From eaa4d61ec74440b1c2c7c2f0c76ad550e5c4464c Mon Sep 17 00:00:00 2001 From: Steffen Winternheimer Date: Fri, 25 Aug 2023 08:17:40 +0200 Subject: [PATCH] Update logic of several tests Improve logic checks #360 --- ...10 SiSyPHuS HD-BSI-1.3#AccountPolicies.ps1 | 4 ++-- ...0 SiSyPHuS HD-BSI-1.3#RegistrySettings.ps1 | 12 +++++------ ...10 SiSyPHuS ND-BSI-1.3#AccountPolicies.ps1 | 4 ++-- ...0 SiSyPHuS ND-BSI-1.3#RegistrySettings.ps1 | 6 +++--- ...10 SiSyPHuS NE-BSI-1.3#AccountPolicies.ps1 | 4 ++-- ... Windows 10-ACSC-21H1#RegistrySettings.ps1 | 20 +++++++++---------- ...s 10-BSI-Bundespolizei#AccountPolicies.ps1 | 4 ++-- ... Windows 10-CIS-1.12.0#AccountPolicies.ps1 | 4 ++-- ...Windows 10-CIS-1.12.0#RegistrySettings.ps1 | 16 +++++++-------- ...10-CyberGovAu-10.2020#RegistrySettings.ps1 | 16 +++++++-------- ...t Windows 10-DISA-1.23#AccountPolicies.ps1 | 4 ++-- ... Windows 10-DISA-V1R16#AccountPolicies.ps1 | 4 ++-- ...-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 | 4 ++-- ...Stand-alone-CIS-1.0.1#RegistrySettings.ps1 | 20 +++++++++---------- ...-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 | 4 ++-- ...Stand-alone-CIS-1.0.1#RegistrySettings.ps1 | 20 +++++++++---------- ...ft Windows 7-CIS-3.1.0#AccountPolicies.ps1 | 4 ++-- ...t Windows 7-CIS-3.1.0#RegistrySettings.ps1 | 6 +++--- ...rver 2012 R2-CIS-2.6.0#AccountPolicies.ps1 | 4 ++-- ...rver 2012 R2-DISA-2.19#AccountPolicies.ps1 | 4 ++-- ...n Controller-DISA-V1R6#AccountPolicies.ps1 | 4 ++-- ... Controller-DISA-V1R6#RegistrySettings.ps1 | 4 ++-- ...oller-Microsoft-FINAL#RegistrySettings.ps1 | 4 ++-- ... Server 2016-CIS-1.2.0#AccountPolicies.ps1 | 4 ++-- ...Server 2016-CIS-1.2.0#RegistrySettings.ps1 | 4 ++-- ... Server 2016-CIS-1.4.0#AccountPolicies.ps1 | 4 ++-- ...Server 2016-CIS-1.4.0#RegistrySettings.ps1 | 4 ++-- ... Server 2016-DISA-1.12#AccountPolicies.ps1 | 4 ++-- ... 2016-Microsoft-FINAL#RegistrySettings.ps1 | 4 ++-- ...s Server 2019-DISA-1.5#AccountPolicies.ps1 | 4 ++-- ... Server 2019-DISA-V1R2#AccountPolicies.ps1 | 4 ++-- ...s Server 2022-DISA-1.1#AccountPolicies.ps1 | 4 ++-- 32 files changed, 106 insertions(+), 106 deletions(-) diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#AccountPolicies.ps1 index 7e86c43b..8915cce4 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#AccountPolicies.ps1 @@ -69,9 +69,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#RegistrySettings.ps1 index 6598c63f..837f9c59 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#RegistrySettings.ps1 @@ -8788,13 +8788,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ` -Name "MaxDevicePasswordFailedAttempts" ` | Select-Object -ExpandProperty "MaxDevicePasswordFailedAttempts" - if (($regValue -gt 10 -or $regValue -le 0)) { + if (($regValue -gt 10 -or $regValue -le 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 0" + Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 3" Status = "False" } } @@ -10138,13 +10138,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography" ` -Name "ForceKeyProtection" ` | Select-Object -ExpandProperty "ForceKeyProtection" - if (($regValue -lt 1)) { + if (($regValue -ne 1) -and ($regValue -ne 2)) { return @{ - Message = "Registry value is '$regValue'. Expected: x >= 1" + Message = "Registry value is '$regValue'. Expected: 1 or 2" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS ND-BSI-1.3#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS ND-BSI-1.3#AccountPolicies.ps1 index 758d9fc0..365c5749 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS ND-BSI-1.3#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS ND-BSI-1.3#AccountPolicies.ps1 @@ -69,9 +69,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS ND-BSI-1.3#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS ND-BSI-1.3#RegistrySettings.ps1 index 71260d0d..5a747e9a 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS ND-BSI-1.3#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS ND-BSI-1.3#RegistrySettings.ps1 @@ -6538,13 +6538,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ` -Name "MaxDevicePasswordFailedAttempts" ` | Select-Object -ExpandProperty "MaxDevicePasswordFailedAttempts" - if (($regValue -gt 10 -or $regValue -le 0)) { + if (($regValue -gt 10 -or $regValue -le 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 0" + Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS NE-BSI-1.3#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS NE-BSI-1.3#AccountPolicies.ps1 index 6a2bbb5d..7b173a20 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS NE-BSI-1.3#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS NE-BSI-1.3#AccountPolicies.ps1 @@ -69,9 +69,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10-ACSC-21H1#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10-ACSC-21H1#RegistrySettings.ps1 index db3ca270..d9a27b75 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10-ACSC-21H1#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10-ACSC-21H1#RegistrySettings.ps1 @@ -1181,9 +1181,9 @@ $windefrunning = CheckWindefRunning -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } @@ -1859,13 +1859,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" ` - -Name "ConsentPromptBehaviorAdmin" ` - | Select-Object -ExpandProperty "ConsentPromptBehaviorAdmin" + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography" ` + -Name "ForceKeyProtection" ` + | Select-Object -ExpandProperty "ForceKeyProtection" - if (($regValue -ne 2)) { + if (($regValue -ne 1) -and ($regValue -ne 2)) { return @{ - Message = "Registry value is '$regValue'. Expected: x == 2" + Message = "Registry value is '$regValue'. Expected: 1 or 2" Status = "False" } } @@ -7259,13 +7259,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ` -Name "MaxDevicePasswordFailedAttempts" ` | Select-Object -ExpandProperty "MaxDevicePasswordFailedAttempts" - if (($regValue -gt 10 -or $regValue -le 0)) { + if (($regValue -gt 10 -or $regValue -le 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 0" + Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10-BSI-Bundespolizei#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10-BSI-Bundespolizei#AccountPolicies.ps1 index c1ca2877..6aaeac6e 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10-BSI-Bundespolizei#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10-BSI-Bundespolizei#AccountPolicies.ps1 @@ -153,9 +153,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10-CIS-1.12.0#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10-CIS-1.12.0#AccountPolicies.ps1 index f42053df..23e308bb 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10-CIS-1.12.0#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10-CIS-1.12.0#AccountPolicies.ps1 @@ -13,9 +13,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10-CIS-1.12.0#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10-CIS-1.12.0#RegistrySettings.ps1 index 2ec79b80..c97acaf2 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10-CIS-1.12.0#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10-CIS-1.12.0#RegistrySettings.ps1 @@ -550,13 +550,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ` -Name "MaxDevicePasswordFailedAttempts" ` | Select-Object -ExpandProperty "MaxDevicePasswordFailedAttempts" - if (($regValue -gt 10 -or $regValue -le 0)) { + if (($regValue -gt 10 -or $regValue -le 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 0" + Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 3" Status = "False" } } @@ -1864,13 +1864,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography" ` -Name "ForceKeyProtection" ` | Select-Object -ExpandProperty "ForceKeyProtection" - if (($regValue -lt 1)) { + if (($regValue -ne 1) -and ($regValue -ne 2)) { return @{ - Message = "Registry value is '$regValue'. Expected: x >= 1" + Message = "Registry value is '$regValue'. Expected: 1 or 2" Status = "False" } } @@ -6512,9 +6512,9 @@ $windefrunning = CheckWindefRunning -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10-CyberGovAu-10.2020#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10-CyberGovAu-10.2020#RegistrySettings.ps1 index 1fd1c64c..34d1cb0b 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10-CyberGovAu-10.2020#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10-CyberGovAu-10.2020#RegistrySettings.ps1 @@ -1217,9 +1217,9 @@ $windefrunning = CheckWindefRunning -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } @@ -11505,13 +11505,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ` -Name "MaxDevicePasswordFailedAttempts" ` | Select-Object -ExpandProperty "MaxDevicePasswordFailedAttempts" - if (($regValue -gt 10 -or $regValue -le 0)) { + if (($regValue -gt 10 -or $regValue -le 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 0" + Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 3" Status = "False" } } @@ -12405,13 +12405,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography" ` -Name "ForceKeyProtection" ` | Select-Object -ExpandProperty "ForceKeyProtection" - if (($regValue -lt 1)) { + if (($regValue -ne 1) -and ($regValue -ne 2)) { return @{ - Message = "Registry value is '$regValue'. Expected: x >= 1" + Message = "Registry value is '$regValue'. Expected: 1 or 2" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10-DISA-1.23#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10-DISA-1.23#AccountPolicies.ps1 index 92056bd9..40ad048f 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10-DISA-1.23#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10-DISA-1.23#AccountPolicies.ps1 @@ -97,9 +97,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10-DISA-V1R16#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10-DISA-V1R16#AccountPolicies.ps1 index 3e05df80..5e0add64 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10-DISA-V1R16#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10-DISA-V1R16#AccountPolicies.ps1 @@ -97,9 +97,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 index 23182168..b3b821d0 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 @@ -13,9 +13,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 10-Stand-alone-CIS-1.0.1#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 10-Stand-alone-CIS-1.0.1#RegistrySettings.ps1 index 375965f9..bf2e9cf3 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 10-Stand-alone-CIS-1.0.1#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 