xoap-io
diff --git a/‎.github/workflows/commit-message-validator.yaml
+1-1 b/‎.github/workflows/commit-message-validator.yaml
+1-1
diff --git a/‎.github/workflows/dependabot.yaml
+1-1 b/‎.github/workflows/dependabot.yaml
+1-1
diff --git a/‎.github/workflows/megalinter.yaml
+1-17 b/‎.github/workflows/megalinter.yaml
+1-17
diff --git a/‎.github/workflows/tagging.yaml
+1-1 b/‎.github/workflows/tagging.yaml
+1-1
diff --git a/‎.idea/misc.xml
-1 b/‎.idea/misc.xml
-1
diff --git a/‎README.md
+22-16 b/‎README.md
+22-16
diff --git a/‎STIG/dod_stig_august_2023/DoD_Adobe_Acrobat_Pro_DC_Continuous_STIG_Computer_V2R1.ps1
+222 b/‎STIG/dod_stig_august_2023/DoD_Adobe_Acrobat_Pro_DC_Continuous_STIG_Computer_V2R1.ps1
+222
@@ -6,7 +6,7 @@ jobs:
   commitlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: wagoid/commitlint-github-action@v5
@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.4.0
+        uses: dependabot/fetch-metadata@v1.6.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
       - name: Approve a PR
 
@@ -12,23 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           fetch-depth: 0
-      - name: MegaLinter
-        id: ml
-        uses: megalinter/megalinter/flavors/terraform@v6
-        env:
-          VALIDATE_ALL_CODEBASE: true
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DISABLE: COPYPASTE,SPELL
-          DISABLE_LINTERS: TERRAFORM_TERRASCAN
-      - name: Archive production artifacts
-        if: ${{ success() }} || ${{ failure() }}
-        uses: actions/upload-artifact@v3
-        with:
-          name: MegaLinter reports
-          path: |
-            report
-            mega-linter.log
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           fetch-depth: 0
 
@@ -28,6 +28,15 @@ Please check the links for more info, including usage information and full docum
 - [Twitter](https://twitter.com/xoap_io)
 - [LinkedIn](https://www.linkedin.com/company/xoap_io)
 
+This repository hosts some of the most common DSC configurations that we use in our projects.
+
+You will find the following DSC configurations in this repository:
+
+- Citrix infrastructure and Citrix optimizer configurations
+- DoD STIG configurations
+- general Windows configurations
+- Microsoft security baseline configurations
+
 ---
 
 ## Disclaimer
@@ -36,7 +45,7 @@ Please check the links for more info, including usage information and full docum
 
 Be sure to always test any of those configurations in separated test environment and test clients and servers.
 
->Some of the available DSC configurations make severe changes to security-related configurations and could leave your Windows operating system in an unusable state.
+> Some of the available DSC configurations make severe changes to security-related configurations and could leave your Windows operating system in an unusable state.
 
 So please test once, twice or trice.
 
@@ -116,15 +125,13 @@ You can download it [here](https://www.microsoft.com/en-us/download/details.aspx
 
 A typical DSC configuration looks like this:
 
-```
-Configuration MSTF_SecurityBaseline_Edge_v107_Computer
+```PowerShell
+Configuration 'MSTF_SecurityBaseline_Edge_v107_Computer'
 {
 
 	Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' -ModuleVersion '1.2.0'
-	Import-DSCResource -ModuleName 'AuditPolicyDSC' -ModuleVersion '1.4.0.0'
-	Import-DSCResource -ModuleName 'SecurityPolicyDSC' -ModuleVersion '2.10.0.0'
 
-	Node MSTF_SecurityBaseline_Edge_v107_Computer
+	Node 'MSTF_SecurityBaseline_Edge_v107_Computer'
 	{
          RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SitePerProcess'
          {
@@ -136,19 +143,20 @@ Configuration MSTF_SecurityBaseline_Edge_v107_Computer
          }
     }
 }
+MSTF_SecurityBaseline_Edge_v107_Computer -OutputPath 'C:\MSTF_SecurityBaseline_Edge_v107_Computer'
 ```
 
 In order to compile this example, you need to take care that all the referenced DSC modules are available locally.
 
 You can check availability with:
 
-```
+```PowerShell
 Get-DcsResource
 ```
 
 If DSC modules are missing, you can install them simply by e.g. running:
 
-```
+```PowerShell
 Install-Module SecurityPolicyDSC
 ```
 
@@ -160,15 +168,13 @@ and that you have to trust the PSGallery to be able to install the DSC modules.
 
 Defining the versions of the modules could look like this:
 
-```
-Configuration MSTF_SecurityBaseline_Edge_v107_Computer
+```PowerShell
+Configuration 'MSTF_SecurityBaseline_Edge_v107_Computer'
 {
 
 	Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' -ModuleVersion '1.2.0' -ModuleVersion '1.2.0'
-	Import-DSCResource -ModuleName 'AuditPolicyDSC' -ModuleVersion '1.4.0.0' -ModuleVersion '1.4.0.0'
-	Import-DSCResource -ModuleName 'SecurityPolicyDSC' -ModuleVersion '2.10.0.0' -ModuleVersion '2.1.0.0'
 
-	Node MSTF_SecurityBaseline_Edge_v107_Computer
+	Node 'MSTF_SecurityBaseline_Edge_v107_Computer'
 	{
          RegistryPolicyFile 'Registry(POL): HKLM:\Software\Policies\Microsoft\Edge\SitePerProcess'
          {
@@ -185,7 +191,7 @@ Configuration MSTF_SecurityBaseline_Edge_v107_Computer
 So now that all DSC modules are available and the module versions are defined,
 you need to run the following command in your Powershell to compile it locally:
 
-```
+```PowerShell
 . PATHTOYOURSCRIPT\MSTF_SecurityBaseline_Edge_v107_Computer.ps1
 MSTF_SecurityBaseline_Edge_v107_Computer
 ```
@@ -194,7 +200,7 @@ You should now have a localhost.mof file in this location.
 
