26 lines
1.1 KiB
JSON
26 lines
1.1 KiB
JSON
[
|
|
{
|
|
"id": "RA-Local-Administrator-Disabled",
|
|
"title": "Built-in Administrator account is disabled",
|
|
"strategy": "RA",
|
|
"type": "scriptblock",
|
|
"script": "$u=Get-LocalUser -Name 'Administrator' -ErrorAction SilentlyContinue; if($null -eq $u){ return $true }; return (-not $u.Enabled)",
|
|
"minLevel": "ML1"
|
|
},
|
|
{
|
|
"id": "RA-UAC-Enabled",
|
|
"title": "User Account Control (EnableLUA) enabled",
|
|
"strategy": "RA",
|
|
"type": "scriptblock",
|
|
"script": "try { $v=(Get-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -ErrorAction Stop).EnableLUA; if($null -ne $v -and [int]$v -eq 1){ return $true } else { return $false } } catch { return $false }",
|
|
"minLevel": "ML1"
|
|
},
|
|
{
|
|
"id": "RA-LAPS-PolicyPresent",
|
|
"title": "Windows LAPS (or legacy LAPS) policy present",
|
|
"strategy": "RA",
|
|
"type": "scriptblock",
|
|
"script": "if( (Test-Path 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\LAPS') -or (Test-Path 'HKLM:\\SOFTWARE\\Policies\\Microsoft Services\\AdmPwd') ){ return $true } else { return $false }",
|
|
"minLevel": "ML1"
|
|
}
|
|
] |