DSCResources/SecurityPolicies/SecurityPolicies.schema.psm1
|
# see https://github.com/dsccommunity/SecurityPolicyDsc configuration SecurityPolicies { param ( [Parameter()] [Hashtable[]] $AccountPolicies, [Parameter()] [Hashtable[]] $SecurityOptions, [Parameter()] [Hashtable[]] $UserRightsAssignments, [Parameter()] [String] $SecurityTemplatePath ) Import-DscResource -ModuleName PSDesiredStateConfiguration Import-DscResource -ModuleName SecurityPolicyDsc if ($null -ne $AccountPolicies) { foreach ($policy in $AccountPolicies) { $executionName = "secPolAcc_" + ($policy.Name -replace '\(|\)|\.|:| ', '') (Get-DscSplattedResource -ResourceName AccountPolicy -ExecutionName $executionName -Properties $policy -NoInvoke).Invoke( $policy ) } } if ($null -ne $SecurityOptions) { foreach ($option in $SecurityOptions) { $executionName = "secPolOpt_" + ($option.Name -replace '\(|\)|\.|:| ', '') (Get-DscSplattedResource -ResourceName SecurityOption -ExecutionName $executionName -Properties $option -NoInvoke).Invoke( $option ) } } if ($null -ne $UserRightsAssignments) { foreach ($assign in $UserRightsAssignments) { if (-not $assign.ContainsKey('Ensure')) { $assign.Ensure = 'Present' } if ($null -eq $assign.Identity) { throw "UserRightsAssignment: Attribute 'Identity' of policy '$($assign.Policy)' is missing and must have a value (specify an empty value with '')." } $executionName = "secPolUsr_" + ($assign.Policy -replace '\(|\)|\.|:| ', '') (Get-DscSplattedResource -ResourceName UserRightsAssignment -ExecutionName $executionName -Properties $assign -NoInvoke).Invoke( $assign ) } } if (-not [String]::IsNullOrWhiteSpace($SecurityTemplatePath)) { $securityTemplate = @{ Path = $SecurityTemplatePath IsSingleInstance = 'Yes' } (Get-DscSplattedResource -ResourceName SecurityTemplate -ExecutionName "secTemplate" -Properties $securityTemplate -NoInvoke).Invoke( $securityTemplate ) } } |