emily/atap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
404ee3fec442838b068a79df338bb5074947b599
atap/ATAPAuditor/AuditGroups/Google Chrome-CIS-2.0.0#RegistrySettings.ps1
T
emily 404ee3fec4 a
2026-05-11 09:15:08 +02:00

2403 lines
76 KiB
PowerShell
Raw Blame History

[AuditTest] @{
Id = "1.1.1"
Task = "(L1) Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RemoteAccessHostRequireCurtain" `
| Select-Object -ExpandProperty "RemoteAccessHostRequireCurtain"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.1.2"
Task = "(L1) Ensure 'Allow gnubby authentication for remote access hosts' is set to 'Disabled'."
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RemoteAccessHostAllowGnubbyAuth" `
| Select-Object -ExpandProperty "RemoteAccessHostAllowGnubbyAuth"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.1.3"
Task = "(L1) Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RemoteAccessHostAllowUiAccessForRemoteAssistance" `
| Select-Object -ExpandProperty "RemoteAccessHostAllowUiAccessForRemoteAssistance"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.2"
Task = "(L1) Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "BackgroundModeEnabled" `
| Select-Object -ExpandProperty "BackgroundModeEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.3"
Task = "(L1) Ensure 'Ask where to save each file before downloading' is set to 'Enabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "PromptForDownloadLocation" `
| Select-Object -ExpandProperty "PromptForDownloadLocation"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.4"
Task = "(L1) Ensure 'Disable saving browser history' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "SavingBrowserHistoryDisabled" `
| Select-Object -ExpandProperty "SavingBrowserHistoryDisabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.5"
Task = "(L1) Ensure 'Enable HTTP/0.9 support on non-default ports' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "Http09OnNonDefaultPortsEnabled" `
| Select-Object -ExpandProperty "Http09OnNonDefaultPortsEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.6"
Task = "(L1) Ensure 'Enable component updates in Google Chrome' is set to 'Enabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "ComponentUpdatesEnabled" `
| Select-Object -ExpandProperty "ComponentUpdatesEnabled"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.7"
Task = "(L1) Ensure 'Enable deprecated web platform features for a limited time' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\EnableDeprecatedWebPlatformFeatures" `
-Name "\d+" `
| Select-Object -ExpandProperty "\d+"
return @{
Message = "Registry value found."
Status = "False"
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Compliant. Registry value not found."
Status = "True"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Compliant. Registry key not found."
Status = "True"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.8"
Task = "(L1) Ensure 'Enable third party software injection blocking' is set to 'Enabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "ThirdPartyBlockingEnabled" `
| Select-Object -ExpandProperty "ThirdPartyBlockingEnabled"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.9"
Task = "(L1) Ensure 'Extend Flash content setting to all content' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RunAllFlashInAllowMode" `
| Select-Object -ExpandProperty "RunAllFlashInAllowMode"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.10"
Task = "(L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "SuppressUnsupportedOSWarning" `
| Select-Object -ExpandProperty "SuppressUnsupportedOSWarning"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.11"
Task = "(L1) Ensure 'Whether online OCSP/CRL checks are performed' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "EnableOnlineRevocationChecks" `
| Select-Object -ExpandProperty "EnableOnlineRevocationChecks"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.12"
Task = "(L1) Ensure 'Allow WebDriver to Override Incompatible Policies' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "WebDriverOverridesIncompatiblePolicies" `
| Select-Object -ExpandProperty "WebDriverOverridesIncompatiblePolicies"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.13"
Task = "(L1) Ensure 'Control SafeSites adult content filtering' is set to 'Enabled' with value 'Do not filter sites for adult content' specified"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "SafeSitesFilterBehavior" `
| Select-Object -ExpandProperty "SafeSitesFilterBehavior"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.14"
Task = "(L1) Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin" `
-Name "\d+" `
| Select-Object -ExpandProperty "\d+"
return @{
Message = "Registry value found."
Status = "False"
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Compliant. Registry value not found."
Status = "True"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Compliant. Registry key not found."
Status = "True"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.15"
Task = "(L1) Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas" `
-Name "\d+" `
| Select-Object -ExpandProperty "\d+"
return @{
Message = "Registry value found."
Status = "False"
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Compliant. Registry value not found."
Status = "True"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Compliant. Registry key not found."
Status = "True"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.16"
Task = "(L1) Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls" `
-Name "\d+" `
| Select-Object -ExpandProperty "\d+"
return @{
Message = "Registry value found."
