Review every Windows 2012 R2 policy

wazuh · Jun 18, 2019 · bc75ae2 · bc75ae2
1 parent db1758b
commit bc75ae2
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 29 deletions.
diff --git a/sca/windows/cis_win2012r2_domainL1_rcl.yml b/sca/windows/cis_win2012r2_domainL1_rcl.yml
@@ -1810,18 +1810,18 @@ checks:
       - 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> PreXPSP2ShellProtocolBehavior -> 0'
 
   - id: 8125
-    title: "Ensure 'Prevent the usage of SkyDrive for file storage' is set to 'Enabled'"
-    description: "This policy setting lets you prevent apps and features from working with files on SkyDrive. The recommended state for this setting is: Enabled."
-    rationale: "Enabling this setting prevents users from accidentally uploading confidential or sensitive corporate information to SkyDrive cloud service."
+    title: "Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'"
+    description: "This policy setting lets you prevent apps and features from working with files on OneDrive using the Next Generation Sync Client. The recommended state for this setting is: Enabled."
+    rationale: "Enabling this setting prevents users from accidentally uploading confidential or sensitive corporate information to the OneDrive cloud service using the Next Generation Sync Client."
     remediation: "To establish the recommended configuration via GP, set the following UI path to Enabled: Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\OneDrive\\Prevent the usage of OneDrive for file storage Note: This Group Policy path may not exist by default. It is provided by the Group Policy template SkyDrive.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer). However, we strongly recommend you only use the version included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer). Older versions of the templates had conflicting settings in different template files for both OneDrive & SkyDrive, until it was cleaned up properly in the above version.  Note #2: In older Microsoft Windows Administrative Templates, this setting was named Prevent the usage of SkyDrive for file storage, but it was renamed starting with the Windows 10 RTM (Release 1507) Administrative Templates"
     compliance:
       - cis: "18.9.52.1"
       - cis_csc: "13"
     condition: all
     rules:
       - 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive'
-      - 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSync'
-      - 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSync -> 1'
+      - 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSyncNGSC'
+      - 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSyncNGSC -> 1'
 
   - id: 8126
     title: "Ensure 'Do not allow passwords to be saved' is set to 'Enabled'"

diff --git a/sca/windows/cis_win2012r2_domainL2_rcl.yml b/sca/windows/cis_win2012r2_domainL2_rcl.yml
@@ -473,7 +473,7 @@ checks:
     compliance:
       - cis: "18.8.46.1"
       - cis_csc: "13"
-    condition: any
+    condition: all
     rules:
       - 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo'
       - 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> DisabledByGroupPolicy'