-
Notifications
You must be signed in to change notification settings - Fork 117
WindowsServer
Adam Haynes edited this page Aug 14, 2018
·
7 revisions
A composite DSC resource to manage the Windows Server STIG settings
None
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| OsVersion | True | String | The version of the server operating system STIG to apply and monitor | 2012R2,2016 |
| OsRole | True | String | The role of the server operating system STIG to apply and monitor. This value further filters the OsVersion to select the exact STIG to apply | DC,MS |
| StigVersion | False | Version | Uses the OsVersion and OsRole to select the version of the STIG to apply and monitor. If this parameter is not provided, the most recent version of the STIG is automatically selected. | 2.9,2.12 |
| ForestName | False | String | A string that sets the forest name for items such as security group. The input should be the FQDN of the forest. If this is omitted the forest name of the computer that generates the configuration will be used. | |
| DomainName | False | String | A string that sets the domain name for items such as security group. The input should be the FQDN of the domain. If this is omitted the domain name of the computer that generates the configuration will be used. | |
| Exception | False | PSObject | A hashtable of StigId=Value key pairs that are injected into the STIG data and applied to the target node. The title of STIG settings are tagged with the text ‘Exception’ to identify the exceptions to policy across the data center when you centralize DSC log collection. | |
| OrgSettings | False | PSObject | The path to the xml file that contains the local organizations preferred settings for STIG items that have allowable ranges. | |
| SkipRule | False | PSObject | The SkipRule Node is injected into the STIG data and applied to the taget node. The title of STIG settings are tagged with the text 'Skip' to identify the skips to policy across the data center when you centralize DSC log collection. | |
| SkipRuleType | False | PSObject | All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. |
- Apply the latest Windows Server STIG to a node
- Apply the Windows Server STIG to a node, but override a rule value
- Apply the Windows Server STIG to a node, but override the default organizational settings with a local file
- Apply the Windows Server STIG to a node, but skip a specific rule
- Apply the Windows Server STIG to a node, but skip an entire class of rules
- Apply a specific Windows Server STIG version to a node