Status = "False"
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Compliant. Registry value not found."
Status = "True"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Compliant. Registry key not found."
Status = "True"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "1.17"
Task = "(L1) Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas" `
-Name "\d+" `
| Select-Object -ExpandProperty "\d+"
return @{
Message = "Registry value found."
Status = "False"
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Compliant. Registry value not found."
Status = "True"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Compliant. Registry key not found."
Status = "True"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.1"
Task = "(L1) Ensure 'Default Flash Setting' is set to 'Enabled' (Click to Play)"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "DefaultPluginsSetting" `
| Select-Object -ExpandProperty "DefaultPluginsSetting"
if ($regValue -ne 3) {
return @{
Message = "Registry value is '$regValue'. Expected: 3"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.2"
Task = "(L2) Ensure 'Default notification setting' is set to 'Enabled' with 'Do not allow any site to show desktop notifications'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "DefaultNotificationsSetting" `
| Select-Object -ExpandProperty "DefaultNotificationsSetting"
if ($regValue -ne 2) {
return @{
Message = "Registry value is '$regValue'. Expected: 2"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.3"
Task = "(L2) Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled' with 'Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "DefaultWebBluetoothGuardSetting" `
| Select-Object -ExpandProperty "DefaultWebBluetoothGuardSetting"
if ($regValue -ne 2) {
return @{
Message = "Registry value is '$regValue'. Expected: 2"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.4"
Task = "(L2) Ensure 'Control use of the WebUSB API' is set to 'Enabled' with 'Do not allow any site to request access to USB devices via the WebUSB API'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "DefaultWebUsbGuardSetting" `
| Select-Object -ExpandProperty "DefaultWebUsbGuardSetting"
if ($regValue -ne 2) {
return @{
Message = "Registry value is '$regValue'. Expected: 2"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.5"
Task = "(L1) Ensure 'Configure extension installation blacklist' is set to 'Enabled' (`"*`" for all extensions)"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist" `
-Name "1" `
| Select-Object -ExpandProperty "1"
if ($regValue -ne "*") {
return @{
Message = "Registry value is '$regValue'. Expected: *"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.6.1"
Task = "(L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the values 'extension' specified"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionAllowedTypes" `
-Name "1" `
| Select-Object -ExpandProperty "1"
if ($regValue -ne "extension") {
return @{
Message = "Registry value is '$regValue'. Expected: extension"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.6.2"
Task = "(L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the value 'hosted_app'specified"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionAllowedTypes" `
-Name "2" `
| Select-Object -ExpandProperty "2"
if ($regValue -ne "hosted_app") {
return @{
Message = "Registry value is '$regValue'. Expected: hosted_app"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.6.3"
Task = "(L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the value 'platform_app' specified"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionAllowedTypes" `
-Name "3" `
| Select-Object -ExpandProperty "3"
if ($regValue -ne "platform_app") {
return @{
Message = "Registry value is '$regValue'. Expected: platform_app"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.6.4"
Task = "(L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the value 'theme'specified"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionAllowedTypes" `
-Name "4" `
| Select-Object -ExpandProperty "4"
if ($regValue -ne "theme") {
return @{
Message = "Registry value is '$regValue'. Expected: theme"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.7"
Task = "(L2) Ensure 'Configure native messaging blacklist' is set to 'Enabled' (`"*`" for all messaging applications)"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\NativeMessagingBlacklist" `
-Name "1" `
| Select-Object -ExpandProperty "1"
if ($regValue -ne "*") {
return @{
Message = "Registry value is '$regValue'. Expected: *"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.8"
Task = "(L1) Ensure 'Enable saving passwords to the password manager' is Configured"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "PasswordManagerEnabled" `
| Select-Object -ExpandProperty "PasswordManagerEnabled"
if (($regValue -ne 1) -and ($regValue -ne 0)) {
return @{
Message = "Registry value is '$regValue'. Expected: x == 1 or x == 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.9"
Task = "(L1) Ensure 'Supported authentication schemes' is set to 'Enabled' (ntlm, negotiate)"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "AuthSchemes" `
| Select-Object -ExpandProperty "AuthSchemes"
if ($regValue -ne "ntlm, negotiate") {
return @{
Message = "Registry value is '$regValue'. Expected: ntlm, negotiate"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.10"
Task = "(L1) Ensure 'Choose how to specify proxy server settings' is not set to 'Enabled' with 'Auto detect proxy settings'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "ProxyMode" `
| Select-Object -ExpandProperty "ProxyMode"
if ($regValue -ne "auto_detect") {
return @{
Message = "Registry value is '$regValue'. Expected: auto_detect"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.11"
Task = "(L1) Ensure 'Allow running plugins that are outdated' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "AllowOutdatedPlugins" `
| Select-Object -ExpandProperty "AllowOutdatedPlugins"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.12"
Task = "(L1) Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "CloudPrintProxyEnabled" `
| Select-Object -ExpandProperty "CloudPrintProxyEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.13"
Task = "(L1) Ensure 'Enable Site Isolation for every site' is set to 'Enabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "SitePerProcess" `
| Select-Object -ExpandProperty "SitePerProcess"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.14"
Task = "(L1) Ensure 'Allow download restrictions' is set to 'Enabled' with 'Block dangerous downloads' specified."
