[AuditTest] @{ Id = "1.1.1" Task = "(L1) Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RemoteAccessHostRequireCurtain" ` | Select-Object -ExpandProperty "RemoteAccessHostRequireCurtain" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.1.2" Task = "(L1) Ensure 'Allow gnubby authentication for remote access hosts' is set to 'Disabled'." Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RemoteAccessHostAllowGnubbyAuth" ` | Select-Object -ExpandProperty "RemoteAccessHostAllowGnubbyAuth" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.1.3" Task = "(L1) Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RemoteAccessHostAllowUiAccessForRemoteAssistance" ` | Select-Object -ExpandProperty "RemoteAccessHostAllowUiAccessForRemoteAssistance" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.2" Task = "(L1) Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "BackgroundModeEnabled" ` | Select-Object -ExpandProperty "BackgroundModeEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.3" Task = "(L1) Ensure 'Ask where to save each file before downloading' is set to 'Enabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "PromptForDownloadLocation" ` | Select-Object -ExpandProperty "PromptForDownloadLocation" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.4" Task = "(L1) Ensure 'Disable saving browser history' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "SavingBrowserHistoryDisabled" ` | Select-Object -ExpandProperty "SavingBrowserHistoryDisabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.5" Task = "(L1) Ensure 'Enable HTTP/0.9 support on non-default ports' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "Http09OnNonDefaultPortsEnabled" ` | Select-Object -ExpandProperty "Http09OnNonDefaultPortsEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.6" Task = "(L1) Ensure 'Enable component updates in Google Chrome' is set to 'Enabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "ComponentUpdatesEnabled" ` | Select-Object -ExpandProperty "ComponentUpdatesEnabled" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.7" Task = "(L1) Ensure 'Enable deprecated web platform features for a limited time' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\EnableDeprecatedWebPlatformFeatures" ` -Name "\d+" ` | Select-Object -ExpandProperty "\d+" return @{ Message = "Registry value found." Status = "False" } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Compliant. Registry value not found." Status = "True" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Compliant. Registry key not found." Status = "True" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.8" Task = "(L1) Ensure 'Enable third party software injection blocking' is set to 'Enabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "ThirdPartyBlockingEnabled" ` | Select-Object -ExpandProperty "ThirdPartyBlockingEnabled" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.9" Task = "(L1) Ensure 'Extend Flash content setting to all content' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RunAllFlashInAllowMode" ` | Select-Object -ExpandProperty "RunAllFlashInAllowMode" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.10" Task = "(L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "SuppressUnsupportedOSWarning" ` | Select-Object -ExpandProperty "SuppressUnsupportedOSWarning" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.11" Task = "(L1) Ensure 'Whether online OCSP/CRL checks are performed' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "EnableOnlineRevocationChecks" ` | Select-Object -ExpandProperty "EnableOnlineRevocationChecks" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.12" Task = "(L1) Ensure 'Allow WebDriver to Override Incompatible Policies' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "WebDriverOverridesIncompatiblePolicies" ` | Select-Object -ExpandProperty "WebDriverOverridesIncompatiblePolicies" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.13" Task = "(L1) Ensure 'Control SafeSites adult content filtering' is set to 'Enabled' with value 'Do not filter sites for adult content' specified" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "SafeSitesFilterBehavior" ` | Select-Object -ExpandProperty "SafeSitesFilterBehavior" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.14" Task = "(L1) Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin" ` -Name "\d+" ` | Select-Object -ExpandProperty "\d+" return @{ Message = "Registry value found." Status = "False" } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Compliant. Registry value not found." Status = "True" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Compliant. Registry key not found." Status = "True" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.15" Task = "(L1) Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas" ` -Name "\d+" ` | Select-Object -ExpandProperty "\d+" return @{ Message = "Registry value found." Status = "False" } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Compliant. Registry value not found." Status = "True" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Compliant. Registry key not found." Status = "True" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.16" Task = "(L1) Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls" ` -Name "\d+" ` | Select-Object -ExpandProperty "\d+" return @{ Message = "Registry value found." Status = "False" } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Compliant. Registry