[
  {
    "id": "RA-Local-Administrator-Disabled",
    "title": "Built-in Administrator account is disabled",
    "strategy": "RA",
    "type": "scriptblock",
    "script": "$u=Get-LocalUser -Name 'Administrator' -ErrorAction SilentlyContinue; if($null -eq $u){ return $true }; return (-not $u.Enabled)",
    "minLevel": "ML1"
  },
  {
    "id": "RA-UAC-Enabled",
    "title": "User Account Control (EnableLUA) enabled",
    "strategy": "RA",
    "type": "scriptblock",
    "script": "try { $v=(Get-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -ErrorAction Stop).EnableLUA; if($null -ne $v -and [int]$v -eq 1){ return $true } else { return $false } } catch { return $false }",
    "minLevel": "ML1"
  },
  {
    "id": "RA-LAPS-PolicyPresent",
    "title": "Windows LAPS (or legacy LAPS) policy present",
    "strategy": "RA",
    "type": "scriptblock",
    "script": "if( (Test-Path 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LAPS') -or (Test-Path 'HKLM:\\SOFTWARE\\Policies\\Microsoft Services\\AdmPwd') ){ return $true } else { return $false }",
    "minLevel": "ML1"
  }
]