added support for 2012 DC V3R2 (#908)

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## [Unreleased]
 
+* Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 R2 DC STIG- Ver 3, Rel 2 [#902](https://github.com/microsoft/PowerStig/issues/902)
 * Update PowerSTIG to successfully parse/apply Microsoft IIS 10.0 SITE/SERVER STIG V2R2: [#882](https://github.com/microsoft/PowerStig/issues/882)
 * Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 Server Domain Name System STIG - Ver 2, Rel 2  [#896](https://github.com/microsoft/PowerStig/issues/896)
 * Update PowerSTIG to successfully parse/apply SQL Server 2016 Instance STIG- Ver 2, Rel 3 [#905](https://github.com/microsoft/PowerStig/issues/905)

source/StigData/Archive/Windows.Server.2012R2/U_MS_Windows_2012_and_2012_R2_DC_STIG_V3R2_Manual-xccdf.log

@@ -0,0 +1,28 @@
+V-226048::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-226064::"Store password using reversible encryption"::"Store passwords using reversible encryption"
+V-226066::0 or greater than 600 minutes::"0" or greater than "600" minutes
+V-226067::0 or greater than 10 hours::"0" or greater than "10" hours
+V-226068::is greater than 7 days::is greater than "7" days
+V-226069::is greater than 5 minutes::is greater than "5" minutes
+V-226062::"Minimum password length,"::"Minimum password length"
+V-226070::*::''
+V-226194::Value: 0x00000001 (1) ::Value: 1 Or 2
+V-226256::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Certificate Revocation Checking service information'}
+V-226236::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-226053::*::HardCodedRule(AuditSettingRule)@{DscResource = 'AuditSetting'; DesiredValue = '6.3.9600.17415'; Operator = '-ge'; Property = 'Version'; Query = "SELECT * FROM CIM_Datafile WHERE FileName='powershell' AND Path LIKE '%\\Windows\\System32\\WindowsPowerShell\\v1.0\\%' AND Extension='exe'"}
+V-226054::Registry Path: \SOFTWARE\ Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\::Registry Path: \SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\
+V-226339::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'ConsentPromptBehaviorAdmin'; ValueType = 'Dword'; ValueData = $null; OrganizationValueTestString = "'{0}' -le '4'"}
+V-226071::The following results should be displayed:::C:\Windows\SYSVOL
+V-226071::NT AUTHORITY\Authenticated Users:(RX)::Type - "Allow" for all
+V-226071::NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(GR,GE)::Inherited from - "None" for all
+V-226071::BUILTIN\Server Operators:(RX)::Principal - Access - Applies to
+V-226071::BUILTIN\Server Operators:(OI)(CI)(IO)(GR,GE)::Authenticated Users - Read & execute - This folder, subfolder, and files
+V-226071::BUILTIN\Administrators:(M,WDAC,WO)::''
+V-226071::BUILTIN\Administrators:(OI)(CI)(IO)(F)::Server Operators - Read & execute - This folder, subfolder, and files
+V-226071::NT AUTHORITY\SYSTEM:(F)::Administrators - all selected except Full control - This folder only
+V-226071::NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)::CREATOR OWNER - Full control - Subfolders and files only
+V-226071::CREATOR OWNER:(OI)(CI)(IO)(F)::Administrators - Full control - Subfolders and files only
+V-226071::(RX) - Read & execute::SYSTEM - Full control - This folder, subfolders, and files
+V-226076::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient'; ValueName = 'Enabled'; ValueType = 'Dword'; ValueData = '1'}<splitrule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient'; ValueName = 'Type'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(NoSync|NTP|NT5DS|AllSync)$'"}
+V-226289::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-226288::assistants.  Such communications and work product are private and confidential.  See::assistants. Such communications and work product are private and confidential. See

