197 lines
5.4 KiB
PowerShell
197 lines
5.4 KiB
PowerShell
[AuditTest] @{
|
|
Id = "AccountPolicy-309"
|
|
Task = "Ensure 'MinimumPasswordLength' is set to '14'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["MinimumPasswordLength"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if (($setPolicy -ne 14)) {
|
|
return @{
|
|
Message = "'MinimumPasswordLength' currently set to: $setPolicy. Expected: x == 14"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-310"
|
|
Task = "Ensure 'PasswordComplexity' is set to '1'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["PasswordComplexity"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 1) {
|
|
return @{
|
|
Message = "'PasswordComplexity' currently set to: $setPolicy. Expected: 1"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-311"
|
|
Task = "Ensure 'PasswordHistorySize' is set to '24'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["PasswordHistorySize"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if (($setPolicy -ne 24)) {
|
|
return @{
|
|
Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x == 24"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-312"
|
|
Task = "Ensure 'LockoutBadCount' is set to '10'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["LockoutBadCount"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if (($setPolicy -ne 10)) {
|
|
return @{
|
|
Message = "'LockoutBadCount' currently set to: $setPolicy. Expected: x == 10"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-313"
|
|
Task = "Ensure 'ResetLockoutCount' is set to '15'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["ResetLockoutCount"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if (($setPolicy -ne 15)) {
|
|
return @{
|
|
Message = "'ResetLockoutCount' currently set to: $setPolicy. Expected: x == 15 minutes"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-314"
|
|
Task = "Ensure 'LockoutDuration' is set to '15'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["LockoutDuration"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if (($setPolicy -ne 15)) {
|
|
return @{
|
|
Message = "'LockoutDuration' currently set to: $setPolicy. Expected: x == 15 minutes"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|
|
[AuditTest] @{
|
|
Id = "AccountPolicy-315"
|
|
Task = "Ensure 'ClearTextPassword' is set to '0'."
|
|
Test = {
|
|
$securityPolicy = Get-AuditResource "WindowsSecurityPolicy"
|
|
$setPolicy = $securityPolicy['System Access']["ClearTextPassword"]
|
|
|
|
if ($null -eq $setPolicy) {
|
|
return @{
|
|
Message = "Currently not set."
|
|
Status = "False"
|
|
}
|
|
}
|
|
$setPolicy = [long]$setPolicy
|
|
|
|
if ($setPolicy -ne 0) {
|
|
return @{
|
|
Message = "'ClearTextPassword' currently set to: $setPolicy. Expected: 0"
|
|
Status = "False"
|
|
}
|
|
}
|
|
|
|
return @{
|
|
Message = "Compliant"
|
|
Status = "True"
|
|
}
|
|
}
|
|
}
|