WindowsDnsServer
Brian Wilhite edited this page Sep 17, 2019
·
5 revisions
A composite DSC resource to manage the Windows Server DNS STIG settings
None
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| OsVersion | True | String | The version of the server operating system STIG to apply and monitor | 2012R2 |
| StigVersion | False | Version | The version of the Windows Server DNS STIG to apply and/or monitor | 1.7,1.9,'1.10' |
| ForestName | False | String | A string that sets the forest name for items such as security group. The input should be the FQDN of the forest. If this is omitted the forest name of the computer that generates the configuration will be used. | |
| DomainName | False | String | A string that sets the domain name for items such as security group. The input should be the FQDN of the domain. If this is omitted the domain name of the computer that generates the configuration will be used. | |
| Exception | False | PSObject | A hashtable of @{StigId = @{Property = 'Value'}} that is injected into the STIG data and applied to the target node. | |
| OrgSettings | False | PSObject | The path to the xml file that contains the local organizations preferred settings for STIG items that have allowable ranges. | |
| SkipRule | False | PSObject | The SkipRule Node is injected into the STIG data and applied to the taget node. The title of STIG settings are tagged with the text 'Skip' to identify the skips to policy across the data center when you centralize DSC log collection. | |
| SkipRuleType | False | PSObject | All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. |
<#
Use the embedded STIG data with default range values.
In this example, the Windows DNS Server 2012R2 V1R9 STIG is processed by the
composite resource and merges in the default values for any settings that have a valid range.
#>
configuration Example
{
param
(
[parameter()]
[string]
$NodeName = 'localhost'
)
Import-DscResource -ModuleName PowerStig
Node $NodeName
{
WindowsDnsServer DnsSettings
{
OsVersion = '2012R2'
StigVersion = '1.9'
DomainName = 'integation.test'
ForestName = 'integation.test'
}
}
}
Example<#
Use embedded STIG data and inject exception data. In this example,
the Windows DNS Server 2012R2 V1R9 STIG is processed by the
composite resource and merges in the default values for any settings
that have a valid range. Additionally, an exception is added inline
to the configuration, so that the setting in STIG ID V-58697.a would be
over written with the value 'Identity'='Administrators,DnsAdministrators'.
#>
configuration Example
{
param
(
[parameter()]
[string]
$NodeName = 'localhost'
)
Import-DscResource -ModuleName PowerStig
Node $NodeName
{
WindowsDnsServer DnsSettings
{
OsVersion = '2012R2'
StigVersion = '1.9'
DomainName = 'integation.test'
ForestName = 'integation.test'
Exception = @{"V-58697.a"=@{'Identity'='Administrators,DnsAdministrators'}}
}
}
}
Example<#
Use embedded STIG data and skip an entire rule set.
In this example, the Windows DNS Server 2012R2 V1R7 STIG is processed by the composite
resource and merges in the default values for any settings that have a valid range.
Additionally, a skip is added inline to the configuration, so that the setting for all
STIG ID's with the type 'UserRightRule' would be marked to skip configuration when applied.
#>
configuration Example
{
param
(
[parameter()]
[string]
$NodeName = 'localhost'
)
Import-DscResource -ModuleName PowerStig
Node $NodeName
{
WindowsDnsServer DnsSettings
{
OsVersion = '2012R2'
StigVersion = '1.7'
DomainName = 'integation.test'
ForestName = 'integation.test'
SkipRuleType = 'UserRightRule'
}
}
}
Example