forked from microsoft/DSCEA
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request microsoft#42 from Microsoft/anwather-master
manual merge
- Loading branch information
Showing
4 changed files
with
171 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| configuration MemberServerSecuritySettings { | ||
| param([string[]]$ComputerName='localhost') | ||
|
|
||
| Import-DscResource -ModuleName PSDesiredStateConfiguration,xSMBShare | ||
|
|
||
| Node $ComputerName { | ||
|
|
||
| #Anti-Malware | ||
| Service 'MicrosoftAntimalwareService' { | ||
| Name = 'MsMpSvc' | ||
| StartupType = 'Automatic' | ||
| State = 'Running' | ||
| } | ||
|
|
||
| #User Account Control - (1 of 2) | ||
| Registry 'ConsentPromptBehaviorAdmin' { | ||
| Ensure = 'Present' | ||
| Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System' | ||
| ValueName = 'ConsentPromptBehaviorAdmin' | ||
| ValueType = 'Dword' | ||
| ValueData = '5' | ||
| } | ||
|
|
||
| #User Account Control - (2 of 2) | ||
| Registry 'PromptOnSecureDesktop' { | ||
| Ensure = 'Present' | ||
| Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System' | ||
| ValueName = 'PromptOnSecureDesktop' | ||
| ValueType = 'Dword' | ||
| ValueData = '1' | ||
| } | ||
|
|
||
| #Interactive logon: Number of previous logons to cache (in case domain controller is not available) | ||
| Registry 'Numberofpreviouslogonstocache' { | ||
| Ensure = 'Present' | ||
| Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' | ||
| ValueName = 'CachedLogonsCount' | ||
| ValueType = 'Dword' | ||
| ValueData = '2' | ||
| } | ||
|
|
||
| #Checks to ensure that certain Windows Roles or Windows Features have not been installed | ||
| WindowsFeature 'ActiveDirectoryDomainServices' { | ||
| Name = 'AD-Domain-Services' | ||
| Ensure = 'Absent' | ||
| } | ||
|
|
||
| #Ensure DNS service is not installed | ||
| WindowsFeature 'DNSServer' { | ||
| Name = 'DNS' | ||
| Ensure = 'Absent' | ||
| } | ||
|
|
||
| #Ensure DHCP service is not installed | ||
| WindowsFeature 'DHCPServer' { | ||
| Name = 'DHCP' | ||
| Ensure = 'Absent' | ||
| } | ||
|
|
||
| #Ensure FaxServer service is not installed | ||
| WindowsFeature 'WindowsRoleFax' { | ||
| Name = 'Fax' | ||
| Ensure = 'Absent' | ||
| } | ||
|
|
||
| #Create a temp folder to share | ||
| File TempFolder { | ||
| DestinationPath = "C:\Temp" | ||
| Type = "Directory" | ||
| Ensure = "Present" | ||
| } | ||
|
|
||
| #Create a shared folder | ||
| xSMBShare TempShare { | ||
| Ensure = "Present" | ||
| Path = "C:\Temp" | ||
| Name = "TempShare" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| MemberServerSecuritySettings -OutputPath .\ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| function Get-MOFRequiredModules { | ||
| [CmdletBinding()] | ||
| Param($mofFile) | ||
|
|
||
| $DSCResources = Get-DscResource | ||
| $DScModuleArray = @() | ||
| $ModulesToCopy = @() | ||
|
|
||
| foreach ($Resource in $DscResources) | ||
| { | ||
| if (!(($Resource.ModuleName -eq "PSDesiredStateConfiguration") -or ($Resource.ImplementedAs -eq 'Binary'))) | ||
| { | ||
| if ($DScModuleArray -notcontains $Resource.ModuleName) | ||
| { | ||
| $DSCModuleArray += $Resource.ModuleName | ||
| } | ||
| } | ||
| } | ||
|
|
||
| #Scan the mof file for sections ModuleName | ||
| $requiredModulesinMof = @() | ||
| Switch -Regex (Get-Content $mofFile) | ||
| { | ||
| "ModuleName" {$requiredModulesInMof += $_.Split("`"")[1]} | ||
| #Default {Write-Output $_} | ||
| } | ||
|
|
||
| foreach ($requiredModule in $requiredModulesInMof) | ||
| { | ||
| if ($requiredModule -in $DSCModuleArray) | ||
| { | ||
| $ModulesToCopy += [pscustomobject]@{ | ||
| ModuleName = $requiredModule | ||
| #ModulePath = $DSCResources | Where ModuleName -eq $requiredModule | Select -ExpandProperty ParentPath | ||
| } | ||
| } | ||
| } | ||
|
|
||
| return $ModulesToCopy | ||
|
|
||
| } | ||
|
|
||
| function Copy-DSCResource | ||
| { | ||
| [cmdletBinding()] | ||
| Param($PSSession,$ModulestoCopy) | ||
|
|
||
| foreach ($Module in $ModulestoCopy) | ||
| { | ||
| $Source = 'C:\Program Files\WindowsPowerShell\Modules\'+$Module.ModuleName | ||
| Write-Verbose "Module location: $Source" | ||
| $Destination = 'C:\Program Files\WindowsPowerShell\Modules\' | ||
| try | ||
| { | ||
| Write-Verbose "Copying" | ||
| Copy-Item -ToSession $PSSession -Path $Source -Destination $Destination -Recurse -Force -ErrorAction STOP -Verbose | ||
| Write-Verbose "Copied" | ||
| } | ||
| catch | ||
| { | ||
| Write-Output $Error[0].Exception | ||
| break | ||
| } | ||
| } | ||
|
|
||
| } | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters