Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 a…

…nd 2012 R2 DC STIG- Ver 3, Rel 3 #1016
microsoft · Nov 24, 2021 · 9dee897 · 9dee897
1 parent 999e587
commit 9dee897
Show file tree

Hide file tree

Showing 5 changed files with 955 additions and 1,123 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## [Unreleased]
 
+* Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 and 2012 R2 DC STIG- Ver 3, Rel 3: [#1016](https://github.com/microsoft/PowerStig/issues/1016)
 * Update PowerSTIG to AccessControlDSC v1.4.2: [#976](https://github.com/microsoft/PowerStig/issues/976)
 * Update PowerSTIG to successfully parse/apply Microsoft IIS 10.0 SITE/SERVER STIG - Ver 2, Rel 4: [#980](https://github.com/microsoft/PowerStig/issues/980)
 * Update PowerSTIG to successfully parse/apply Canonical Ubuntu 18.04 LTS STIG - V2R5: [#994](https://github.com/microsoft/PowerStig/issues/994)

diff --git a/...and_2012_R2_DC_STIG_V3R1_Manual-xccdf.log → ...and_2012_R2_DC_STIG_V3R3_Manual-xccdf.log b/...and_2012_R2_DC_STIG_V3R1_Manual-xccdf.log → ...and_2012_R2_DC_STIG_V3R3_Manual-xccdf.log
@@ -12,6 +12,17 @@ V-226236::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Pres
 V-226053::*::HardCodedRule(AuditSettingRule)@{DscResource = 'AuditSetting'; DesiredValue = '6.3.9600.17415'; Operator = '-ge'; Property = 'Version'; Query = "SELECT * FROM CIM_Datafile WHERE FileName='powershell' AND Path LIKE '%\\Windows\\System32\\WindowsPowerShell\\v1.0\\%' AND Extension='exe'"}
 V-226054::Registry Path: \SOFTWARE\ Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\::Registry Path: \SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\
 V-226339::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'ConsentPromptBehaviorAdmin'; ValueType = 'Dword'; ValueData = $null; OrganizationValueTestString = "'{0}' -le '4'"}
+V-226071::The following results should be displayed:::C:\Windows\SYSVOL
+V-226071::NT AUTHORITY\Authenticated Users:(RX)::Type - "Allow" for all
+V-226071::NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(GR,GE)::Inherited from - "None" for all
+V-226071::BUILTIN\Server Operators:(RX)::Principal - Access - Applies to
+V-226071::BUILTIN\Server Operators:(OI)(CI)(IO)(GR,GE)::Authenticated Users - Read & execute - This folder, subfolder, and files
+V-226071::BUILTIN\Administrators:(M,WDAC,WO)::''
+V-226071::BUILTIN\Administrators:(OI)(CI)(IO)(F)::Server Operators - Read & execute - This folder, subfolder, and files
+V-226071::NT AUTHORITY\SYSTEM:(F)::Administrators - all selected except Full control - This folder only
+V-226071::NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)::CREATOR OWNER - Full control - Subfolders and files only
+V-226071::CREATOR OWNER:(OI)(CI)(IO)(F)::Administrators - Full control - Subfolders and files only
+V-226071::(RX) - Read & execute::SYSTEM - Full control - This folder, subfolders, and files
 V-226076::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient'; ValueName = 'Enabled'; ValueType = 'Dword'; ValueData = '1'}<splitrule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient'; ValueName = 'Type'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(NoSync|NTP|NT5DS|AllSync)$'"}
 V-226289::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
 V-226288::assistants.  Such communications and work product are private and confidential.  See::assistants. Such communications and work product are private and confidential. See
diff --git a/...and_2012_R2_DC_STIG_V3R1_Manual-xccdf.xml → ...and_2012_R2_DC_STIG_V3R3_Manual-xccdf.xml b/...and_2012_R2_DC_STIG_V3R1_Manual-xccdf.xml → ...and_2012_R2_DC_STIG_V3R3_Manual-xccdf.xml
diff --git a/...ndowsServer-2012R2-DC-3.1.org.default.xml → ...ndowsServer-2012R2-DC-3.3.org.default.xml b/...ndowsServer-2012R2-DC-3.1.org.default.xml → ...ndowsServer-2012R2-DC-3.3.org.default.xml
@@ -5,8 +5,8 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="3.1">
-  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+<OrganizationalSettings fullversion="3.3">
+    <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
   <OrganizationalSetting id="V-226048" ServiceName="" StartupType="" />
   <!-- Ensure ''V-226056'' -ge '15' -or ''V-226056'' -eq '0'-->
   <OrganizationalSetting id="V-226056" PolicyValue="15" />