Unify implementation of SYSVOL and NETLOGON Security implemenation #757
Description
There are 2 kinds of checks that should be true regardless of configured order an usage of ", " or ",".
As of now, we have three different implementations of this check.
Goal is to identify all benchmarks that need the check to be implemented with our most recent implementation:
We need to check checks that look at this destination:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
Proper configuration (newer checks also check for RequirePrivacy=1)
[AuditTest] @{
Id = "Registry-073"
Task = "Set registry value '\\SYSVOL' to RequireMutualAuthentication=1, RequireIntegrity=1."
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop -Path "Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths"
-Name "\\SYSVOL" `
| Select-Object -ExpandProperty "\*\SYSVOL"
if ($regValue -notmatch "^(?:RequireMutualAuthentication=1,\s*RequireIntegrity=1|RequireIntegrity=1,\s*RequireMutualAuthentication=1)$") {
return @{
Message = "Registry value is '$regValue'. Expected: RequireMutualAuthentication=1, RequireIntegrity=1"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
}