Puppet Class: secure_windows::stig::v73515

Defined in:
manifests/stig/v73515.pp

Overview

V-73515 Credential Guard must be running on domain-joined systems.

Parameters:

  • enforced (Boolean) (defaults to: false)
  • lsacfgflags (Enum['lock','no lock']) (defaults to: 'lock') 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'manifests/stig/v73515.pp', line 3

class secure_windows::stig::v73515 (
  Boolean $enforced = false,
  Enum['lock','no lock'] $lsacfgflags = 'lock',
) {

  if $enforced {
    if($facts['windows_type'] =~ /(1|3|4|5)/) {
      $lsacfgflagsval = $lsacfgflags ? {
        'lock'    => '0x00000001',
        'no lock' => '0x00000002',
      }

      registry::value { 'v73515':
        key   => 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard',
        value => 'LsaCfgFlags',
        type  => 'dword',
        data  => $lsacfgflagsval,
      }
    }
  }

}