Puppet Class: secure_windows::stig::v73517

Defined in:
manifests/stig/v73517.pp

Overview

V-73517 Virtualization-based protection of code integrity must be enabled on domain-joined systems.

Parameters:

  • enforced (Boolean) (defaults to: false)
  • hypervisorenforcedcodeintegrity (Enum['lock','no lock']) (defaults to: 'lock') 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'manifests/stig/v73517.pp', line 3

class secure_windows::stig::v73517 (
  Boolean $enforced = false,
  Enum['lock','no lock'] $hypervisorenforcedcodeintegrity = 'lock',
) {

  if $enforced {
    if($facts['windows_type'] =~ /(1|3|4|5)/) {
      $hypervisorenforcedcodeintegrityval = $hypervisorenforcedcodeintegrity ? {
        'lock'    => '0x00000001',
        'no lock' => '0x00000002',
      }

      registry::value { 'v73517':
        key   => 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard',
        value => 'HypervisorEnforcedCodeIntegrity',
        type  => 'dword',
        data  => $hypervisorenforcedcodeintegrityval,
      }
    }

  }

}