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "DownloadRestrictions" `
| Select-Object -ExpandProperty "DownloadRestrictions"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.15"
Task = "(L1) Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "DisableSafeBrowsingProceedAnyway" `
| Select-Object -ExpandProperty "DisableSafeBrowsingProceedAnyway"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.16"
Task = "(L1) Ensure 'Notify a user that a browser relaunch or device restart is recommended or required' is set to 'Enabled' with 'Show a recurring prompt to the user indication that a relaunch is required' specified"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RelaunchNotification" `
| Select-Object -ExpandProperty "RelaunchNotification"
if ($regValue -ne 2) {
return @{
Message = "Registry value is '$regValue'. Expected: 2"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.17"
Task = "(L1) Ensure 'Set the time period for update notifications' is set to 'Enabled' with '86400000' (1 day) specified"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RelaunchNotificationPeriod" `
| Select-Object -ExpandProperty "RelaunchNotificationPeriod"
if (($regValue -gt 86400000)) {
return @{
Message = "Registry value is '$regValue'. Expected: x <= 86400000"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.18"
Task = "(L2) Ensure 'Whether online OCSP/CRL checks are required for local trust anchors' is set to 'Enabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RequireOnlineRevocationChecksForLocalAnchors" `
| Select-Object -ExpandProperty "RequireOnlineRevocationChecksForLocalAnchors"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.19"
Task = "(L1) Ensure 'Enable Chrome Cleanup on Windows' is Configured"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "ChromeCleanupEnabled" `
| Select-Object -ExpandProperty "ChromeCleanupEnabled"
if (($regValue -ne 0) -and ($regValue -ne 1)) {
return @{
Message = "Registry value is '$regValue'. Expected: x == 0 or x == 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.20"
Task = "(L2) Ensure 'Use built-in DNS client' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "BuiltInDnsClientEnabled" `
| Select-Object -ExpandProperty "BuiltInDnsClientEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "2.21"
Task = "(L1) Ensure 'Update policy override' is set to 'Enabled' with 'Always allow updates (recommended)' or 'Automatic silent updates' specified"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update" `
-Name "Update{8A69D345-D564-463C-AFF1-A69D9E530F96}" `
| Select-Object -ExpandProperty "Update{8A69D345-D564-463C-AFF1-A69D9E530F96}"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.1"
Task = "(L2) Ensure 'Default cookies setting' is set to 'Enabled' (Keep cookies for the duration of the session)"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "DefaultCookiesSetting" `
| Select-Object -ExpandProperty "DefaultCookiesSetting"
if ($regValue -ne 4) {
return @{
Message = "Registry value is '$regValue'. Expected: 4"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.2"
Task = "(L1) Ensure 'Default geolocation setting' is set to 'Enabled' with 'Do not allow any site to track the users' physical location'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "DefaultGeolocationSetting" `
| Select-Object -ExpandProperty "DefaultGeolocationSetting"
if ($regValue -ne 2) {
return @{
Message = "Registry value is '$regValue'. Expected: 2"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.3"
Task = "(L1) Ensure 'Enable Google Cast' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "EnableMediaRouter" `
| Select-Object -ExpandProperty "EnableMediaRouter"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.4"
Task = "(L1) Ensure 'Block third party cookies' is set to 'Enabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "BlockThirdPartyCookies" `
| Select-Object -ExpandProperty "BlockThirdPartyCookies"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.5"
Task = "(L1) Ensure 'Enable reporting of usage and crash-related data' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "MetricsReportingEnabled" `
| Select-Object -ExpandProperty "MetricsReportingEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.6"
Task = "(L1) Ensure 'Control how Chrome Cleanup reports data to Google' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "ChromeCleanupReportingEnabled" `
| Select-Object -ExpandProperty "ChromeCleanupReportingEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.7"
Task = "(L1) Ensure 'Browser sign in settings' is set to 'Enabled' with 'Disabled browser sign-in' specified"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "BrowserSignin" `
| Select-Object -ExpandProperty "BrowserSignin"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.8"
