Puppet Class: secure_windows::stig::v73377
- Defined in:
- manifests/stig/v73377.pp
Overview
This class manages: V-73377 Domain-created Active Directory Organizational Unit (OU) objects must have proper access control permissions.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'manifests/stig/v73377.pp', line 4
class secure_windows::stig::v73377 (
Boolean $enforced = false,
) {
if $enforced {
$ou_array = $facts['organizational_units']
$ou_array.each |$name| {
if $name != 'Domain Controllers' {
ad_acl { "ou=${name},${facts['root_domain']}":
access_rules => [
{
'identity' => 'S-1-1-0',
'ad_rights' => 'DeleteTree, Delete',
'access_control_type' => 'Deny',
'inheritance_type' => 'None'
},
{
'identity' => 'S-1-5-9',
'ad_rights' => 'GenericRead',
'access_control_type' => 'Allow',
'inheritance_type' => 'None'
},
{
'identity' => 'S-1-5-11',
'ad_rights' => 'GenericRead',
'access_control_type' => 'Allow',
'inheritance_type' => 'None'
},
{
'identity' => 'S-1-5-18',
'ad_rights' => 'GenericAll',
'access_control_type' => 'Allow',
'inheritance_type' => 'None'
},
{
'identity' => 'S-1-5-21-2537783290-4083596532-1772155507-512',
'ad_rights' => 'GenericAll',
'access_control_type' => 'Allow',
'inheritance_type' => 'None'
}],
}
}
}
}
}
|