github.com/cloudfoundry-incubator/stembuild@v0.0.0-20211223202937-5b61d62226c6/modules/BOSH.Registry/BOSH.Registry.psm1

github.com/cloudfoundry-incubator/stembuild@v0.0.0-20211223202937-5b61d62226c6/modules/BOSH.Registry/BOSH.Registry.psm1 (about)

     1  function Invoke-LGPO-Build-Pol-From-Text {
     2      param(
     3          [Parameter(Mandatory=$True)]
     4          [String]
     5          $LGPOTextReadPath,
     6  
     7          [Parameter(Mandatory=$True)]
     8          [String]
     9          $RegistryPolWritePath
    10      )
    11      process {
    12          LGPO.exe /r $LGPOTextReadPath /w $RegistryPolWritePath
    13          return $LASTEXITCODE
    14      }
    15  }
    16  
    17  function Invoke-LGPO-Apply-Policies {
    18      param(
    19          [Parameter(Mandatory=$True)]
    20          [String]
    21          $RegistryPolPath
    22      )
    23      process {
    24          LGPO.exe /g $RegistryPolPath
    25          return $LASTEXITCODE
    26      }
    27  }
    28  
    29  function Set-InternetExplorerRegistries {
    30      <#
    31      .SYNOPSIS
    32          Apply BOSH Windows Stemcell registry settings related to internet explorer
    33      .DESCRIPTION
    34          Apply Internet Explorer registry settings taken from Microsoft's baseline security analysis tool
    35      .INPUTS
    36          None. You can't pipe anything in to this command
    37      .OUTPUTS
    38          Set-InternetExplorerRegistries will return any failure output
    39      #>
    40  
    41      [CmdletBinding()]
    42  
    43      param()
    44  
    45      process {
    46          Write-Log "Starting Internet Explorer Registry Changes"
    47          $IePolicyPath = Join-Path $PSScriptRoot "data\IE-Policies"
    48  
    49          $MachineDir="$IePolicyPath\DomainSysvol\GPO\Machine"
    50  
    51          New-Item -ItemType Directory -Path $MachineDir -Force -ErrorAction "Stop"
    52          $machinePolicyExitCode = Invoke-LGPO-Build-Pol-From-Text -LGPOTextReadPath "$IePolicyPath\machine.txt" -RegistryPolWritePath "$MachineDir\registry.pol"
    53          if ($machinePolicyExitCode -ne 0) {
    54              Throw "Generating IE policy: Machine"
    55          }
    56  
    57          $UserDir="$IePolicyPath\DomainSysvol\GPO\User"
    58          New-Item -ItemType Directory -Path $UserDir -Force -ErrorAction "Stop"
    59          $userPolicyExitCode = Invoke-LGPO-Build-Pol-From-Text -LGPOTextReadPath "$IePolicyPath\user.txt" -RegistryPolWritePath "$UserDir\registry.pol"
    60          if ($userPolicyExitCode -ne 0) {
    61              Throw "Generating IE policy: User"
    62          }
    63  
    64          # Apply policies
    65          $policyApplicationExitCode = Invoke-LGPO-Apply-Policies -RegistryPolPath $IePolicyPath
    66          if ($policyApplicationExitCode -ne 0) {
    67              Throw "Error Applying IE policy: $IePolicyPath"
    68          }
    69      }
    70  }