11885 lines
400 KiB
PowerShell
11885 lines
400 KiB
PowerShell
# Office root folder
|
|
$officePaths = @(
|
|
# Office 365 / 2019 / 2021 (the standard install paths)
|
|
"C:\Program Files\Microsoft Office\root\Office16",
|
|
"C:\Program Files (x86)\Microsoft Office\root\Office16"
|
|
|
|
# Office 2016 (MSI)
|
|
"C:\Program Files\Microsoft Office\Office16",
|
|
"C:\Program Files (x86)\Microsoft Office\Office16",
|
|
|
|
# Office 2016 (x32 MSI on x64 OS)
|
|
"C:\Program Files (x86)\Microsoft Office\root\Office16",
|
|
"C:\Program Files (x86)\Microsoft Office\Office16\",
|
|
|
|
# Office 2016 (x64 MSI on x64 OS)
|
|
"C:\Program Files\Microsoft Office\Office16\"
|
|
)
|
|
|
|
# Mapping of applications to exe names
|
|
$exeMap = @{
|
|
"Groove" = "GROOVE.EXE"
|
|
"Excel" = "EXCEL.EXE"
|
|
"Publisher" = "MSPUB.EXE"
|
|
"PowerPoint" = "POWERPNT.EXE"
|
|
"PowerPoint Viewer" = "PPTVIEW.EXE"
|
|
"Project" = "WINPROJ.EXE"
|
|
"Word" = "WINWORD.EXE"
|
|
"Outlook" = "OUTLOOK.EXE"
|
|
"SharePoint Designer" = "SPDESIGN.EXE"
|
|
"Expression Web" = "EXPRWD.EXE"
|
|
"Access" = "MSACCESS.EXE"
|
|
"OneNote" = "ONENOTE.EXE"
|
|
"MS Script Editor" = "MSE7.EXE"
|
|
"Visio" = "VISIO.EXE"
|
|
|
|
}
|
|
|
|
# Check if any Office installation path exists -> if not existend, then Office is not installed
|
|
$OfficeInstalled = $false
|
|
foreach ($path in $officePaths) {
|
|
if (Test-Path $path) {
|
|
$OfficeInstalled = $true
|
|
break
|
|
}
|
|
}
|
|
|
|
# Determine which Office apps are installed
|
|
$installedOfficeApps = @{}
|
|
|
|
if ($OfficeInstalled) {
|
|
foreach ($app in $exeMap.Keys) {
|
|
foreach ($path in $officePaths) {
|
|
$exePath = Join-Path $path $exeMap[$app]
|
|
if (Test-Path $exePath) {
|
|
$installedOfficeApps[$app] = $true
|
|
break
|
|
}
|
|
}
|
|
if (-not $installedOfficeApps.ContainsKey($app)) {
|
|
$installedOfficeApps[$app] = $false
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
Write-Warning "Office could not be found on this system."
|
|
Write-Warning "If Office is installed, please leave a comment in Issue-718 (https://github.com/fbprogmbh/Hardening-Audit-Tool-AuditTAP/issues/718) and provide requested information from 'What happened?' section."
|
|
}
|
|
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 A"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 B"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 C"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 D"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 E"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 F"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 G"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 H"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 I"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 J"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 K"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 L"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 M"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.1 N"
|
|
Task = "(L1) Ensure 'Add-on Management' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 A"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 B"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 C"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 D"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 E"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 F"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 G"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 H"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 I"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 J"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 K"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 L"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 M"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.2 N"
|
|
Task = "(L1) Ensure 'Bind to object' is set to 'Enabled' (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 A"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled'"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 B"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 C"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 D"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 E"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 F"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 G"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 H"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 I"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 J"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 K"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 L"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 M"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.3 N"
|
|
Task = "(L1) Ensure 'Consistent Mime Handling' is set to 'Enabled' (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 A"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 B"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 C"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 D"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 E"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 F"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 G"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 H"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 I"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 J"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 K"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 L"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 M"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.4 N"
|
|
Task = "(L1) Ensure 'Disable user name and password' is set to 'Enabled' (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 A"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 B"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 C"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 D"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 E"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 F"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 G"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 H"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 I"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 J"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 K"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 L"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 M"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.5 N"
|
|
Task = "(L1) Ensure 'Information Bar' is set to 'Enabled' (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 A"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneDrive for Business"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 B"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 C"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 D"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 E"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 F"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 G"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 H"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 I"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 J"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 K"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 L"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 M"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.6 N"
|
|
Task = "(L1) Ensure 'Local Machine Zone Lockdown Security' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 A"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 B"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 C"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 D"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 E"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 F"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 G"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 H"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 I"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 J"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 K"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 L"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 M"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.7 N"
|
|
Task = "(L1) Ensure 'Mime Sniffing Safety Feature' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 A"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 B"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 C"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 D"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 E"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 F"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 G"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 H"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 I"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 J"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 K"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 L"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 M"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.8 N"
|
|
Task = "(L1) Ensure 'Navigate URL' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 A"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 B"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 C"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 D"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 E"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 F"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 G"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 H"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 I"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 J"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 K"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 L"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 M"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.9 N"
|
|
Task = "(L1) Ensure 'Object Caching Protection' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 A"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 B"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 C"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 D"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 E"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 F"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 G"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 H"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 I"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 J"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 K"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 L"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 M"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.10 N"
|
|
Task = "(L1) Ensure 'Protection From Zone Elevation' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 A"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 B"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 C"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 D"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 E"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 F"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 G"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 H"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 I"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 J"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 K"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 L"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 M"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.11 N"
|
|
Task = "(L1) Ensure 'Restrict ActiveX Install' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 A"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 B"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 C"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 D"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 E"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 F"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 G"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 H"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 I"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 J"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 K"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 L"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 M"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.12 N"
|
|
Task = "(L1) Ensure 'Restrict File Download' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 A"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 B"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 C"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 D"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 E"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 F"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 G"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 H"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 I"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 J"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 K"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 L"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 M"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.13 N"
|
|
Task = "(L1) Ensure 'Saved from URL' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 A"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (groove.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Groove"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "groove.exe" `
|
|
| Select-Object -ExpandProperty "groove.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 B"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 C"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 D"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 E"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (pptview.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint Viewer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "pptview.exe" `
|
|
| Select-Object -ExpandProperty "pptview.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 F"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 G"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 H"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 I"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 J"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (spDesign.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["SharePoint Designer"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "spDesign.exe" `
|
|
| Select-Object -ExpandProperty "spDesign.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 K"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (exprwd.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Expression Web"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "exprwd.exe" `
|
|
| Select-Object -ExpandProperty "exprwd.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 L"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 M"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (onent.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "onent.exe" `
|
|
| Select-Object -ExpandProperty "onent.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.4.1.14 N"
|
|
Task = "(L1) Ensure 'Scripted Window Security Restrictions' is set to Enabled (mse7.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["MS Script Editor"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" `
|
|
-Name "mse7.exe" `
|
|
| Select-Object -ExpandProperty "mse7.exe"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.5.1"
|
|
Task = "(L1) Ensure 'Enable Automatic Updates' is set to Enabled"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\software\policies\microsoft\office\16.0\common\officeupdate" `
|
|
-Name "enableautomaticupdates" `
|
|
| Select-Object -ExpandProperty "enableautomaticupdates"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.1.5.2"
|
|
Task = "(L1) Ensure 'Hide Option to Enable or Disable Updates' is set to Enabled"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\software\policies\microsoft\office\16.0\common\officeupdate" `
|
|
-Name "hideenabledisableupdates" `
|
|
| Select-Object -ExpandProperty "hideenabledisableupdates"
|
|
|
|
if (($regValue -ne 1)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.1 A"
|
|
Task = "(L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation'"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\Common\COM Compatibility" `
|
|
-Name "Comment" `
|
|
| Select-Object -ExpandProperty "Comment"
|
|
|
|
if ($regValue -ne "Block all Flash activation") {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: Block all Flash activation"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.1 B"
|
|
Task = "(L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation' (ActivationFilterOverride)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}" `
|
|
-Name "ActivationFilterOverride" `
|
|
| Select-Object -ExpandProperty "ActivationFilterOverride"
|
|
|