 The last step is to apply this configuration to your local host:
 
-```
+```PowerShell
 Start-DscConfiguration -Path PATHTOYOURCONFIGURATION\MSTF_SecurityBaseline_Edge_v107_Computer -Verbose -Wait
 ```
 
@@ -204,4 +210,4 @@ Start-DscConfiguration -Path PATHTOYOURCONFIGURATION\MSTF_SecurityBaseline_Edge_
 
 ### Usage in XOAP and config.XO
 
-Refer to our documentation [here](https://docs.xoap.io/configuration-management/quickstarts/add-configurations/)
+Refer to our documentation [here](https://docs.xoap.io/configuration-management/)
@@ -0,0 +1,222 @@
+Configuration 'DoD_Adobe_Acrobat_Pro_DC_Continuous_STIG_Computer_V2R1'
+{
+    Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
+	Import-DSCResource -ModuleName 'GPRegistryPolicyDsc' -ModuleVersion '1.2.0'
+	Import-DSCResource -ModuleName 'AuditPolicyDSC' -ModuleVersion '1.4.0.0'
+	Import-DSCResource -ModuleName 'SecurityPolicyDSC' -ModuleVersion '2.10.0.0'
+	
+     Node 'DoD_Adobe_Acrobat_Pro_DC_Continuous_STIG_Computer_V2R1'
+	{
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Adobe\Adobe Acrobat\DC\Installer\DisableMaintenance'
+         {
+              ValueName = 'DisableMaintenance'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Adobe\Adobe Acrobat\DC\Installer'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bEnhancedSecurityStandalone'
+         {
+              ValueName = 'bEnhancedSecurityStandalone'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bEnhancedSecurityInBrowser'
+         {
+              ValueName = 'bEnhancedSecurityInBrowser'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\iFileAttachmentPerms'
+         {
+              ValueName = 'iFileAttachmentPerms'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bEnableFlash'
+         {
+              ValueName = 'bEnableFlash'
+              ValueData = 0
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bDisableTrustedFolders'
+         {
+              ValueName = 'bDisableTrustedFolders'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bProtectedMode'
+         {
+              ValueName = 'bProtectedMode'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\iProtectedView'
+         {
+              ValueName = 'iProtectedView'
+              ValueData = 2
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bDisablePDFHandlerSwitching'
+         {
+              ValueName = 'bDisablePDFHandlerSwitching'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\bDisableTrustedSites'
+         {
+              ValueName = 'bDisableTrustedSites'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud\bAdobeSendPluginToggle'
+         {
+              ValueName = 'bAdobeSendPluginToggle'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud\bDisableADCFileStore'
+         {
+              ValueName = 'bDisableADCFileStore'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cCloud'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms\iUnknownURLPerms'
+         {
+              ValueName = 'iUnknownURLPerms'
+              ValueData = 3
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms\iURLPerms'
+         {
+              ValueName = 'iURLPerms'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cDefaultLaunchURLPerms'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices\bTogglePrefsSync'
+         {
+              ValueName = 'bTogglePrefsSync'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices\bToggleWebConnectors'
+         {
+              ValueName = 'bToggleWebConnectors'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cServices'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cSharePoint\bDisableSharePointFeatures'
+         {
+              ValueName = 'bDisableSharePointFeatures'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cSharePoint'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWebmailProfiles\bDisableWebmail'
+         {
+              ValueName = 'bDisableWebmail'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWebmailProfiles'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWelcomeScreen\bShowWelcomeScreen'
+         {
+              ValueName = 'bShowWelcomeScreen'
+              ValueData = 0
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown\cWelcomeScreen'
+         }
+
+         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\DC\Installer\DisableMaintenance'
+         {
+              ValueName = 'DisableMaintenance'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\DC\Installer'
+         }
+
+         <#RegistryPolicyFile 'Registry(POL): HKCU:\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\bFIPSMode'
+         {
+              ValueName = 'bFIPSMode'
+              ValueData = 1
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'HKCU:\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral'
+         }#>
+
+         <#RegistryPolicyFile 'Registry(POL): HKCU:\SOFTWARE\Adobe\Adobe Acrobat\DC\Security\cDigSig\cAdobeDownload\bLoadSettingsFromURL'
+         {
+              ValueName = 'bLoadSettingsFromURL'
+              ValueData = 0
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'HKCU:\SOFTWARE\Adobe\Adobe Acrobat\DC\Security\cDigSig\cAdobeDownload'
+         }#>
+
+         <#RegistryPolicyFile 'Registry(POL): HKCU:\SOFTWARE\Adobe\Adobe Acrobat\DC\Security\cDigSig\cEUTLDownload\bLoadSettingsFromURL'
+         {
+              ValueName = 'bLoadSettingsFromURL'
+              ValueData = 0
+              ValueType = 'Dword'
+              TargetType = 'ComputerConfiguration'
+              Key = 'HKCU:\SOFTWARE\Adobe\Adobe Acrobat\DC\Security\cDigSig\cEUTLDownload'
+         }#>
+
+         RefreshRegistryPolicy 'ActivateClientSideExtension'
+         {
+             IsSingleInstance = 'Yes'
+         }
+     }
+}