Task = "(L1) Ensure 'Enable Translate' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "TranslateEnabled" `
| Select-Object -ExpandProperty "TranslateEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.9"
Task = "(L1) Ensure 'Enable network prediction' is set to 'Enabled' with 'Do not predict actions on any network connection' selected"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "NetworkPredictionOptions" `
| Select-Object -ExpandProperty "NetworkPredictionOptions"
if ($regValue -ne 2) {
return @{
Message = "Registry value is '$regValue'. Expected: 2"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.10"
Task = "(L1) Ensure 'Enable search suggestions' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "SearchSuggestEnabled" `
| Select-Object -ExpandProperty "SearchSuggestEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.11"
Task = "(L1) Ensure 'Enable or disable spell checking web service' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "SpellCheckServiceEnabled" `
| Select-Object -ExpandProperty "SpellCheckServiceEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.12"
Task = "(L1) Ensure 'Enable alternate error pages' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "AlternateErrorPagesEnabled" `
| Select-Object -ExpandProperty "AlternateErrorPagesEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.13"
Task = "(L1) Ensure 'Disable synchronization of data with Google' is set to 'Enabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "SyncDisabled" `
| Select-Object -ExpandProperty "SyncDisabled"
if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.14"
Task = "(L1) Ensure 'Enable Safe Browsing for trusted sources' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "SafeBrowsingForTrustedSourcesEnabled" `
| Select-Object -ExpandProperty "SafeBrowsingForTrustedSourcesEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.15"
Task = "(L1) Ensure 'Enable URL-keyed anonymized data collection' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "UrlKeyedAnonymizedDataCollectionEnabled" `
| Select-Object -ExpandProperty "UrlKeyedAnonymizedDataCollectionEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "3.16"
Task = "(L1) Ensure 'Enable deleting browser and download history' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "AllowDeletingBrowserHistory" `
| Select-Object -ExpandProperty "AllowDeletingBrowserHistory"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "4.1.1"
Task = "(L1) Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RemoteAccessHostFirewallTraversal" `
| Select-Object -ExpandProperty "RemoteAccessHostFirewallTraversal"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "4.1.2"
Task = "(L1) Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RemoteAccessHostAllowClientPairing" `
| Select-Object -ExpandProperty "RemoteAccessHostAllowClientPairing"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "4.1.3"
Task = "(L1) Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'."
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "RemoteAccessHostAllowRelayedConnection" `
| Select-Object -ExpandProperty "RemoteAccessHostAllowRelayedConnection"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "4.1.4"
Task = "(L1) Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\RemoteAccessHostClientDomainList" `
-Name "\d+" `
| Select-Object -ExpandProperty "\d+"
if ($regValue -notmatch ".*") {
return @{
Message = "Registry value is '$regValue'. Expected: Matching expression '.*'"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "5.1"
Task = "(L1) Ensure 'Enable submission of documents to Google Cloud print' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "CloudPrintSubmitEnabled" `
| Select-Object -ExpandProperty "CloudPrintSubmitEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "5.2"
Task = "(L1) Ensure 'Import saved passwords from default browser on first run' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "ImportSavedPasswords" `
| Select-Object -ExpandProperty "ImportSavedPasswords"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "5.3"
Task = "(L1) Ensure 'Enable AutoFill for credit cards' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "AutofillCreditCardEnabled" `
| Select-Object -ExpandProperty "AutofillCreditCardEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
[AuditTest] @{
Id = "5.4"
Task = "(L1) Ensure 'Enable AutoFill for addresses' is set to 'Disabled'"
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" `
-Name "AutofillAddressEnabled" `
| Select-Object -ExpandProperty "AutofillAddressEnabled"
if ($regValue -ne 0) {
return @{
Message = "Registry value is '$regValue'. Expected: 0"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}
Reference in New Issue View Git Blame Copy Permalink