This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", | |
"contentVersion": "1.0.0.0", | |
"parameters": { | |
"vnetName": { | |
"value": "CoreServices-VNet" | |
}, | |
"vnetAddressPrefixes": { | |
"value": [ | |
"10.2.0.0/16" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
"contentVersion": "1.0.0.0", | |
"parameters": { | |
"vnetName": { | |
"type": "string" | |
}, | |
"vnetAddressPrefixes": { | |
"type": "array" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#------------------------------------------------------------------------------ | |
# | |
# Copyright © 2020 Microsoft Corporation. All rights reserved. | |
# | |
# THIS CODE AND ANY ASSOCIATED INFORMATION ARE PROVIDED “AS IS” WITHOUT | |
# WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT | |
# LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS | |
# FOR A PARTICULAR PURPOSE. THE ENTIRE RISK OF USE, INABILITY TO USE, OR | |
# RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
configuration VerifySpeculationControlSettings { | |
Import-DscResource -ModuleName PSDesiredStateConfiguration | |
Node 'localhost' { | |
Script 'SpeculationControlSettings' { | |
GetScript = { | |
#Not used | |
} | |
TestScript = { | |
function Get-SpeculationControlSettings { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$compliance = $false | |
$SpeculationControlSettings = Get-SpeculationControlSettings | |
if ($SpeculationControlSettings.KVAShadowRequired -eq $False) { | |
$compliance = $True | |
} | |
elseif ($SpeculationControlSettings.KVAShadowRequired -eq $True -and ` | |
$SpeculationControlSettings.KVAShadowWindowsSupportPresent -eq $True -and ` | |
$SpeculationControlSettings.KVAShadowWindowsSupportEnabled -eq $True -and ` | |
$SpeculationControlSettings.KVAShadowPcidEnabled -eq $True) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module SpeculationControl | |
$scriptstring = Get-Content -Path (Get-Module SpeculationControl).Path | % { if (-not ($_ -match “^\# “)) { $_ }} | Out-String | |
$scriptstring += ' | |
function Write-Host {} | |
' | |
$scriptstring += 'Get-SpeculationControlSettings' | |
$script=[scriptblock]::create($scriptstring) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module SpeculationControl | |
$scriptstring = Get-Content -Path (Get-Module SpeculationControl).Path | % { if (-not ($_ -match “^\# “)) { $_ }} | Out-String | |
$scriptstring += ' | |
function Write-Host {} | |
' | |
$scriptstring += 'Get-SpeculationControlSettings' | |
$script=[scriptblock]::create($scriptstring) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module SpeculationControl | |
$scriptstring = Get-Content -Path (Get-Module SpeculationControl).Path | % { if (-not ($_ -match “^\# “)) { $_ }} | Out-String | |
$scriptstring += ' | |
function Write-Host {} | |
' | |
$scriptstring += 'Get-SpeculationControlSettings' | |
$script=[scriptblock]::create($scriptstring) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
configuration DisableSMB1 { | |
param([string[]]$ComputerName='localhost') | |
Import-DscResource -ModuleName PSDesiredStateConfiguration | |
Node $ComputerName { | |
#Ensure SMB1 feature is not enabled | |
Registry 'SMB1' { | |
Ensure = 'Present' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
configuration RemoveSMB1 { | |
param([string[]]$ComputerName='localhost') | |
Import-DscResource -ModuleName PSDesiredStateConfiguration | |
Node $ComputerName { | |
#Ensure SMB1 feature is not installed | |
WindowsFeature 'SMB1' { | |
Name = 'FS-SMB1' |
NewerOlder