From 6aab8d0ef1e4792ec30cb9285feed3db54d928c0 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 11:40:44 -0400 Subject: [PATCH 01/13] Fix for issue #14 Signed-off-by: George Nalen --- tasks/section18.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section18.yml b/tasks/section18.yml index 736cb8f..4329e93 100644 --- a/tasks/section18.yml +++ b/tasks/section18.yml @@ -237,7 +237,7 @@ win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel name: DisableExceptionChainValidation - data: 1 + data: 0 type: dword state: present when: From 9fb83eb6d3aaab0092d08978611e0e47c5fddfc8 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 12:41:16 -0400 Subject: [PATCH 02/13] Addressed issue #15 Signed-off-by: George Nalen --- tasks/section18.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/section18.yml b/tasks/section18.yml index 4329e93..cf00a7b 100644 --- a/tasks/section18.yml +++ b/tasks/section18.yml @@ -271,8 +271,8 @@ win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters state: present - name: NodeType - value: "{{ netbt_nodetype }}" + value: NodeType + data: "{{ netbt_nodetype }}" datatype: dword when: - rule_18_3_6 From dc585b5f4cd9e19e0fce2ed169b8e6fc8d3ec319 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 13:20:53 -0400 Subject: [PATCH 03/13] Fix for issue #16 Signed-off-by: George Nalen --- tasks/section18.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section18.yml b/tasks/section18.yml index cf00a7b..1cafa6f 100644 --- a/tasks/section18.yml +++ b/tasks/section18.yml @@ -745,7 +745,7 @@ win_regedit: path: HKLM:\Software\Policies\Microsoft\Windows\Wcmsvc\Grouppolicy name: fMinimizeConnections - data: 1 + data: 3 type: dword when: - rule_18_5_21_1 From 509d429a447a06d8b03fa28a00112a4c8a1ad269 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 13:24:57 -0400 Subject: [PATCH 04/13] fix for issue #17 Signed-off-by: George Nalen --- tasks/section18.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section18.yml b/tasks/section18.yml index 1cafa6f..a7c2056 100644 --- a/tasks/section18.yml +++ b/tasks/section18.yml @@ -2352,7 +2352,7 @@ - name: "SCORED | 18.9.77.13.3.1 | PATCH | L1 Ensure Prevent users and apps from accessing dangerous websites is set to Enabled Block" win_regedit: path: HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection - name: ExploitGuard_ASR_Rules + name: EnableNetworkProtection data: 1 type: dword when: From dde5635b364729e264ff090772a9a121e69ce508 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 13:27:28 -0400 Subject: [PATCH 05/13] fix for issue #18 Signed-off-by: George Nalen --- tasks/section18.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section18.yml b/tasks/section18.yml index a7c2056..c01720a 100644 --- a/tasks/section18.yml +++ b/tasks/section18.yml @@ -2502,7 +2502,7 @@ win_regedit: path: HKLM:\Software\Policies\Microsoft\Windows\Powershell\Scriptblocklogging name: EnableScriptBlockLogging - data: 1 + data: 0 type: dword when: - rule_18_9_95_1 From e94a9d43d8c942782f2fd89e8e044312c4c15e36 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 13:30:12 -0400 Subject: [PATCH 06/13] fix for issue #19 Signed-off-by: George Nalen --- tasks/section18.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section18.yml b/tasks/section18.yml index c01720a..fc2c3e5 100644 --- a/tasks/section18.yml +++ b/tasks/section18.yml @@ -2516,7 +2516,7 @@ win_regedit: path: HKLM:\Software\Policies\Microsoft\Windows\Powershell\Transcription name: EnableTranscripting - data: 1 + data: 0 type: dword when: - rule_18_9_95_2 From 63b0424b4b88481b95090b2747473fe95a2d9669 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 13:41:46 -0400 Subject: [PATCH 07/13] fix for issue #21 Signed-off-by: George Nalen --- tasks/section18.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section18.yml b/tasks/section18.yml index fc2c3e5..b4b6cdf 100644 --- a/tasks/section18.yml +++ b/tasks/section18.yml @@ -1807,7 +1807,7 @@ - name: "SCORED | 18.9.26.3.1 | PATCH | L1 Ensure Setup Control Event Log behavior when the log file reaches its maximum size is set to Disabled" win_regedit: - path: HKLM:\Software\Policies\Microsoft\Windows\Eventlog\Application + path: HKLM:\Software\Policies\Microsoft\Windows\Eventlog\Setup name: Retention data: 0 type: string From 44891607e1504d2a993262dc9abb3796daa78898 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 13:48:49 -0400 Subject: [PATCH 08/13] fix for issue #23 Signed-off-by: George Nalen --- tasks/section18.