Puppet Class: secure_windows::stig::v73775

Defined in:
manifests/stig/v73775.pp

Overview

This class manages: V-73775 The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.

Parameters:

  • enforced (Boolean) (defaults to: false) 


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'manifests/stig/v73775.pp', line 5

class secure_windows::stig::v73775 (
  Boolean $enforced = false,
) {
  if $enforced {
    if !($facts['windows_server_type'] == 'windowsdc') {
      if($facts['windows_type'] =~ /(0|2)/) {
        #standalone
        local_security_policy { 'Deny log on through Remote Desktop Services':
          ensure         => 'present',
          policy_setting => 'SeDenyRemoteInteractiveLogonRight',
          policy_type    => 'Privilege Rights',
          policy_value   => '*S-1-5-32-546',
        }
      }
      elsif ($facts['windows_type'] =~ /(1|3)/) {
        #member server
        #NOTE: Systems dedicated to the management of Active Directory are exempt from this :(
        local_security_policy { 'Deny log on through Remote Desktop Services':
          ensure         => 'present',
          policy_setting => 'SeDenyRemoteInteractiveLogonRight',
          policy_type    => 'Privilege Rights',
          policy_value   => 'Domain Admins,Enterprise Admins,*S-1-5-32-546,*S-1-5-113',
        }
      }
    }
  }
}