value not found." Status = "True" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Compliant. Registry key not found." Status = "True" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "1.17" Task = "(L1) Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas" ` -Name "\d+" ` | Select-Object -ExpandProperty "\d+" return @{ Message = "Registry value found." Status = "False" } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Compliant. Registry value not found." Status = "True" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Compliant. Registry key not found." Status = "True" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.1" Task = "(L1) Ensure 'Default Flash Setting' is set to 'Enabled' (Click to Play)" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "DefaultPluginsSetting" ` | Select-Object -ExpandProperty "DefaultPluginsSetting" if ($regValue -ne 3) { return @{ Message = "Registry value is '$regValue'. Expected: 3" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.2" Task = "(L2) Ensure 'Default notification setting' is set to 'Enabled' with 'Do not allow any site to show desktop notifications'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "DefaultNotificationsSetting" ` | Select-Object -ExpandProperty "DefaultNotificationsSetting" if ($regValue -ne 2) { return @{ Message = "Registry value is '$regValue'. Expected: 2" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.3" Task = "(L2) Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled' with 'Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "DefaultWebBluetoothGuardSetting" ` | Select-Object -ExpandProperty "DefaultWebBluetoothGuardSetting" if ($regValue -ne 2) { return @{ Message = "Registry value is '$regValue'. Expected: 2" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.4" Task = "(L2) Ensure 'Control use of the WebUSB API' is set to 'Enabled' with 'Do not allow any site to request access to USB devices via the WebUSB API'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "DefaultWebUsbGuardSetting" ` | Select-Object -ExpandProperty "DefaultWebUsbGuardSetting" if ($regValue -ne 2) { return @{ Message = "Registry value is '$regValue'. Expected: 2" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.5" Task = "(L1) Ensure 'Configure extension installation blacklist' is set to 'Enabled' (`"*`" for all extensions)" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist" ` -Name "1" ` | Select-Object -ExpandProperty "1" if ($regValue -ne "*") { return @{ Message = "Registry value is '$regValue'. Expected: *" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.6.1" Task = "(L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the values 'extension' specified" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionAllowedTypes" ` -Name "1" ` | Select-Object -ExpandProperty "1" if ($regValue -ne "extension") { return @{ Message = "Registry value is '$regValue'. Expected: extension" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.6.2" Task = "(L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the value 'hosted_app'specified" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionAllowedTypes" ` -Name "2" ` | Select-Object -ExpandProperty "2" if ($regValue -ne "hosted_app") { return @{ Message = "Registry value is '$regValue'. Expected: hosted_app" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.6.3" Task = "(L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the value 'platform_app' specified" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionAllowedTypes" ` -Name "3" ` | Select-Object -ExpandProperty "3" if ($regValue -ne "platform_app") { return @{ Message = "Registry value is '$regValue'. Expected: platform_app" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.6.4" Task = "(L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the value 'theme'specified" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionAllowedTypes" ` -Name "4" ` | Select-Object -ExpandProperty "4" if ($regValue -ne "theme") { return @{ Message = "Registry value is '$regValue'. Expected: theme" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.7" Task = "(L2) Ensure 'Configure native messaging blacklist' is set to 'Enabled' (`"*`" for all messaging applications)" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\NativeMessagingBlacklist" ` -Name "1" ` | Select-Object -ExpandProperty "1" if ($regValue -ne "*") { return @{ Message = "Registry value is '$regValue'. Expected: *" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.8" Task = "(L1) Ensure 'Enable saving passwords to the password manager' is Configured" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "PasswordManagerEnabled" ` | Select-Object -ExpandProperty "PasswordManagerEnabled" if (($regValue -ne 1) -and ($regValue -ne 0)) { return @{ Message = "Registry value is '$regValue'. Expected: x == 1 or x == 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.9" Task = "(L1) Ensure 'Supported authentication schemes' is set to 'Enabled' (ntlm, negotiate)" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "AuthSchemes" ` | Select-Object -ExpandProperty "AuthSchemes" if ($regValue -ne "ntlm, negotiate") { return @{ Message = "Registry value is '$regValue'. Expected: ntlm, negotiate" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.10" Task = "(L1) Ensure 'Choose how to specify proxy server settings' is not set to 'Enabled' with 'Auto detect proxy