Module/Rule/Convert/Data.Office.ps1
|
# Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. <# Instructions: Use this file to add/update/delete regsitry expressions that are used accross multiple technologies files that are considered commonly used. Enure expressions are listed from MOST Restrive to LEAST Restrictive, similar to exception handling. Also, ensure only UNIQUE Keys are used in each hashtable to orevent errors and conflicts. #> $global:SingleLineRegistryPath += [ordered]@{ Office1 = [ordered]@{ Match = 'outlook\\security' Select = '((HKLM|HKCU).*\\security)' } # Added for Excel Stig V-71029 Office3 = [ordered]@{ Match = '\\security\\filevalidation\\' Select = '(HKCU).*(?<=ion)' } } $global:SingleLineRegistryValueName += [ordered]@{ Office1 = @{ Match = 'If the REG_DWORD' Select = '((?<=for\s")(.*)(?<="))' } # Added for Outlook Stig V-17575 Office3 = @{ Match = 'Configure trusted add-ins' Select = '(?<=ty\\).*(?=\sIn)' } # Added for Outlook Stig V-17774 and V-17775 Office5 = @{ Match = 'FileExtensionsRemoveLevel' Select = '(?<=the registry value\s.)(.*)(?=.\We)' } # Added for Outlook Stig V-17733 Office6 = [ordered]@{ Match = 'If the.+(registry key exist)' Select = '(?<=ty\\).*(?=\sC)' } # Added for Excel Stig V-71015 and V-71027 Office7 = [ordered]@{ Match = 'Criteria: If the value of ' Select = '(?<=Criteria: If the value of )([^\s]+)' } Office8 = [ordered]@{ Match = 'Criteria: If the value ' Select = '(?<=Criteria: If the value\s)([^\s]+)' } Office9 = [ordered]@{ Match = 'office\\16.0|HKCU\\keycue|Common\\COM Compatibility' Select = '(?<=If the value for\s)\w+' } } $global:SingleLineRegistryValueType += [ordered]@{ Office1 = @{ Select = '((?<=If the\s)(.*)(?<=DWORD))' } # Added for Outlook Stig V-17575 Office2 = @{ Select = '(?<=\sto\s).*"' } } $global:SingleLineRegistryValueData += [ordered]@{ # Added for Outlook Stig V-17776 Office1 = @{ Match = 'If the value PublishCalendarDetailsPolicy' Select = '((?<=is\s)(.*)(?=\sor))' } } |