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section18.yml b/tasks/section18.yml index b4b6cdf..2b4c964 100644 --- a/tasks/section18.yml +++ b/tasks/section18.yml @@ -1754,7 +1754,7 @@ path: HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application name: Retention data: 0 - type: dword + type: string when: - rule_18_9_26_1_1 tags: From d28346b41ab5202af177a282e9047342f37e8d7b Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 13:52:22 -0400 Subject: [PATCH 09/13] fix for issue #24 Signed-off-by: George Nalen --- tasks/section19.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/section19.yml b/tasks/section19.yml index e564c5d..1869611 100644 --- a/tasks/section19.yml +++ b/tasks/section19.yml @@ -143,14 +143,14 @@ win_regedit: path: HKU:\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments name: SaveZoneInformation - data: 3 + data: 2 type: dword - name: "SCORED | 19.7.4.1 | PATCH | L1 Ensure Do not preserve zone information in file attachments is set to Disabled" win_regedit: path: HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments name: SaveZoneInformation - data: 3 + data: 2 type: dword when: - rule_19_7_4_1 From 03acd02ed0b894b9703fc5001539cf68c0a24799 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 13:54:46 -0400 Subject: [PATCH 10/13] fix for issue #25 Signed-off-by: George Nalen --- tasks/section02.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section02.yml b/tasks/section02.yml index 7461587..b1d359a 100644 --- a/tasks/section02.yml +++ b/tasks/section02.yml @@ -874,7 +874,7 @@ win_regedit: path: HKLM:\System\Currentcontrolset\Services\Netlogon\Parameters name: disablepasswordchange - data: 1 + data: 0 type: dword when: - rule_2_3_6_4 From efb55ab12110c2dc510e90cd4a2cb1b3ccf777ae Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 14:01:36 -0400 Subject: [PATCH 11/13] fix for issue #26 Signed-off-by: George Nalen --- tasks/section02.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section02.yml b/tasks/section02.yml index b1d359a..b2bbce8 100644 --- a/tasks/section02.yml +++ b/tasks/section02.yml @@ -1378,7 +1378,7 @@ win_regedit: path: HKLM:\Software\Microsoft\Windows\Currentversion\Policies\System\Kerberos\Parameters name: SupportedEncryptionTypes - data: 2147483644 + data: 2147483640 type: dword when: - rule_2_3_11_4 From 31e618f7ea5df199d023c5ace2ce4156d0065280 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Thu, 8 Apr 2021 14:03:19 -0400 Subject: [PATCH 12/13] fix for issue #27 Signed-off-by: George Nalen --- tasks/section17.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section17.yml b/tasks/section17.yml index 634788d..f4c0695 100644 --- a/tasks/section17.yml +++ b/tasks/section17.yml @@ -278,7 +278,7 @@ register: rule_17_5_1_audit - name: "SCORED | 17.5.1 | PATCH | L1 Ensure Audit Account Lockout is set to include Failure" - win_shell: AuditPol /set /subcategory:"Account Lockout" /success:enable + win_shell: AuditPol /set /subcategory:"Account Lockout" /failure:enable when: "'Failure' not in rule_17_5_1_audit.stdout" when: - rule_17_5_1 From e2e1c516e1d2e4ff0abdc109d6bf36642c3d0da2 Mon Sep 17 00:00:00 2001 From: George Nalen Date: Mon, 12 Apr 2021 08:46:50 -0400 Subject: [PATCH 13/13] fix for issue #28 Signed-off-by: George Nalen --- tasks/section09.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/section09.yml b/tasks/section09.yml index d2dd2da..4901180 100644 --- a/tasks/section09.yml +++ b/tasks/section09.yml @@ -43,7 +43,7 @@ win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile name: DisableNotifications - data: 0 + data: 1 type: dword when: - rule_9_1_4 @@ -154,7 +154,7 @@ win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile name: DisableNotifications - data: 0 + data: 1 type: dword when: - rule_9_2_4 @@ -265,7 +265,7 @@ win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile name: DisableNotifications - data: 0 + data: 1 type: dword when: - rule_9_3_4