10-Stand-alone-CIS-1.0.1#RegistrySettings.ps1 @@ -298,13 +298,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ` -Name "MaxDevicePasswordFailedAttempts" ` | Select-Object -ExpandProperty "MaxDevicePasswordFailedAttempts" - if (($regValue -gt 10 -or $regValue -le 0)) { + if (($regValue -gt 10 -or $regValue -le 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 0" + Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 3" Status = "False" } } @@ -1576,13 +1576,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography" ` -Name "ForceKeyProtection" ` | Select-Object -ExpandProperty "ForceKeyProtection" - if (($regValue -lt 1)) { + if (($regValue -ne 1) -and ($regValue -ne 2)) { return @{ - Message = "Registry value is '$regValue'. Expected: x >= 1" + Message = "Registry value is '$regValue'. Expected: 1 or 2" Status = "False" } } @@ -1724,9 +1724,9 @@ $windefrunning = CheckWindefRunning -Name "ConsentPromptBehaviorAdmin" ` | Select-Object -ExpandProperty "ConsentPromptBehaviorAdmin" - if (($regValue -ne 2)) { + if ($regValue -ne 2) { return @{ - Message = "Registry value is '$regValue'. Expected: x == 2" + Message = "Registry value is '$regValue'. Expected: 2" Status = "False" } } @@ -5832,9 +5832,9 @@ $windefrunning = CheckWindefRunning -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 11-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 11-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 index ccfa13d8..55f4afae 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 11-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 11-Stand-alone-CIS-1.0.1#AccountPolicies.ps1 @@ -13,9 +13,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 11-Stand-alone-CIS-1.0.1#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 11-Stand-alone-CIS-1.0.1#RegistrySettings.ps1 index 43c3d96a..7b176a99 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 11-Stand-alone-CIS-1.0.1#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 11-Stand-alone-CIS-1.0.1#RegistrySettings.ps1 @@ -298,13 +298,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ` -Name "MaxDevicePasswordFailedAttempts" ` | Select-Object -ExpandProperty "MaxDevicePasswordFailedAttempts" - if (($regValue -gt 10 -or $regValue -le 0)) { + if (($regValue -gt 10 -or $regValue -le 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 0" + Message = "Registry value is '$regValue'. Expected: x <= 10 and x > 3" Status = "False" } } @@ -1576,13 +1576,13 @@ $windefrunning = CheckWindefRunning Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography" ` -Name "ForceKeyProtection" ` | Select-Object -ExpandProperty "ForceKeyProtection" - if (($regValue -lt 1)) { + if (($regValue -ne 1) -and ($regValue -ne 2)) { return @{ - Message = "Registry value is '$regValue'. Expected: x >= 1" + Message = "Registry value is '$regValue'. Expected: 1 or 2" Status = "False" } } @@ -1724,9 +1724,9 @@ $windefrunning = CheckWindefRunning -Name "ConsentPromptBehaviorAdmin" ` | Select-Object -ExpandProperty "ConsentPromptBehaviorAdmin" - if (($regValue -ne 2)) { + if ($regValue -ne 2) { return @{ - Message = "Registry value is '$regValue'. Expected: x == 2" + Message = "Registry value is '$regValue'. Expected: 2" Status = "False" } } @@ -5792,9 +5792,9 @@ $windefrunning = CheckWindefRunning -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 7-CIS-3.1.0#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 7-CIS-3.1.0#AccountPolicies.ps1 index c366ea78..a7723fbb 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 7-CIS-3.1.0#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 7-CIS-3.1.0#AccountPolicies.ps1 @@ -13,9 +13,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows 7-CIS-3.1.0#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows 7-CIS-3.1.0#RegistrySettings.ps1 index f5bcb6bf..b22baf62 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows 7-CIS-3.1.0#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows 7-CIS-3.1.0#RegistrySettings.ps1 @@ -1607,13 +1607,13 @@ $RootPath = Split-Path $RootPath -Parent Test = { try { $regValue = Get-ItemProperty -ErrorAction Stop ` - -Path "Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography" ` + -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography" ` -Name "ForceKeyProtection" ` | Select-Object -ExpandProperty "ForceKeyProtection" - if (($regValue -lt 1)) { + if (($regValue -ne 1) -and ($regValue -ne 2)) { return @{ - Message = "Registry value is '$regValue'. Expected: x >= 1" + Message = "Registry value is '$regValue'. Expected: 1 or 2" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2012 R2-CIS-2.6.0#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2012 R2-CIS-2.6.0#AccountPolicies.ps1 index 1a43534b..a3f07b52 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2012 R2-CIS-2.6.0#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2012 R2-CIS-2.6.0#AccountPolicies.ps1 @@ -13,9 +13,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2012 R2-DISA-2.19#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2012 R2-DISA-2.19#AccountPolicies.ps1 index 7b8ecaf0..725dd493 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2012 