Merge branch '4.15.0' into hinderjd#1179

CHANGELOG.md

@@ -3,6 +3,17 @@
 ## [Unreleased]
 
 * Update PowerSTIG to Parse/Apply Red Hat Enterprise Linux 7 STIG V3R9: [#1179](https://github.com/microsoft/PowerStig/issues/1179)
+* Upgrade AccessControlDSC to Version 1.4.3 [#1151](https://github.com/microsoft/PowerStig/issues/1153)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 10.0 STIG V2R7: [#1175](https://github.com/microsoft/PowerStig/issues/1175)
+* Update PowerSTIG to Parse/Apply Google_Chrome_V2R7_STIG: [#1160](https://github.com/microsoft/PowerStig/issues/1160)
+* Update PowerSTIG to Parse/Apply Windows Server 2019 V2R5 STIG - Ver 2, Rel 5: [#1159](https://github.com/microsoft/PowerStig/issues/1159)
+* Update PowerSTIG to Parse/Apply Windows_Server_2016_V2R5_STIG [#1158](https://github.com/microsoft/PowerStig/issues/1158)
+* Update PowerSTIG to Parse/Apply Microsoft .Net Framework 4.0 STIG - Ver 2, Rel 2: [#1181](https://github.com/microsoft/PowerStig/issues/1181)
+* Update PowerSTIG to Parse/Apply SQL Server 2016 Instance STIG V2R8: [#1177](https://github.com/microsoft/PowerStig/issues/1177)
+* Update PowerSTIG to Parse/Apply MS_Edge_V1R6_STIG: [#1163](https://github.com/microsoft/PowerStig/issues/1163)
+* Update PowerSTIG to Parse/Apply MS_Office_365_ProPlus_V2R7_STIG #1161: [#1161](https://github.com/microsoft/PowerStig/issues/1161)
+* Update PowerSTIG to successfully parse/apply Microsoft Windows 10 STIG - Ver 2, Rel 5: [#1157](https://github.com/microsoft/PowerStig/issues/1157)
+* Update PowerSTIG to successfully parse/apply Microsoft Windows 11 STIG - Ver 1, Rel 2: [#1131](https://github.com/microsoft/PowerStig/issues/1131)
 
 ## [4.14.0] - 2022-09-14
 

source/DSCResources/IisServer/IisServer.schema.psm1

@@ -80,7 +80,7 @@ configuration IisServer
     $stig.LoadRules($OrgSettings, $Exception, $SkipRule, $SkipRuleType, $SkipRuleSeverity)
     ##### END DO NOT MODIFY #####
 
-    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.2
+    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.3
     . "$resourcePath\windows.AccessControl.ps1"
 
     Import-DscResource -ModuleName PSDSCresources -ModuleVersion 2.12.0.0

source/DSCResources/SqlServer/SqlServer.schema.psm1

@@ -107,7 +107,7 @@ configuration SqlServer
     Import-DscResource -ModuleName SecurityPolicyDsc -ModuleVersion 2.10.0.0
     . "$resourcePath\Windows.SecurityOption.ps1"
 
-    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.2
+    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.3
     . "$resourcePath\Windows.AccessControl.ps1"
 
     Import-DscResource -ModuleName PSDSCresources -ModuleVersion 2.12.0.0

source/DSCResources/WindowsClient/WindowsClient.schema.psm1

@@ -88,7 +88,7 @@ configuration WindowsClient
     $stig.LoadRules($OrgSettings, $Exception, $SkipRule, $SkipRuleType, $SkipRuleSeverity)
     ##### END DO NOT MODIFY #####
 
-    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.2
+    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.3
     . "$resourcePath\windows.AccessControl.ps1"
 
     Import-DscResource -ModuleName AuditPolicyDsc -ModuleVersion 1.4.0.0

source/DSCResources/WindowsDnsServer/WindowsDnsServer.schema.psm1

@@ -89,7 +89,7 @@ configuration WindowsDnsServer
     $stig.LoadRules($OrgSettings, $Exception, $SkipRule, $SkipRuleType, $SkipRuleSeverity)
     ##### END DO NOT MODIFY #####
 
-    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.2
+    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.3
     . "$resourcePath\windows.AccessControl.ps1"
 
     Import-DscResource -ModuleName SecurityPolicyDsc -ModuleVersion 2.10.0.0

source/DSCResources/WindowsServer/WindowsServer.schema.psm1

@@ -97,7 +97,7 @@ configuration WindowsServer
     $stig.LoadRules($OrgSettings, $Exception, $SkipRule, $SkipRuleType, $SkipRuleSeverity)
     ##### END DO NOT MODIFY #####
 
