Update README.md

canihavethisone · Sep 22, 2024 · 941993c · 941993c
1 parent 35b215c
commit 941993c
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -72,10 +72,10 @@ To use this module, `include cis_security_hardening_windows` in your Node Classi
 #### Windows 10 / 11:
 - `cis_security_hardening_windows::logon_banner`  (string)
 - `cis_security_hardening_windows::logon_message`  (string)
-- `cis_security_hardening_windows::disabled_administrator_newname`  (string)
-- `cis_security_hardening_windows::disabled_administrator_newpassword`  (string)
+- `cis_security_hardening_windows::administrator_newname`  (string)
+- `cis_security_hardening_windows::administrator_newpassword`  (string)
 - `cis_security_hardening_windows::disabled_guest_newname`  (string)
-- `cis_security_hardening_windows::users`  (hash) is required as built-in administrator will be disabled
+- `cis_security_hardening_windows::users`  (hash) is required if the built-in administrator is disabled (default)
 
 
 
@@ -97,18 +97,21 @@ See example minimum hiera data [here](spec/fixtures/data/minimum.yaml)
   ```
 - A reference list of rules enforced via the system registry is in the hiera folder for each Windows version, eg [here](data/windows/11/cis_include_rules.txt). Note that some additional rules are applied by Local Security Policy and Audit Policy resources however.
 - Individual controls can be overridden by any of the following methods:
-  - creating a optional hiera **array** for `cis_security_hardening_windows::cis_exclude_rules` containing rule titles to be subtracted from the default included hashes (note however that some rules are enforced by the local_security_policy or windows_firewall modules):
+  - creating a optional hiera **array** for `cis_security_hardening_windows::cis_exclude_rules` containing rule titles to be subtracted from the default included hashes (note that some rules are managed by the local_security_policy or cis_auditpol):
     ```yaml
     cis_security_hardening_windows::cis_exclude_rules:
       - "(L1) Ensure 'Allow users to enable online speech recognition services is set to 'Disabled'"
       - "(L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'"
     ```
-  - creating a hiera hash containing registry keys with different values at a higher precedence (eg domain or node) and titled any of:
+  - creating a hiera hash containing keys with different values at a higher precedence (eg domain or node) and titled any of:
     ```yaml
-    cis_security_hardening_windows::cis_level_1    (or windows_standalone)
-    cis_security_hardening_windows::cis_level_2    (or windows_standalone)
-    cis_security_hardening_windows::cis_bitlocker  (or windows_standalone)
-    cis_security_hardening_windows::cis_nextgen    (or windows_standalone)
+    cis_security_hardening_windows::cis_level_1
+    cis_security_hardening_windows::cis_level_2
+    cis_security_hardening_windows::cis_bitlocker
+    cis_security_hardening_windows::cis_nextgen
+    cis_security_hardening_windows::cis_secpol_level_1
+    cis_security_hardening_windows::cis_secpol_level_2
+    cis_security_hardening_windows::cis_auditpol
     ```
    - other methods such as resource collectors to override registry key values if wrapping this module into your own classes
 

diff --git a/spec/acceptance/overrides.yaml b/spec/acceptance/overrides.yaml
@@ -13,11 +13,11 @@ cis_security_hardening_windows::disabled_guest_newname:    'NewGuestName'
 # A user must be specified as Administrator is disabled.  Root is also present for acceptance test ssh connection
 cis_security_hardening_windows::users:
   'User':
-    groups:      ['Administrators']
-    password:    'Password12345!'
-#  'root':
-#    groups:   ['Administrators']
-#    password: 'Password123'
+    groups:   ['Administrators']
+    password: 'Password12345!'
+  'root':
+    groups:   ['Administrators']
+    password: 'Password123'
 
 # Add some exclude rules to test that the optout works
 cis_security_hardening_windows::cis_exclude_rules: