DSCResources/MSFT_AuditPolicyGUID/MSFT_AuditPolicyGUID.psm1
|
Import-Module -Name (Join-Path -Path ( Split-Path $PSScriptRoot -Parent ) ` -ChildPath 'AuditPolicyResourceHelper\AuditPolicyResourceHelper.psm1') ` -Force # Localized messages for Write-Verbose statements in this resource $script:localizedData = Get-LocalizedData -ResourceName 'MSFT_AuditPolicyGUID' <# .SYNOPSIS Returns the current audit flag for the given subcategory. .PARAMETER Name Specifies the subcategory to retrieve. .PARAMETER AuditFlag Specifies the audit flag to retrieve. #> function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( [Parameter(Mandatory = $true)] [String] $Name, [Parameter(Mandatory = $true)] [ValidateSet('Success', 'Failure', 'No Auditing', 'Success And Failure')] [String] $AuditFlag ) # Work in GUIDS and Setting Values the rest of the way $GUID = Get-AuditSubCategoryGuid -Name $Name $SettingValue = $AuditFlagToSettingValue[$AuditFlag] try { $currentAuditSetting = Get-AuditSubCategory -GUID $GUID Write-Verbose -Message ( $localizedData.GetAuditpolSubcategorySucceed -f $Name, $AuditFlag ) } catch { Write-Verbose -Message ( $localizedData.GetAuditPolSubcategoryFailed -f $Name, $AuditFlag ) } <# The auditType property returned from Get-AuditSubCategory can be 'None','Success', 'Failure', or 'Success and Failure'. Using the match operator will return the correct state if both are set. #> $currentAuditFlag = $AuditSettingValueToFlag[$currentAuditSetting] if ( $currentAuditSetting -eq $SettingValue ) { $ensure = 'Present' } else { $ensure = 'Absent' } return @{ Name = $Name AuditFlag = $currentAuditFlag Ensure = $ensure } } <# .SYNOPSIS Sets the audit flag for the given subcategory. .PARAMETER Name Specifies the subcategory to set. .PARAMETER AuditFlag Specifies the audit flag to set. .PARAMETER Ensure Specifies the state of the audit flag provided. By default this is set to Present. #> function Set-TargetResource { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [String] $Name, [Parameter(Mandatory = $true)] [ValidateSet('Success', 'Failure', 'No Auditing', 'Success And Failure')] [String] $AuditFlag, [Parameter()] [ValidateSet('Present', 'Absent')] [String] $Ensure = 'Present' ) # Work in GUIDS and Setting Values the rest of the way $GUID = Get-AuditSubCategoryGuid -Name $Name $SettingValue = $AuditFlagToSettingValue[$AuditFlag] try { Set-AuditSubcategory -GUID $GUID -SettingValue $SettingValue -Ensure $Ensure Write-Verbose -Message ( $localizedData.SetAuditpolSubcategorySucceed ` -f $Name, $AuditFlag, $Ensure ) } catch { Write-Verbose -Message ( $localizedData.SetAuditpolSubcategoryFailed ` -f $Name, $AuditFlag, $Ensure ) } } <# .SYNOPSIS Tests the audit flag state for the given subcategory. .PARAMETER Name Specifies the subcategory to test. .PARAMETER AuditFlag Specifies the audit flag to test. .PARAMETER Ensure Specifies the state of the audit flag should be in. #> function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [String] $Name, [Parameter(Mandatory = $true)] [ValidateSet('Success', 'Failure', 'No Auditing', 'Success And Failure')] [String] $AuditFlag, [Parameter()] [ValidateSet('Present', 'Absent')] [String] $Ensure="Present" ) [System.Boolean] $isInDesiredState = $false # Work in GUIDS and Setting Values the rest of the way $GUID = Get-AuditSubCategoryGuid -Name $Name [int]$SettingValue = $AuditFlagToSettingValue[$AuditFlag] try { [int]$currentAuditSetting = Get-AuditSubCategory -GUID $GUID Write-Verbose -Message ( $localizedData.GetAuditpolSubcategorySucceed -f $Name, $AuditFlag ) } catch { Write-Verbose -Message ( $localizedData.GetAuditPolSubcategoryFailed -f $Name, $AuditFlag ) } # If the setting should be present look for a match, otherwise look for a notmatch if ( $Ensure -eq 'Present' ) { $isInDesiredState = $currentAuditSetting -eq $SettingValue } else { $isInDesiredState = $currentAuditSetting -ne $SettingValue } <# The audit type can be true in either a match or non-match state. If the audit type matches the ensure property return the setting correct message, else return the setting incorrect message #> if ( $isInDesiredState ) { # TODO: Change back to normal Write-Verbose -Message ( $localizedData.TestAuditpolSubcategoryCorrect ` -f $Name, $AuditFlag, $Ensure ) Write-Verbose $Ensure } else { Write-Verbose -Message ( $localizedData.TestAuditpolSubcategoryIncorrect ` -f $Name, $AuditFlag, $Ensure ) } $isInDesiredState } #--------------------------------------------------------------------------------------------------- # Support functions to handle auditpol I/O <# .SYNOPSIS Gets the audit flag state for a specifc subcategory. .DESCRIPTION This function enforces parameters that will be passed to Invoke-Auditpol. .PARAMETER GUID The GUID of the subcategory to get the audit flags from. .OUTPUTS A string with the flags that are set for the specificed subcategory .EXAMPLE Get-AuditSubCategory -Name 'Logon' #> function Get-AuditSubCategory { [CmdletBinding()] [OutputType([System.Int32])] param ( [Parameter(Mandatory = $true)] [GUID] $GUID ) <# When PowerShell cmdlets are released for individual audit policy settings a condition will be placed here to use native PowerShell cmdlets to set the option details. #> # get the auditpol raw csv output $returnCsv = Get-StagedAuditPolicyCSV | Where-Object {$_.'SubCategory GUID' -eq "{$($GUID.guid)}"} if ($returnCsv) { return $returnCsv.'Setting Value' } else { Throw ($localizedData.RetrieveSettingFailure -f $GUID) } } <# .SYNOPSIS Sets the audit flag state for a specifc subcategory. .DESCRIPTION Calls the private function to execute a set operation on the given subcategory .PARAMETER GUID The GUID of the audit subcategory to set .PARAMETER SettingValue The Flag to set as an integer .PARAMETER Ensure The action to take on the flag .EXAMPLE Set-AuditSubcategory -GUID {0CCE923A-69AE-11D9-BED3-505054503030} -SettingValue 3 -Ensure 'Present' #> function Set-AuditSubcategory { [CmdletBinding()] param ( [Parameter( Mandatory = $true )] [GUID] $GUID, [Parameter( Mandatory = $true )] [ValidateRange(0, 3)] [Int] $SettingValue, [Parameter( Mandatory = $true )] [String] $Ensure ) <# When PowerShell cmdlets are released for individual audit policy settings a condition will be placed here to use native PowerShell cmdlets to set the option details. #> Write-StagedAuditCSV -Guid $GUID -SettingValue $SettingValue -Ensure $Ensure } <# .SYNOPSIS Gets the guild for a specified subcategory .DESCRIPTION Uses an imported hashtable of static values .PARAMETER Name The Subcategory to retrieve the GUID for. .EXAMPLE Get-AuditSubCategoryGUID -Name 'Process Creation' #> Function Get-AuditSubCategoryGuid { [CmdletBinding()] [OutputType([System.String])] param ( [Parameter(Mandatory = $true)] [String]$Name ) if ($AuditSubCategoryToGUIDHash.ContainsKey($Name)) { $GUID = $AuditSubCategorytoGUIDHash[$Name] Write-Verbose -Message ( $localizedData.AuditSubCategoryGUIDFound -f $Name, $GUID ) return $GUID } else { Throw ( $localizedData.AuditSubCategoryGUIDNotFound -f $Name ) } } Export-ModuleMember -Function *-TargetResource |