-    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.2
+    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.4.3
     . "$resourcePath\windows.AccessControl.ps1"
 
     Import-DscResource -ModuleName AuditPolicyDsc -ModuleVersion 1.4.0.0

source/Module/Common/Functions.XccdfXml.ps1

@@ -355,7 +355,8 @@ function Split-BenchmarkId
         'Microsoft_Windows',
         'Windows_Server',
         'Windows',
-        'Microsoft_Windows_10'
+        'Microsoft_Windows_10',
+        'Microsoft_Windows_11'
     )
     $dnsServerVariations = @(
         'Server_Domain_Name_System',
@@ -429,6 +430,12 @@ function Split-BenchmarkId
             $returnId = $returnId -Replace "MS_", ''
             continue
         }
+        {$PSItem -match "Windows_11"}
+        {
+            $returnId = $id -Replace "Windows", 'WindowsClient'
+            $returnId = $returnId -Replace "Microsoft_", ''
+            continue
+        }
         {$PSItem -match 'JRE_8'}
         {
             $returnId = 'OracleJRE_8'

source/Module/Rule.Permission/Convert/Methods.ps1

@@ -438,6 +438,11 @@ function ConvertTo-AccessControlEntry
 
     $accessControlEntryMatches = $stigString | Select-String -Pattern $regularExpression.spaceDashSpace
 
+    if ($stigString -match 'S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681')
+    {
+        $accessControlEntryMatches += 'S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 - Read  - This key and subkeys'
+    }
+
     foreach ( $entry in $accessControlEntryMatches )
     {
         if ( $entry -notmatch 'Type|Inherited|Columns|Principal|Applies' )
@@ -469,6 +474,10 @@ function ConvertTo-AccessControlEntry
             {
                 $inheritance = $inheritanceInput
             }
+            if ($entry -match 'S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681')
+            {
+                $Principal = 'S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681'
+            }
 
             foreach ( $principal in $principals -split ',' )
             {

source/Module/Rule.Service/Convert/ServiceRule.Convert.psm1

@@ -111,7 +111,8 @@ class ServiceRuleConvert : ServiceRule
             $CheckContent -NotMatch 'Required Services' -and
             $CheckContent -NotMatch 'presence of applications' -and
             $CheckContent -NotMatch 'is not installed by default' -and
-            $CheckContent -NotMatch 'Sql Server'
+            $CheckContent -NotMatch 'Sql Server' -and
+            $CheckContent -NotMatch 'Verify Simple TCP/IP Services has not been installed'
         )
         {
             return $true

source/Module/Rule.WindowsFeature/Convert/WindowsFeatureRule.Convert.psm1

@@ -90,7 +90,7 @@ class WindowsFeatureRuleConvert : WindowsFeatureRule
     {
         if
         (
-            $CheckContent -Match '(Get-Windows(Optional)?Feature|is not installed by default)' -and
+            $CheckContent -Match '(Get-Windows(Optional)?Feature|is not installed by default|Verify Simple TCP/IP Services has not been installed)' -and
             $CheckContent -NotMatch 'Required roles and features will vary based on the function of the individual system' -or
             $CheckContent -Match 'WebDAV Authoring Rules' -and
             $CheckContent -NotMatch 'HKEY_LOCAL_MACHINE'

source/PowerStig.psd1

@@ -38,7 +38,7 @@
     RequiredModules  = @(
         @{ModuleName = 'AuditPolicyDsc'; ModuleVersion = '1.4.0.0'},
         @{ModuleName = 'AuditSystemDsc'; ModuleVersion = '1.1.0'},
-        @{ModuleName = 'AccessControlDsc'; ModuleVersion = '1.4.2'},
+        @{ModuleName = 'AccessControlDsc'; ModuleVersion = '1.4.3'},
         @{ModuleName = 'ComputerManagementDsc'; ModuleVersion = '8.4.0'},
         @{ModuleName = 'FileContentDsc'; ModuleVersion = '1.3.0.151'},
         @{ModuleName = 'GPRegistryPolicyDsc'; ModuleVersion = '1.2.0'},

source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R6_Manual-xccdf.log

@@ -10,4 +10,4 @@ V-221588::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ke
 V-221596::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'AutoplayAllowlist'; ValueType = 'MultiString';  ValueData = $null; OrganizationValueTestString = "{0} -eq 'a list of administrator-approved URLs"}
 V-234701::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'SSLVersionMin'; ValueType = 'String';  ValueData = 'tls1.2'}
 V-245539::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Absent'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'CookiesSessionOnlyForUrls'}
-V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklis'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}
+V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}