|
if (($regValue -ne 0)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 0"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.1 C"
|
|
Task = "(L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation' (Compatibility Flags)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}" `
|
|
-Name "Compatibility Flags" `
|
|
| Select-Object -ExpandProperty "Compatibility Flags"
|
|
|
|
if (($regValue -ne 1024)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1024"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.1 D"
|
|
Task = "(L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation' (ActivationFilterOverride)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}" `
|
|
-Name "ActivationFilterOverride" `
|
|
| Select-Object -ExpandProperty "ActivationFilterOverride"
|
|
|
|
if (($regValue -ne 0)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 0"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.1 E"
|
|
Task = "(L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation' (Compatibility Flags)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}" `
|
|
-Name "Compatibility Flags" `
|
|
| Select-Object -ExpandProperty "Compatibility Flags"
|
|
|
|
if (($regValue -ne 1024)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1024"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.1 F"
|
|
Task = "(L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation' (ActivationFilterOverride, WOW6432)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}" `
|
|
-Name "ActivationFilterOverride" `
|
|
| Select-Object -ExpandProperty "ActivationFilterOverride"
|
|
|
|
if (($regValue -ne 0)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 0"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.1 G"
|
|
Task = "(L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation' (Compatibility Flags, WOW6432)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}" `
|
|
-Name "Compatibility Flags" `
|
|
| Select-Object -ExpandProperty "Compatibility Flags"
|
|
|
|
if (($regValue -ne 1024)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1024"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.1 H"
|
|
Task = "(L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation' (ActivationFilterOverride, WOW6432)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}" `
|
|
-Name "ActivationFilterOverride" `
|
|
| Select-Object -ExpandProperty "ActivationFilterOverride"
|
|
|
|
if (($regValue -ne 0)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 0"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.1 I"
|
|
Task = "(L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation' (Compatibility Flags, WOW6432)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{D27CDB70-AE6D-11CF-96B8-444553540000}" `
|
|
-Name "Compatibility Flags" `
|
|
| Select-Object -ExpandProperty "Compatibility Flags"
|
|
|
|
if (($regValue -ne 1024)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 1024"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.2 A"
|
|
Task = "(L1) Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled' (excel.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Excel"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\internet explorer\main\featurecontrol\FEATURE_RESTRICT_LEGACY_JSCRIPT_PER_SECURITY_ZONE" `
|
|
-Name "excel.exe" `
|
|
| Select-Object -ExpandProperty "excel.exe"
|
|
|
|
if (($regValue -ne 69632)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 69632"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.2 B"
|
|
Task = "(L1) Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled' (msaccess.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Access"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\internet explorer\main\featurecontrol\FEATURE_RESTRICT_LEGACY_JSCRIPT_PER_SECURITY_ZONE" `
|
|
-Name "msaccess.exe" `
|
|
| Select-Object -ExpandProperty "msaccess.exe"
|
|
|
|
if (($regValue -ne 69632)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 69632"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.2 C"
|
|
Task = "(L1) Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled' (mspub.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Publisher"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\internet explorer\main\featurecontrol\FEATURE_RESTRICT_LEGACY_JSCRIPT_PER_SECURITY_ZONE" `
|
|
-Name "mspub.exe" `
|
|
| Select-Object -ExpandProperty "mspub.exe"
|
|
|
|
if (($regValue -ne 69632)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 69632"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.2 D"
|
|
Task = "(L1) Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled' (onenote.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["OneNote"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\internet explorer\main\featurecontrol\FEATURE_RESTRICT_LEGACY_JSCRIPT_PER_SECURITY_ZONE" `
|
|
-Name "onenote.exe" `
|
|
| Select-Object -ExpandProperty "onenote.exe"
|
|
|
|
if (($regValue -ne 69632)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 69632"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.2 E"
|
|
Task = "(L1) Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled' (outlook.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Outlook"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\internet explorer\main\featurecontrol\FEATURE_RESTRICT_LEGACY_JSCRIPT_PER_SECURITY_ZONE" `
|
|
-Name "outlook.exe" `
|
|
| Select-Object -ExpandProperty "outlook.exe"
|
|
|
|
if (($regValue -ne 69632)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 69632"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.2 F"
|
|
Task = "(L1) Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled' (powerpnt.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["PowerPoint"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\internet explorer\main\featurecontrol\FEATURE_RESTRICT_LEGACY_JSCRIPT_PER_SECURITY_ZONE" `
|
|
-Name "powerpnt.exe" `
|
|
| Select-Object -ExpandProperty "powerpnt.exe"
|
|
|
|
if (($regValue -ne 69632)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 69632"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.2 G"
|
|
Task = "(L1) Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled' (visio.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Visio"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\internet explorer\main\featurecontrol\FEATURE_RESTRICT_LEGACY_JSCRIPT_PER_SECURITY_ZONE" `
|
|
-Name "visio.exe" `
|
|
| Select-Object -ExpandProperty "visio.exe"
|
|
|
|
if (($regValue -ne 69632)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 69632"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.2 H"
|
|
Task = "(L1) Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled' (winproj.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Project"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\internet explorer\main\featurecontrol\FEATURE_RESTRICT_LEGACY_JSCRIPT_PER_SECURITY_ZONE" `
|
|
-Name "winproj.exe" `
|
|
| Select-Object -ExpandProperty "winproj.exe"
|
|
|
|
if (($regValue -ne 69632)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 69632"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "1.3.2 I"
|
|
Task = "(L1) Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled' (winword.exe)"
|
|
Test = {
|
|
# new logic:
|
|
# - if no Office installed at all -> skip test
|
|
# - if Office installed but app not installed -> skip test
|
|
# - else run test as normal
|
|
|
|
if (-not $OfficeInstalled) {
|
|
return @{
|
|
Message = "No Office installation detected, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
elseif (-not $installedOfficeApps["Word"]) {
|
|
return @{
|
|
Message = "Application not installed, skipping test."
|
|
Status = "None"
|
|
}
|
|
}
|
|
else {
|
|
try {
|
|
$regValue = Get-ItemProperty -ErrorAction Stop `
|
|
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\internet explorer\main\featurecontrol\FEATURE_RESTRICT_LEGACY_JSCRIPT_PER_SECURITY_ZONE" `
|
|
-Name "winword.exe" `
|
|
| Select-Object -ExpandProperty "winword.exe"
|
|
|
|
if (($regValue -ne 69632)) {
|
|
return @{
|
|
Message = "Registry value is '$regValue'. Expected: x == 69632"
|
|
Status = "False"
|
|
}
|
|
}
|
|
}
|
|
catch [System.Management.Automation.PSArgumentException] {
|
|
return @{
|
|
Message = "Registry value not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
catch [System.Management.Automation.ItemNotFoundException] {
|
|
return @{
|
|
Message = "Registry key not found."
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
}
|