This commit moves up all local changes

- add User configuration policies
- update 'Minimize the number of simultaneous connections to the
  Internet or a Windows Domain' policy
- fix 'Configure detection for potentially unwanted applications'
  policy (removed spaces)
- add windows 2022 extra checks
- add Firewall settings to policy
- fix 'Turn off the offer to update to the latest version of Windows'
  policy
- add new policy settings
  - 'Configure SMB v1 client'
    This setting may need to be set to `['Bowser','MRxSmb20','NSI']` when
    using the `Configure SMB v1 client driver` policy
- fix 'Minimize the number of simultaneous connections to the Internet
  or a Windows Domain'
  enabled = 1 (was 3)
  was changes in previous release but needs more testing and has been
  rolled back.
- add new policy settings
  - Turn off Windows Error Reporting (PCHealth)
  - Do not allow drive redirection
  - Turn on behavior monitoring
  - Scan removable drives
  - Turn on e-mail scanning
  - Configure Attack Surface Reduction rules
  - Prevent users and apps from accessing dangerous websites
  - Configure detection for potentially unwanted applications
  - Minimize the number of simultaneous connections to the Internet or a
    Windows Domain (enabled = 3, was 1)
- add new policy settings for windows 2019
  - Turn Off notifications network usage
  - Encryption Oracle Remediation
  - Enumeration policy for external devices incompatible with Kernel DMA
    Protection
  - Allow Clipboard synchronization across devices
  - Allow upload of User Activities
  - Require use of specific security layer for remote (RDP) connections
  - Require user authentication for remote connections by using Network
    Level Authentication
  - Prevent users from modifying settings
- make a backup of the registry.pol file
- add new policy settings:
  - Configure SMB v1 client driver
  - Configure SMB v1 server
  - Remote host allows delegation of non-exportable credentials
  - Turn off picture password sign-in
  - Turn off Windows Location Provider
  - Configure local setting override for reporting to Microsoft MAPS
  - Require Mutual Authentication (NETLOGON)
  - Require Mutual Authentication (SYSVOL)
  - Allow Online Tips
  - Configure Authenticated Proxy usage for the Connected User
    Experience and Telemetry service
  - Allow Message Service Cloud Sync
  - Block all consumer Microsoft account user authentication
- add 'gpupdate /force /n' as a scheduled task to fix 'illegal' changes
  to the registry

.fixtures.yml

@@ -1,3 +1,5 @@
 fixtures:
+  repositories:
+    scheduled_task: 'https://github.com/puppetlabs/puppetlabs-scheduled_task'
   symlinks:
     advanced_security_policy: '#{source_dir}'