source/StigData/Processed/WindowsServer-2012R2-DC-3.2.org.default.xml

@@ -0,0 +1,97 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="3.2">
+  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+  <OrganizationalSetting id="V-226048" ServiceName="" StartupType="" />
+  <!-- Ensure ''V-226056'' -ge '15' -or ''V-226056'' -eq '0'-->
+  <OrganizationalSetting id="V-226056" PolicyValue="15" />
+  <!-- Ensure ''V-226057'' -le '3' -and ''V-226057'' -ne '0'-->
+  <OrganizationalSetting id="V-226057" PolicyValue="3" />
+  <!-- Ensure ''V-226058'' -ge '15'-->
+  <OrganizationalSetting id="V-226058" PolicyValue="15" />
+  <!-- Ensure ''V-226059'' -ge '24'-->
+  <OrganizationalSetting id="V-226059" PolicyValue="24" />
+  <!-- Ensure ''V-226060'' -le '60' -and ''V-226060'' -ne '0'-->
+  <OrganizationalSetting id="V-226060" PolicyValue="60" />
+  <!-- Ensure ''V-226061'' -ne '0'-->
+  <OrganizationalSetting id="V-226061" PolicyValue="1" />
+  <!-- Ensure ''V-226062'' -ge '14'-->
+  <OrganizationalSetting id="V-226062" PolicyValue="14" />
+  <!-- Ensure ''V-226066'' -le '600' -and ''V-226066'' -ne '0'-->
+  <OrganizationalSetting id="V-226066" PolicyValue="600" />
+  <!-- Ensure ''V-226067'' -le '10' -and ''V-226067'' -ne '0'-->
+  <OrganizationalSetting id="V-226067" PolicyValue="10" />
+  <!-- Ensure ''V-226068'' -le '7'-->
+  <OrganizationalSetting id="V-226068" PolicyValue="7" />
+  <!-- Ensure ''V-226069'' -le '5'-->
+  <OrganizationalSetting id="V-226069" PolicyValue="5" />
+  <!-- Ensure ''V-226076.b'' -match '^(NoSync|NTP|NT5DS|AllSync)$'-->
+  <OrganizationalSetting id="V-226076.b" ValueData="NT5DS" />
+  <!-- Ensure ''V-226077'' -match '2|3'-->
+  <OrganizationalSetting id="V-226077" ValueData="3" />
+  <!-- Ensure ''V-226190'' -ge '32768'-->
+  <OrganizationalSetting id="V-226190" ValueData="32768" />
+  <!-- Ensure ''V-226191'' -ge '196608'-->
+  <OrganizationalSetting id="V-226191" ValueData="196608" />
+  <!-- Ensure ''V-226192'' -ge '32768'-->
+  <OrganizationalSetting id="V-226192" ValueData="32768" />
+  <!-- Ensure ''V-226193'' -ge '32768'-->
+  <OrganizationalSetting id="V-226193" ValueData="32768" />
+  <!-- Ensure ''V-226194'' -match '1|2'-->
+  <OrganizationalSetting id="V-226194" ValueData="2" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-226236" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Certificate Revocation Checking service information-->
+  <OrganizationalSetting id="V-226256" ServiceName="" StartupType="" />
+  <!-- Ensure location for DoD Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-226261.a" Location="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-226261.b" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-226261.c" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-226261.d" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-226262.a" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 1 certificate is present-->
+  <OrganizationalSetting id="V-226262.b" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-226263" Location="" />
+  <!-- Ensure ''V-226273'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-226273" OptionValue="" />
+  <!-- Ensure ''V-226274'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-226274" OptionValue="" />
+  <!-- Ensure ''V-226283'' -le '30' -and ''V-226283'' -gt '0'-->
+  <OrganizationalSetting id="V-226283" ValueData="30" />
+  <!-- Ensure ''V-226287'' -le '900' -and ''V-226287'' -gt '0'-->
+  <OrganizationalSetting id="V-226287" ValueData="900" />
+  <!-- Ensure ''V-226289'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-226289" ValueData="DoD Notice and Consent Banner" />
+  <!-- Ensure ''V-226290'' -le '4'-->
+  <OrganizationalSetting id="V-226290" ValueData="4" />
+  <!-- Ensure ''V-226291'' -ge '14'-->
+  <OrganizationalSetting id="V-226291" ValueData="14" />
+  <!-- Ensure ''V-226292'' -match '1|2'-->
+  <OrganizationalSetting id="V-226292" ValueData="1" />
+  <!-- Ensure ''V-226296'' -le '15'-->
+  <OrganizationalSetting id="V-226296" ValueData="15" />
+  <!-- Ensure ''V-226305'' -le '300000'-->
+  <OrganizationalSetting id="V-226305" ValueData="300000" />
+  <!-- Ensure ''V-226310'' -le '5'-->
+  <OrganizationalSetting id="V-226310" ValueData="5" />
+  <!-- Ensure ''V-226311'' -le '3'-->
+  <OrganizationalSetting id="V-226311" ValueData="3" />
+  <!-- Ensure ''V-226312'' -le '3'-->
+  <OrganizationalSetting id="V-226312" ValueData="3" />
+  <!-- Ensure ''V-226313'' -le '90'-->
+  <OrganizationalSetting id="V-226313" ValueData="90" />
+  <!-- Ensure ''V-226339'' -le '4'-->
+  <OrganizationalSetting id="V-226339" ValueData="4" />
+  <!-- Ensure ''V-226379'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-226379" Identity="Administrators" />
+</OrganizationalSettings>