Puppet Class: secure_windows::stig::v73759

Defined in:
manifests/stig/v73759.pp

Overview

This class manages: V-73759 The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.

Parameters:

  • enforced (Boolean) (defaults to: false) 


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'manifests/stig/v73759.pp', line 5

class secure_windows::stig::v73759 (
  Boolean $enforced = false,
) {
  if $enforced {
    if !($facts['windows_server_type'] == 'windowsdc') {
      if($facts['windows_type'] =~ /(0|2)/) {
        #standalone
        local_security_policy { 'Deny access to this computer from the network':
          ensure         => 'present',
          policy_setting => 'SeDenyNetworkLogonRight',
          policy_type    => 'Privilege Rights',
          policy_value   => '*S-1-5-32-546',
        }
      }
      elsif ($facts['windows_type'] =~ /(1|3)/) {
        #member server
        local_security_policy { 'Deny access to this computer from the network':
          ensure         => 'present',
          policy_setting => 'SeDenyNetworkLogonRight',
          policy_type    => 'Privilege Rights',
          policy_value   => 'Domain Admins,Enterprise Admins,*S-1-5-32-546,*S-1-5-114',
        }
      }
    }
  }
}