Puppet Class: secure_windows::stig::v73399

Defined in:
manifests/stig/v73399.pp

Overview

This class manages: V-73399 The Active Directory RID Manager$ object must be configured with proper audit settings.

Parameters:

  • enforced (Boolean) (defaults to: false) 


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'manifests/stig/v73399.pp', line 4

class secure_windows::stig::v73399 (
  Boolean $enforced = false,
) {
  if $enforced {
    if $facts['windows_server_type'] == 'windowsdc' {
      $root_domain = $facts['root_domain']

      ad_acl { "CN=RID Manager$,CN=System,${root_domain}":
        audit_rules  => [
          {
            'ad_rights'        => 'WriteProperty, ExtendedRight',
            'identity'         => 'S-1-1-0',
            'audit_flags'      => 'Success',
            'inheritance_type' => 'None',
          },
          {
            'ad_rights'        => 'GenericAll',
            'identity'         => 'S-1-1-0',
            'audit_flags'      => 'Failure',
            'inheritance_type' => 'None',
          },
        ],
      }
    }
  }
}