R2-DISA-2.19#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2012 R2-DISA-2.19#AccountPolicies.ps1 @@ -153,9 +153,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-DISA-V1R6#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-DISA-V1R6#AccountPolicies.ps1 index 4507e5a0..469e4499 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-DISA-V1R6#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-DISA-V1R6#AccountPolicies.ps1 @@ -97,9 +97,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-DISA-V1R6#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-DISA-V1R6#RegistrySettings.ps1 index 6f3b76ce..e07121db 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-DISA-V1R6#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-DISA-V1R6#RegistrySettings.ps1 @@ -476,9 +476,9 @@ -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-Microsoft-FINAL#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-Microsoft-FINAL#RegistrySettings.ps1 index 68732183..66ae072b 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-Microsoft-FINAL#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016 Domain Controller-Microsoft-FINAL#RegistrySettings.ps1 @@ -3446,9 +3446,9 @@ $windefrunning = CheckWindefRunning -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.2.0#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.2.0#AccountPolicies.ps1 index c366ea78..a7723fbb 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.2.0#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.2.0#AccountPolicies.ps1 @@ -13,9 +13,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.2.0#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.2.0#RegistrySettings.ps1 index b6dc3afa..a8117350 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.2.0#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.2.0#RegistrySettings.ps1 @@ -4995,9 +4995,9 @@ $windefrunning = CheckWindefRunning -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.4.0#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.4.0#AccountPolicies.ps1 index 1a43534b..a3f07b52 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.4.0#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.4.0#AccountPolicies.ps1 @@ -13,9 +13,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.4.0#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.4.0#RegistrySettings.ps1 index dc2279f1..0182bff4 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.4.0#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-CIS-1.4.0#RegistrySettings.ps1 @@ -5389,9 +5389,9 @@ $windefrunning = CheckWindefRunning -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-DISA-1.12#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-DISA-1.12#AccountPolicies.ps1 index 6b69687b..67209ff0 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-DISA-1.12#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-DISA-1.12#AccountPolicies.ps1 @@ -97,9 +97,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-Microsoft-FINAL#RegistrySettings.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-Microsoft-FINAL#RegistrySettings.ps1 index 56c1bdfc..c5070336 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-Microsoft-FINAL#RegistrySettings.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2016-Microsoft-FINAL#RegistrySettings.ps1 @@ -3554,9 +3554,9 @@ $windefrunning = CheckWindefRunning -Name "RequirePlatformSecurityFeatures" ` | Select-Object -ExpandProperty "RequirePlatformSecurityFeatures" - if ($regValue -ne 3) { + if (($regValue -ne 1) -and ($regValue -ne 3)) { return @{ - Message = "Registry value is '$regValue'. Expected: 3" + Message = "Registry value is '$regValue'. Expected: 1 or 3" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2019-DISA-1.5#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2019-DISA-1.5#AccountPolicies.ps1 index 1f7d35b9..81e9c696 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2019-DISA-1.5#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2019-DISA-1.5#AccountPolicies.ps1 @@ -237,9 +237,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2019-DISA-V1R2#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2019-DISA-V1R2#AccountPolicies.ps1 index 92132651..d2621f6e 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2019-DISA-V1R2#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2019-DISA-V1R2#AccountPolicies.ps1 @@ -97,9 +97,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } } diff --git a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2022-DISA-1.1#AccountPolicies.ps1 b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2022-DISA-1.1#AccountPolicies.ps1 index a319f020..e2c43e61 100644 --- a/ATAPAuditor/AuditGroups/Microsoft Windows Server 2022-DISA-1.1#AccountPolicies.ps1 +++ b/ATAPAuditor/AuditGroups/Microsoft Windows Server 2022-DISA-1.1#AccountPolicies.ps1 @@ -97,9 +97,9 @@ } $setPolicy = [long]$setPolicy - if (($setPolicy -lt 24)) { + if (($setPolicy -gt 24 -or $setPolicy -lt 0)) { return @{ - Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x >= 24" + Message = "'PasswordHistorySize' currently set to: $setPolicy. Expected: x <= 24 and x >= 0" Status = "False" } }