rkyttle

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "vnetName": {
            "value": "CoreServices-VNet"
        },
        "vnetAddressPrefixes": {
            "value": [
                "10.2.0.0/16"

rkyttle

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "vnetName": {
            "type": "string"
        },
        "vnetAddressPrefixes": {
            "type": "array"
        },

rkyttle

#------------------------------------------------------------------------------ 
# 
# Copyright © 2020 Microsoft Corporation.  All rights reserved. 
# 
# THIS CODE AND ANY ASSOCIATED INFORMATION ARE PROVIDED “AS IS” WITHOUT 
# WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT 
# LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS 
# FOR A PARTICULAR PURPOSE. THE ENTIRE RISK OF USE, INABILITY TO USE, OR 
# RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. 
# 

rkyttle

configuration VerifySpeculationControlSettings {
    Import-DscResource -ModuleName PSDesiredStateConfiguration
    
    Node 'localhost' {   
        Script 'SpeculationControlSettings' {
            GetScript = {
                #Not used
            }
            TestScript = {
function Get-SpeculationControlSettings {

rkyttle

$compliance = $false
$SpeculationControlSettings = Get-SpeculationControlSettings

if ($SpeculationControlSettings.KVAShadowRequired -eq $False) {
    $compliance = $True
}
elseif ($SpeculationControlSettings.KVAShadowRequired -eq $True -and `
        $SpeculationControlSettings.KVAShadowWindowsSupportPresent -eq $True -and `
        $SpeculationControlSettings.KVAShadowWindowsSupportEnabled -eq $True -and `
        $SpeculationControlSettings.KVAShadowPcidEnabled -eq $True) {

rkyttle

Import-Module SpeculationControl

$scriptstring = Get-Content -Path (Get-Module SpeculationControl).Path | % { if (-not ($_ -match “^\# “)) { $_ }} | Out-String
$scriptstring += '
function Write-Host {}

'
$scriptstring += 'Get-SpeculationControlSettings'

$script=[scriptblock]::create($scriptstring)

rkyttle

Import-Module SpeculationControl

$scriptstring = Get-Content -Path (Get-Module SpeculationControl).Path | % { if (-not ($_ -match “^\# “)) { $_ }} | Out-String
$scriptstring += '
function Write-Host {}

'
$scriptstring += 'Get-SpeculationControlSettings'

$script=[scriptblock]::create($scriptstring)

rkyttle

Import-Module SpeculationControl

$scriptstring = Get-Content -Path (Get-Module SpeculationControl).Path | % { if (-not ($_ -match “^\# “)) { $_ }} | Out-String
$scriptstring += '
function Write-Host {}

'
$scriptstring += 'Get-SpeculationControlSettings'

$script=[scriptblock]::create($scriptstring)

rkyttle

configuration DisableSMB1 {
    param([string[]]$ComputerName='localhost')

    Import-DscResource -ModuleName PSDesiredStateConfiguration
    
    Node $ComputerName {   
        
        #Ensure SMB1 feature is not enabled
        Registry 'SMB1' {
            Ensure    = 'Present'

rkyttle

configuration RemoveSMB1 {
    param([string[]]$ComputerName='localhost')

    Import-DscResource -ModuleName PSDesiredStateConfiguration
    
    Node $ComputerName {   

        #Ensure SMB1 feature is not installed
        WindowsFeature 'SMB1' {
            Name   = 'FS-SMB1'