Puppet Class: secure_windows::stig::v73225

Defined in:
manifests/stig/v73225.pp

Overview

V-73225 Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.

Parameters:

  • enforced (Boolean) (defaults to: false) 


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'manifests/stig/v73225.pp', line 4

class secure_windows::stig::v73225 (
  Boolean $enforced = false,
) {

  if $enforced {

    include ::secure_windows::applocker_startup

    applocker_rule { '(STIG Rule) V-73225 - Disable IE for Administrators':
      ensure            => 'present',
      action            => 'Deny',
      conditions        => [
      {
        'publisher'  => 'O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US',
        'product'    => 'INTERNET EXPLORER',
        'binaryname' => '*',
        'hi_version' => '*',
        'lo_version' => '11.0.0.0'
      }],
      description       => 'STIG Rule addressing vulnerability V-73225: Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.', # lint:ignore:140chars
      mode              => 'NotConfigured',
      rule_type         => 'publisher',
      type              => 'Exe',
      user_or_group_sid => 'S-1-5-32-544',
    }

  }

}