settings'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "ProxyMode" ` | Select-Object -ExpandProperty "ProxyMode" if ($regValue -ne "auto_detect") { return @{ Message = "Registry value is '$regValue'. Expected: auto_detect" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.11" Task = "(L1) Ensure 'Allow running plugins that are outdated' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "AllowOutdatedPlugins" ` | Select-Object -ExpandProperty "AllowOutdatedPlugins" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.12" Task = "(L1) Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "CloudPrintProxyEnabled" ` | Select-Object -ExpandProperty "CloudPrintProxyEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.13" Task = "(L1) Ensure 'Enable Site Isolation for every site' is set to 'Enabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "SitePerProcess" ` | Select-Object -ExpandProperty "SitePerProcess" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.14" Task = "(L1) Ensure 'Allow download restrictions' is set to 'Enabled' with 'Block dangerous downloads' specified." Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "DownloadRestrictions" ` | Select-Object -ExpandProperty "DownloadRestrictions" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.15" Task = "(L1) Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "DisableSafeBrowsingProceedAnyway" ` | Select-Object -ExpandProperty "DisableSafeBrowsingProceedAnyway" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.16" Task = "(L1) Ensure 'Notify a user that a browser relaunch or device restart is recommended or required' is set to 'Enabled' with 'Show a recurring prompt to the user indication that a relaunch is required' specified" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RelaunchNotification" ` | Select-Object -ExpandProperty "RelaunchNotification" if ($regValue -ne 2) { return @{ Message = "Registry value is '$regValue'. Expected: 2" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.17" Task = "(L1) Ensure 'Set the time period for update notifications' is set to 'Enabled' with '86400000' (1 day) specified" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RelaunchNotificationPeriod" ` | Select-Object -ExpandProperty "RelaunchNotificationPeriod" if (($regValue -gt 86400000)) { return @{ Message = "Registry value is '$regValue'. Expected: x <= 86400000" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.18" Task = "(L2) Ensure 'Whether online OCSP/CRL checks are required for local trust anchors' is set to 'Enabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RequireOnlineRevocationChecksForLocalAnchors" ` | Select-Object -ExpandProperty "RequireOnlineRevocationChecksForLocalAnchors" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.19" Task = "(L1) Ensure 'Enable Chrome Cleanup on Windows' is Configured" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "ChromeCleanupEnabled" ` | Select-Object -ExpandProperty "ChromeCleanupEnabled" if (($regValue -ne 0) -and ($regValue -ne 1)) { return @{ Message = "Registry value is '$regValue'. Expected: x == 0 or x == 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.20" Task = "(L2) Ensure 'Use built-in DNS client' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "BuiltInDnsClientEnabled" ` | Select-Object -ExpandProperty "BuiltInDnsClientEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "2.21" Task = "(L1) Ensure 'Update policy override' is set to 'Enabled' with 'Always allow updates (recommended)' or 'Automatic silent updates' specified" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update" ` -Name "Update{8A69D345-D564-463C-AFF1-A69D9E530F96}" ` | Select-Object -ExpandProperty "Update{8A69D345-D564-463C-AFF1-A69D9E530F96}" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.1" Task = "(L2) Ensure 'Default cookies setting' is set to 'Enabled' (Keep cookies for the duration of the session)" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "DefaultCookiesSetting" ` | Select-Object -ExpandProperty "DefaultCookiesSetting" if ($regValue -ne 4) { return @{ Message = "Registry value is '$regValue'. Expected: 4" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.2" Task = "(L1) Ensure 'Default geolocation setting' is set to 'Enabled' with 'Do not allow any site to track the users' physical location'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "DefaultGeolocationSetting" ` | Select-Object -ExpandProperty "DefaultGeolocationSetting" if ($regValue -ne 2) { return @{ Message = "Registry value is '$regValue'. Expected: 2" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.3" Task = "(L1) Ensure 'Enable Google Cast' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "EnableMediaRouter" ` | Select-Object -ExpandProperty "EnableMediaRouter" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.4" Task = "(L1) Ensure 'Block third party cookies' is set to 'Enabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "BlockThirdPartyCookies" ` | Select-Object -ExpandProperty "BlockThirdPartyCookies" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.5" Task = "(L1) Ensure 'Enable reporting of usage and crash-related data' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "MetricsReportingEnabled" ` | Select-Object -ExpandProperty "MetricsReportingEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.6" Task = "(L1) Ensure 'Control how Chrome Cleanup reports data to Google' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "ChromeCleanupReportingEnabled" ` | Select-Object -ExpandProperty "ChromeCleanupReportingEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.7" Task = "(L1) Ensure 'Browser sign in settings' is set to 'Enabled' with 'Disabled browser sign-in' specified" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "BrowserSignin" ` | Select-Object -ExpandProperty "BrowserSignin" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.8" Task = "(L1) Ensure 'Enable Translate' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "TranslateEnabled" ` | Select-Object -ExpandProperty "TranslateEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.9" Task = "(L1) Ensure 'Enable network prediction' is set to 'Enabled' with 'Do not predict actions on any network connection' selected" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "NetworkPredictionOptions" ` | Select-Object -ExpandProperty "NetworkPredictionOptions" if ($regValue -ne 2) { return @{ Message = "Registry value is '$regValue'. Expected: 2" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.10" Task = "(L1) Ensure 'Enable search suggestions' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "SearchSuggestEnabled" ` | Select-Object -ExpandProperty "SearchSuggestEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.11" Task = "(L1) Ensure 'Enable or disable spell checking web service' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "SpellCheckServiceEnabled" ` | Select-Object -ExpandProperty "SpellCheckServiceEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.12" Task = "(L1) Ensure 'Enable alternate error pages' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "AlternateErrorPagesEnabled" ` | Select-Object -ExpandProperty "AlternateErrorPagesEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.13" Task = "(L1) Ensure 'Disable synchronization of data with Google' is set to 'Enabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "SyncDisabled" ` | Select-Object -ExpandProperty "SyncDisabled" if ($regValue -ne 1) { return @{ Message = "Registry value is '$regValue'. Expected: 1" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.14" Task = "(L1) Ensure 'Enable Safe Browsing for trusted sources' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "SafeBrowsingForTrustedSourcesEnabled" ` | Select-Object -ExpandProperty "SafeBrowsingForTrustedSourcesEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.15" Task = "(L1) Ensure 'Enable URL-keyed anonymized data collection' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "UrlKeyedAnonymizedDataCollectionEnabled" ` | Select-Object -ExpandProperty "UrlKeyedAnonymizedDataCollectionEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "3.16" Task = "(L1) Ensure 'Enable deleting browser and download history' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "AllowDeletingBrowserHistory" ` | Select-Object -ExpandProperty "AllowDeletingBrowserHistory" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "4.1.1" Task = "(L1) Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RemoteAccessHostFirewallTraversal" ` | Select-Object -ExpandProperty "RemoteAccessHostFirewallTraversal" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "4.1.2" Task = "(L1) Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RemoteAccessHostAllowClientPairing" ` | Select-Object -ExpandProperty "RemoteAccessHostAllowClientPairing" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "4.1.3" Task = "(L1) Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'." Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "RemoteAccessHostAllowRelayedConnection" ` | Select-Object -ExpandProperty "RemoteAccessHostAllowRelayedConnection" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "4.1.4" Task = "(L1) Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\RemoteAccessHostClientDomainList" ` -Name "\d+" ` | Select-Object -ExpandProperty "\d+" if ($regValue -notmatch ".*") { return @{ Message = "Registry value is '$regValue'. Expected: Matching expression '.*'" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "5.1" Task = "(L1) Ensure 'Enable submission of documents to Google Cloud print' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "CloudPrintSubmitEnabled" ` | Select-Object -ExpandProperty "CloudPrintSubmitEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "5.2" Task = "(L1) Ensure 'Import saved passwords from default browser on first run' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "ImportSavedPasswords" ` | Select-Object -ExpandProperty "ImportSavedPasswords" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "5.3" Task = "(L1) Ensure 'Enable AutoFill for credit cards' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "AutofillCreditCardEnabled" ` | Select-Object -ExpandProperty "AutofillCreditCardEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "5.4" Task = "(L1) Ensure 'Enable AutoFill for addresses' is set to 'Disabled'" Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" ` -Name "AutofillAddressEnabled" ` | Select-Object -ExpandProperty "AutofillAddressEnabled" if ($regValue -ne 0) { return @{ Message = "Registry value is '$regValue'. Expected: 0" Status = "False" } } } catch [System.Management.Automation.PSArgumentException] { return @{ Message = "Registry value not found." Status = "False" } } catch [System.Management.Automation.ItemNotFoundException] { return @{ Message = "Registry key not found." Status = "False" } } return @{ Message = "Compliant" Status = "True" } } }