Merge pull request #1206 from ruandersMSFT/dev

#1190 - Windows Server 2022 V1R1
microsoft · Mar 9, 2023 · d930d20 · d930d20
2 parents 6f4dae5 + 768f60f
commit d930d20
Show file tree

Hide file tree

Showing 13 changed files with 44,917 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@
 * Update PowerSTIG to Parse/Apply Google Chrome V2R8 [#1192](https://github.com/microsoft/PowerStig/issues/1192)
 * Update PowerSTIG to Parse/Apply Microsoft IIS 8.5 Site V2R7 & Server STIG V2R5 [#1195](https://github.com/microsoft/PowerStig/issues/1195)
 * Update PowerSTIG to Parse/Apply Microsoft Office 365 ProPlus V2R8 #1194: [#1194](https://github.com/microsoft/PowerStig/issues/1194)
+* Update PowerSTIG to Parse/Apply Microsoft Windows Server 2022 V1R1 STIG - Ver 1, Rel 1: [#1190](https://github.com/microsoft/PowerStig/issues/1190)
 * Update Readme to reflect all covered technologies [#1184](https://github.com/microsoft/PowerStig/issues/1184)
 
 ## [4.15.0] - 2022-12-29

diff --git a/README.md b/README.md
@@ -147,3 +147,4 @@ We are especially thankful for those who have contributed pull requests to the c
 * [@mikedzikowski](https://github.com/mikedzikowski) (Mike Dzikowski)
 * [@togriffith](https://github.com/mikedzikowski) (Tony Griffith)
 * [@hinderjd](https://github.com/hinderjd) (James Hinders)
+* [@ruandersMSFT](https://github.com/ruandersMSFT) (Russell Anderson)
diff --git a/source/Module/Common/Functions.XccdfXml.ps1 b/source/Module/Common/Functions.XccdfXml.ps1
@@ -451,6 +451,7 @@ function Split-BenchmarkId
             # The Windows Server 2012 and 2012 R2 STIGs are combined, so return the 2012R2
             $id = $id -replace '_2012_', '_2012R2_'
             $returnId = $id -replace ($windowsVariations -join '|'), 'WindowsServer'
+            $returnId = $returnId -replace 'MS_', ''
             continue
         }
         {$PSItem -match "Active_Directory"}

diff --git a/source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1 b/source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1
@@ -66,6 +66,9 @@ class AuditPolicyRuleConvert : AuditPolicyRule
         $thisSubcategory = $regex.Groups.Where(
             {$_.Name -eq 'subcategory'}
         ).Value
+
+        # Windows STIGS have 'Audit Audit' as part of the string, but the actual policy is 'Audit Policy Change'
+        $thisSubcategory = $thisSubcategory -replace 'Audit Audit', 'Audit'
 
         if (-not $this.SetStatus($thisSubcategory))
         {

diff --git a/...igData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R1_Manual-xccdf.log b/...igData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R1_Manual-xccdf.log
@@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.
diff --git a/...igData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R1_Manual-xccdf.xml b/...igData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R1_Manual-xccdf.xml
diff --git a/...igData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_MS_STIG_V1R1_Manual-xccdf.log b/...igData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_MS_STIG_V1R1_Manual-xccdf.log
@@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.