPolicyDsc

A wrapper around secedit.exe to allow you to configure local security policies. This resource requires a Windows OS with secedit.exe.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

How to Contribute

If you would like to contribute to this repository, please read the DSC Resource Kit contributing guidelines.

Resources

  • UserRightsAssignment: Configures user rights assignments in local security policies.
  • SecurityTemplate: Configures user rights assignments that are defined in an INF file.
  • SecuritySetting: Configures additional Security Settings typically associated with SecurityPolicy.

UserRightsAssignment

  • Policy: The policy name of the user rights assignment to be configured.
  • Identity: The identity of the user or group to be added or removed from the user rights assignment.

SecurityTemplate

  • Path: Path to an INF file that defines the desired security policies.

SecuritySetting

  • Name: Name of Security Setting you are changing. Required to allow setting of any value without having to specify a hashtable or array while ensuring that resource has a KEY parameter.

For explanation of below settings, please consult Security Policy Reference.

https://technet.microsoft.com/en-us/library/dn452423(v=ws.11).aspx

  • ClearTextPassword:
  • DependsOn:
  • EnableAdminAccount:
  • EnableGuestAccount:
  • ForceLogoffWhenHourExpire:
  • LockoutBadCount:
  • LockoutDuration:
  • LSAAnonymousNameLookup:
  • MaxClockSkew:
  • MaximumPasswordAge:
  • MaxRenewAge:
  • MaxServiceAge:
  • MaxTicketAge:
  • MinimumPasswordAge:
  • MinimumPasswordLength:
  • NewAdministratorName:
  • NewGuestName:
  • PasswordComplexity:
  • PasswordHistorySize:
  • PsDscRunAsCredential:
  • ResetLockoutCount:
  • TicketValidateClient:

Versions

Unreleased

1.5.0.0

  • Refactored user rights assignment to read and test easier.

1.4.0.0

  • Fixed bug in which friendly name translation may fail if user or group contains 'S-'.
  • Fixed bug identified in issue 33 and 34 where Test-TargetResource would return false but was true

1.3.0.0

  • Added functionality to support BaselineManagement Module.
  • Updated UserRightsAssignment resource to respect dynamic local accounts.
  • Added SecuritySetting resource to process additional INF settings.

1.2.0.0

  • SecurityTemplate: Remove [ValidateNotNullOrEmpty()] attribute for IsSingleInstance parameter
  • Fixed typos

1.1.0.0

  • SecurityTemplate:
    • Made SecurityTemplate compatible with Nano Server
    • Fixed bug in which Path parameter failed when no User section was present

1.0.0.0

  • Initial release with the following resources:
    • UserRightsAssignment
    • SecurityTemplate

About

A wrapper around secedit.exe to confiugre local security policies

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • PowerShell 100.0%