diff --git a/ee/cis/win-10/cis-policy-queries.yml b/ee/cis/win-10/cis-policy-queries.yml index 467950528d..ae22e59bc4 100644 --- a/ee/cis/win-10/cis-policy-queries.yml +++ b/ee/cis/win-10/cis-policy-queries.yml @@ -6414,6 +6414,81 @@ spec: --- apiVersion: v1 kind: policy +spec: + name: > + CIS - Ensure 'Allow Remote Shell Access' is set to 'Disabled' + platforms: win10 + platform: windows + description: | + This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Disabled': + 'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Remote Shell\Allow Remote Shell Access' + query: | + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service\\WinRS\\AllowRemoteShellAccess' AND data = 0); + purpose: Informational + tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.103.1 + contributors: marcosd4h +--- +apiVersion: v1 +kind: policy +spec: + name: > + CIS - Ensure 'Allow clipboard sharing with Windows Sandbox' is set to 'Disabled' + platforms: win10 + platform: windows + description: | + This policy setting enables or disables clipboard sharing with the Windows sandbox. + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Disabled': + 'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Sandbox\Allow clipboard sharing with Windows Sandbox' + Note: This Group Policy section is provided by the Group Policy template WindowsSandbox.admx/adml that is included with the Microsoft Windows 11 Release 21H2 Administrative Templates (or newer). + query: | + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox\\AllowClipboardRedirection' AND data = 0); + purpose: Informational + tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.104.1 + contributors: marcosd4h +--- +apiVersion: v1 +kind: policy +spec: + name: > + CIS - Ensure 'Allow networking in Windows Sandbox' is set to 'Disabled' + platforms: win10 + platform: windows + description: | + This policy setting enables or disables networking in the Windows Sandbox. Networking is achieved by creating a virtual switch on the host, and connecting the Windows Sandbox to it via a virtual Network Interface Card (NIC). + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Disabled': + 'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Sandbox\Allow networking in Windows Sandbox' + Note: This Group Policy section is provided by the Group Policy template WindowsSandbox.admx/adml that is included with the Microsoft Windows 11 Release 21H2 Administrative Templates (or newer). + query: | + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox\\AllowNetworking' AND data = 0); + purpose: Informational + tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.104.2 + contributors: marcosd4h +--- +apiVersion: v1 +kind: policy +spec: + name: > + CIS - Ensure 'Prevent users from modifying settings' is set to 'Enabled' + platforms: win10 + platform: windows + description: | + This policy setting prevent users from making changes to the Exploit protection settings area in the Windows Security settings. + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Enabled': + 'Computer Configuration\Policies\Administrative Templates\Windows Components\\Windows Security\App and browser protection\Prevent users from modifying settings' + Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefenderSecurityCenter.admx/adml that is included with the Microsoft Windows 10 Release 1709 Administrative Templates (or newer). + query: | + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\App and Browser protection\\DisallowExploitProtectionOverride' AND data = 1); + purpose: Informational + tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.105.2.1 + contributors: marcosd4h +--- +apiVersion: v1 +kind: policy spec: name: > CIS - Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'