Open pillarsdotnet opened 5 years ago
logicminds
commented
5 years ago You can probably just add here: https://github.com/ayohrling/local_security_policy/blob/master/lib/puppet_x/lsp/security_policy.rb#L269.
This is kinda like a simple lookup database of security policies.
pillarsdotnet
commented
5 years ago Problem is, I don't know how to look up the expected values. Any guidance would be appreciated.
glennsarti
commented
5 years ago @pillarsdotnet
gpsearch is a great tool for helping you find the info. In this case https://gpsearch.azurewebsites.net/#10676
CC: @logicminds
pillarsdotnet
commented
5 years ago @glennsarti -- EXACTLY what I needed; thanks so much!
pillarsdotnet
commented
5 years ago Looking for the policy_type -- from the code, it must be one of:
Privilege RightsEvent AuditRegistry ValuesSystem Access-- I guess it has to be Registry Values.
logicminds
commented
5 years ago Did scedit /export return anything useful to you?
On Thu, Aug 22, 2019, 7:28 AM Bob Vincent notifications@github.com wrote:
Looking for the policy_type -- from the code, it must be one of:
- Privilege Rights
- Event Audit
- Registry Values
-- I guess it has to be Registry Values.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ayohrling/local_security_policy/issues/41?email_source=notifications&email_token=AAEJVPGGAL63ICNH2A2SJKDQF2A6BA5CNFSM4IOL576KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD445MGA#issuecomment-523884056, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEJVPBVPVHFKUYGDNXE7WDQF2A6BANCNFSM4IOL576A .
glennsarti
commented
5 years ago That's an admin template, not a security policy. Secedit won't help too much there
As per the admx
<policy name="CPL_Personalization_NoLockScreenCamera" class="Machine"
displayName="$(string.CPL_Personalization_NoLockScreenCamera)"
explainText="$(string.CPL_Personalization_NoLockScreenCamera_Help)"
key="Software\Policies\Microsoft\Windows\Personalization"
valueName="NoLockScreenCamera">
<parentCategory ref="Personalization" />
<supportedOn ref="windows:SUPPORTED_Windows_6_3" />
</policy>Because there's no enum information it'll be a simple DWORD value. of 1 = Enabled, 0 = Disabled and delete it to be Not Configured
logicminds
commented
5 years ago Can someone update the docs to detail how to add new policies. I think it is already there might need additional info.
On Thu, Aug 22, 2019, 8:37 AM Glenn Sarti notifications@github.com wrote:
That's an admin template, not a security policy. Secedit won't help too much there
As per the admx
<policy name="CPL_Personalization_NoLockScreenCamera" class="Machine" displayName="$(string.CPL_Personalization_NoLockScreenCamera)" explainText="$(string.CPL_Personalization_NoLockScreenCamera_Help)" key="Software\Policies\Microsoft\Windows\Personalization" valueName="NoLockScreenCamera"> <parentCategory ref="Personalization" /> <supportedOn ref="windows:SUPPORTED_Windows_6_3" /> </policy>Because there's no enum information it'll be a simple DWORD value. of 1 = On, 0 = Off
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ayohrling/local_security_policy/issues/41?email_source=notifications&email_token=AAEJVPFRZEX25DND7RB3VI3QF2JAZA5CNFSM4IOL576KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD45DVCY#issuecomment-523909771, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEJVPDGO4UBUUNDVAB3V4DQF2JAZANCNFSM4IOL576A .
pillarsdotnet
commented
5 years ago @logicminds I'll incorporate a docs update into my pr incorporating what I've learned. See for example this commit.
I need to manage the following security policy, which doesn't (yet) seem to be supported by this module:
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' Info
Rationale:
Solution