253 lines
6.9 KiB
PowerShell
253 lines
6.9 KiB
PowerShell
[AuditTest] @{
|
|
Id = "AccountPolicy-001"
|
|
Task = "Ensure 'MinimumPasswordAge' is set to '1'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["MinimumPasswordAge"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 1) {
|
|
return @{
|
|
Message = "'MinimumPasswordAge' currently set to: $setPolicy. Expected: 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-002"
|
|
Task = "Ensure 'MaximumPasswordAge' is set to '60'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["MaximumPasswordAge"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 60) {
|
|
return @{
|
|
Message = "'MaximumPasswordAge' currently set to: $setPolicy. Expected: 60"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-003"
|
|
Task = "Ensure 'MinimumPasswordLength' is set to '14'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["MinimumPasswordLength"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 14) {
|
|
return @{
|
|
Message = "'MinimumPasswordLength' currently set to: $setPolicy. Expected: 14"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-004"
|
|
Task = "Ensure 'PasswordComplexity' is set to '1'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["PasswordComplexity"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 1) {
|
|
return @{
|
|
Message = "'PasswordComplexity' currently set to: $setPolicy. Expected: 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-005"
|
|
Task = "Ensure 'PasswordHistorySize' is set to '24'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["PasswordHistorySize"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 24) {
|
|
return @{
|
|
Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: 24"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-006"
|
|
Task = "Ensure 'LockoutBadCount' is set to '10'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["LockoutBadCount"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 10) {
|
|
return @{
|
|
Message = "'LockoutBadCount' currently set to: $setPolicy. Expected: 10"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-007"
|
|
Task = "Ensure 'ResetLockoutCount' is set to '15'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["ResetLockoutCount"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 15) {
|
|
return @{
|
|
Message = "'ResetLockoutCount' currently set to: $setPolicy. Expected: 15"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-008"
|
|
Task = "Ensure 'LockoutDuration' is set to '15'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["LockoutDuration"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 15) {
|
|
return @{
|
|
Message = "'LockoutDuration' currently set to: $setPolicy. Expected: 15"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-009"
|
|
Task = "Ensure 'ClearTextPassword' is set to '0'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["ClearTextPassword"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 0) {
|
|
return @{
|
|
Message = "'ClearTextPassword' currently set to: $setPolicy. Expected: 0"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|