Update PowerSTIG to successfully parse/apply Microsoft Windows Server…

… 2019 STIG - Ver 2, Rel 3 #1009
microsoft · Nov 23, 2021 · 07e7aec · 07e7aec
1 parent 999e587
commit 07e7aec
Show file tree

Hide file tree

Showing 10 changed files with 3,085 additions and 13,820 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## [Unreleased]
 
+* Update PowerSTIG to successfully parse/apply Microsoft Windows Server 2019 STIG - Ver 2, Rel 3: [#1009](https://github.com/microsoft/PowerStig/issues/1009)
 * Update PowerSTIG to AccessControlDSC v1.4.2: [#976](https://github.com/microsoft/PowerStig/issues/976)
 * Update PowerSTIG to successfully parse/apply Microsoft IIS 10.0 SITE/SERVER STIG - Ver 2, Rel 4: [#980](https://github.com/microsoft/PowerStig/issues/980)
 * Update PowerSTIG to successfully parse/apply Canonical Ubuntu 18.04 LTS STIG - V2R5: [#994](https://github.com/microsoft/PowerStig/issues/994)

diff --git a/...Server_2019_DC_STIG_V2R1_Manual-xccdf.log → ...Server_2019_DC_STIG_V2R3_Manual-xccdf.log b/...Server_2019_DC_STIG_V2R1_Manual-xccdf.log → ...Server_2019_DC_STIG_V2R3_Manual-xccdf.log
@@ -1,8 +1,15 @@
 V-205664::*::''
 V-205739::*::''
-V-205740::Administrators - Special - This folder only (Special = Basic Permissions: all selected except Full control)::Administrators - all selected except Full control - This folder only
-V-205740::execute-::execute -
-V-205740::(RX) - Read & execute::''
+V-205740::NT AUTHORITY\Authenticated Users:(RX)::C:\Windows\SYSVOL
+V-205740::NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(GR,GE)::Type - "Allow" for all
+V-205740::BUILTIN\Server Operators:(RX)::Inherited from - "None" for all
+V-205740::BUILTIN\Server Operators:(OI)(CI)(IO)(GR,GE)::Principal - Access - Applies to
+V-205740::BUILTIN\Administrators:(M,WDAC,WO)::Authenticated Users - Read & execute - This folder, subfolder, and files
+V-205740::BUILTIN\Administrators:(OI)(CI)(IO)(F)::Server Operators - Read & execute - This folder, subfolder, and files
+V-205740::NT AUTHORITY\SYSTEM:(F)::Administrators - all selected except Full control - This folder only
+V-205740::NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)::CREATOR OWNER - Full control - Subfolders and files only
+V-205740::CREATOR OWNER:(OI)(CI)(IO)(F)::Administrators - Full control - Subfolders and files only
+V-205740::(RX) - Read & execute::SYSTEM - Full control - This folder, subfolders, and files
 V-205756::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.
 V-205639::\SOFTWARE\ Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\::\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\
 V-205820::*::HardCodedRule(SecurityOptionRule)@{DscResource = 'SecurityOption'; OptionName = 'Domain_controller_LDAP_server_signing_requirements'; OptionValue = 'Require Signing'}

diff --git a/...Server_2019_DC_STIG_V2R1_Manual-xccdf.xml → ...Server_2019_DC_STIG_V2R3_Manual-xccdf.xml b/...Server_2019_DC_STIG_V2R1_Manual-xccdf.xml → ...Server_2019_DC_STIG_V2R3_Manual-xccdf.xml
diff --git a/...Server_2019_MS_STIG_V2R1_Manual-xccdf.log → ...Server_2019_MS_STIG_V2R3_Manual-xccdf.log b/...Server_2019_MS_STIG_V2R1_Manual-xccdf.log → ...Server_2019_MS_STIG_V2R3_Manual-xccdf.log
diff --git a/...Server_2019_MS_STIG_V2R1_Manual-xccdf.xml → ...Server_2019_MS_STIG_V2R3_Manual-xccdf.xml b/...Server_2019_MS_STIG_V2R1_Manual-xccdf.xml → ...Server_2019_MS_STIG_V2R3_Manual-xccdf.xml
diff --git a/...ws_Server_2019_STIG_V2R1_Manual-xccdf.xml → ...ws_Server_2019_STIG_V2R3_Manual-xccdf.xml b/...ws_Server_2019_STIG_V2R1_Manual-xccdf.xml → ...ws_Server_2019_STIG_V2R3_Manual-xccdf.xml
diff --git a/...WindowsServer-2019-DC-2.1.org.default.xml → ...WindowsServer-2019-DC-2.3.org.default.xml b/...WindowsServer-2019-DC-2.1.org.default.xml → ...WindowsServer-2019-DC-2.3.org.default.xml
@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.1">
+<OrganizationalSettings fullversion="2.3">
   <!-- Ensure ''V-205632'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
   <OrganizationalSetting id="V-205632" ValueData="DoD Notice and Consent Banner" />
   <!-- Ensure ''V-205633'' -le '900' -and ''V-205633'' -gt '0'-->

diff --git a/...a/Processed/WindowsServer-2019-DC-2.1.xml → ...a/Processed/WindowsServer-2019-DC-2.3.xml b/...a/Processed/WindowsServer-2019-DC-2.1.xml → ...a/Processed/WindowsServer-2019-DC-2.3.xml
diff --git a/...WindowsServer-2019-MS-2.1.org.default.xml → ...WindowsServer-2019-MS-2.3.org.default.xml b/...WindowsServer-2019-MS-2.1.org.default.xml → ...WindowsServer-2019-MS-2.3.org.default.xml
@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.1">
+<OrganizationalSettings fullversion="2.3">
   <!-- Ensure ''V-205632'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
   <OrganizationalSetting id="V-205632" ValueData="DoD Notice and Consent Banner" />
   <!-- Ensure ''V-205633'' -le '900' -and ''V-205633'' -gt '0'-->

diff --git a/...a/Processed/WindowsServer-2019-MS-2.1.xml → ...a/Processed/WindowsServer-2019-MS-2.3.xml b/...a/Processed/WindowsServer-2019-MS-2.1.xml → ...a/Processed/WindowsServer-2019-MS-2.3.xml