[AuditTest] @{ Id = "AccountPolicy-001" Task = "Ensure 'MinimumPasswordAge' is set to '1'." Test = { $securityPolicy = Get-AuditResource "WindowsSecurityPolicy" $setPolicy = $securityPolicy['System Access']["MinimumPasswordAge"] if ($null -eq $setPolicy) { return @{ Message = "Currently not set." Status = "False" } } $setPolicy = [long]$setPolicy if ($setPolicy -ne 1) { return @{ Message = "'MinimumPasswordAge' currently set to: $setPolicy. Expected: 1" Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "AccountPolicy-002" Task = "Ensure 'MaximumPasswordAge' is set to '60'." Test = { $securityPolicy = Get-AuditResource "WindowsSecurityPolicy" $setPolicy = $securityPolicy['System Access']["MaximumPasswordAge"] if ($null -eq $setPolicy) { return @{ Message = "Currently not set." Status = "False" } } $setPolicy = [long]$setPolicy if ($setPolicy -ne 60) { return @{ Message = "'MaximumPasswordAge' currently set to: $setPolicy. Expected: 60" Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "AccountPolicy-003" Task = "Ensure 'MinimumPasswordLength' is set to '14'." Test = { $securityPolicy = Get-AuditResource "WindowsSecurityPolicy" $setPolicy = $securityPolicy['System Access']["MinimumPasswordLength"] if ($null -eq $setPolicy) { return @{ Message = "Currently not set." Status = "False" } } $setPolicy = [long]$setPolicy if ($setPolicy -ne 14) { return @{ Message = "'MinimumPasswordLength' currently set to: $setPolicy. Expected: 14" Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "AccountPolicy-004" Task = "Ensure 'PasswordComplexity' is set to '1'." Test = { $securityPolicy = Get-AuditResource "WindowsSecurityPolicy" $setPolicy = $securityPolicy['System Access']["PasswordComplexity"] if ($null -eq $setPolicy) { return @{ Message = "Currently not set." Status = "False" } } $setPolicy = [long]$setPolicy if ($setPolicy -ne 1) { return @{ Message = "'PasswordComplexity' currently set to: $setPolicy. Expected: 1" Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "AccountPolicy-005" Task = "Ensure 'PasswordHistorySize' is set to '24'." Test = { $securityPolicy = Get-AuditResource "WindowsSecurityPolicy" $setPolicy = $securityPolicy['System Access']["PasswordHistorySize"] if ($null -eq $setPolicy) { return @{ Message = "Currently not set." Status = "False" } } $setPolicy = [long]$setPolicy if ($setPolicy -ne 24) { return @{ Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: 24" Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "AccountPolicy-006" Task = "Ensure 'LockoutBadCount' is set to '10'." Test = { $securityPolicy = Get-AuditResource "WindowsSecurityPolicy" $setPolicy = $securityPolicy['System Access']["LockoutBadCount"] if ($null -eq $setPolicy) { return @{ Message = "Currently not set." Status = "False" } } $setPolicy = [long]$setPolicy if ($setPolicy -ne 10) { return @{ Message = "'LockoutBadCount' currently set to: $setPolicy. Expected: 10" Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "AccountPolicy-007" Task = "Ensure 'ResetLockoutCount' is set to '15'." Test = { $securityPolicy = Get-AuditResource "WindowsSecurityPolicy" $setPolicy = $securityPolicy['System Access']["ResetLockoutCount"] if ($null -eq $setPolicy) { return @{ Message = "Currently not set." Status = "False" } } $setPolicy = [long]$setPolicy if ($setPolicy -ne 15) { return @{ Message = "'ResetLockoutCount' currently set to: $setPolicy. Expected: 15" Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "AccountPolicy-008" Task = "Ensure 'LockoutDuration' is set to '15'." Test = { $securityPolicy = Get-AuditResource "WindowsSecurityPolicy" $setPolicy = $securityPolicy['System Access']["LockoutDuration"] if ($null -eq $setPolicy) { return @{ Message = "Currently not set." Status = "False" } } $setPolicy = [long]$setPolicy if ($setPolicy -ne 15) { return @{ Message = "'LockoutDuration' currently set to: $setPolicy. Expected: 15" Status = "False" } } return @{ Message = "Compliant" Status = "True" } } } [AuditTest] @{ Id = "AccountPolicy-009" Task = "Ensure 'ClearTextPassword' is set to '0'." Test = { $securityPolicy = Get-AuditResource "WindowsSecurityPolicy" $setPolicy = $securityPolicy['System Access']["ClearTextPassword"] if ($null -eq $setPolicy) { return @{ Message = "Currently not set." Status = "False" } } $setPolicy = [long]$setPolicy if ($setPolicy -ne 0) { return @{ Message = "'ClearTextPassword' currently set to: $setPolicy. Expected: 0" Status = "False" } } return @{ Message = "Compliant" Status = "True" } } }