.rubocop.yml

@@ -1,4 +1,141 @@
----
-inherit_gem:
-  kpn-style:
-    - ruby-2.4.yml
+---
+require:
+- rubocop-rspec
+- rubocop-i18n
+AllCops:
+  DisplayCopNames: true
+  TargetRubyVersion: '2.1'
+  Include:
+  - "./**/*.rb"
+  Exclude:
+  - bin/*
+  - ".vendor/**/*"
+  - "**/Gemfile"
+  - "**/Rakefile"
+  - pkg/**/*
+  - spec/fixtures/**/*
+  - vendor/**/*
+  - "**/Puppetfile"
+  - "**/Vagrantfile"
+  - "**/Guardfile"
+Metrics/LineLength:
+  Description: People have wide screens, use them.
+  Max: 200
+GetText:
+  Enabled: false
+GetText/DecorateString:
+  Description: We don't want to decorate test output.
+  Exclude:
+  - spec/**/*
+  Enabled: false
+RSpec/BeforeAfterAll:
+  Description: Beware of using after(:all) as it may cause state to leak between tests.
+    A necessary evil in acceptance testing.
+  Exclude:
+  - spec/acceptance/**/*.rb
+RSpec/HookArgument:
+  Description: Prefer explicit :each argument, matching existing module's style
+  EnforcedStyle: each
+Style/BlockDelimiters:
+  Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to
+    be consistent then.
+  EnforcedStyle: braces_for_chaining
+Style/ClassAndModuleChildren:
+  Description: Compact style reduces the required amount of indentation.
+  EnforcedStyle: compact
+Style/EmptyElse:
+  Description: Enforce against empty else clauses, but allow `nil` for clarity.
+  EnforcedStyle: empty
+Style/FormatString:
+  Description: Following the main puppet project's style, prefer the % format format.
+  EnforcedStyle: percent
+Style/FormatStringToken:
+  Description: Following the main puppet project's style, prefer the simpler template
+    tokens over annotated ones.
+  EnforcedStyle: template
+Style/Lambda:
+  Description: Prefer the keyword for easier discoverability.
+  EnforcedStyle: literal
+Style/RegexpLiteral:
+  Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168
+  EnforcedStyle: percent_r
+Style/TernaryParentheses:
+  Description: Checks for use of parentheses around ternary conditions. Enforce parentheses
+    on complex expressions for better readability, but seriously consider breaking
+    it up.
+  EnforcedStyle: require_parentheses_when_complex
+Style/TrailingCommaInArguments:
+  Description: Prefer always trailing comma on multiline argument lists. This makes
+    diffs, and re-ordering nicer.
+  EnforcedStyleForMultiline: comma
+Style/TrailingCommaInLiteral:
+  Description: Prefer always trailing comma on multiline literals. This makes diffs,
+    and re-ordering nicer.
+  EnforcedStyleForMultiline: comma
+Style/SymbolArray:
+  Description: Using percent style obscures symbolic intent of array's contents.
+  EnforcedStyle: brackets
+RSpec/MessageSpies:
+  EnforcedStyle: receive
+Style/Documentation:
+  Exclude:
+  - lib/puppet/parser/functions/**/*
+  - spec/**/*
+Style/WordArray:
+  EnforcedStyle: brackets
+Style/CollectionMethods:
+  Enabled: true
+Style/MethodCalledOnDoEndBlock:
+  Enabled: true
+Style/StringMethods:
+  Enabled: true
+GetText/DecorateFunctionMessage:
+  Enabled: false
+GetText/DecorateStringFormattingUsingInterpolation:
+  Enabled: false
+GetText/DecorateStringFormattingUsingPercent:
+  Enabled: false
+Layout/EndOfLine:
+  Enabled: false
+Layout/IndentHeredoc:
+  Enabled: false
+Metrics/AbcSize:
+  Enabled: false
+Metrics/BlockLength:
+  Enabled: false
+Metrics/ClassLength:
+  Enabled: false
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Metrics/ModuleLength:
+  Enabled: false
+Metrics/ParameterLists:
+  Enabled: false
+Metrics/PerceivedComplexity:
+  Enabled: false
+RSpec/DescribeClass:
+  Enabled: false
+RSpec/ExampleLength:
+  Enabled: false
+RSpec/MessageExpectation:
+  Enabled: false
+RSpec/MultipleExpectations:
+  Enabled: false
+RSpec/NestedGroups:
+  Enabled: false
+Style/AsciiComments:
+  Enabled: false
+Style/IfUnlessModifier:
+  Enabled: false
+Style/SymbolProc:
+  Enabled: false
+Naming/MethodParameterName:
+  Enabled: false
+RSpec/RepeatedExampleGroupBody:
+  Enabled: false
+Style/MutableConstant:
+  Enabled: false
+Lint/ConstantDefinitionInBlock:
+  Enabled: false

CHANGELOG.md

@@ -0,0 +1,93 @@
+2022-05-12 Release 3.0.0
+- add User configuration policies
+- update 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' policy 
+- fix 'Configure detection for potentially unwanted applications' policy (removed spaces)
+- add windows 2022 extra checks
+
+2022-05-11 Release 2.6.0
+- Add Firewall settings to policy
+
+2020-12-23 Release 2.5.3
+- fix 'Turn off the offer to update to the latest version of Windows' policy
+
+2020-06-08 Release 2.5.2
+- Add new policy settings
+  - 'Configure SMB v1 client'
+This setting may need to be set to `['Bowser','MRxSmb20','NSI']` when using the `Configure SMB v1 client driver` policy
+
+2020-05-26 Release 2.5.1
+- fix 'Minimize the number of simultaneous connections to the Internet or a Windows Domain'
+  enabled = 1 (was 3)
+  was changes in previous release but needs more testing and has been rolled back.
+
+2020-05-13 Release 2.5.0
+- Add new policy settings
+  - Turn off Windows Error Reporting (PCHealth)
+  - Do not allow drive redirection
+  - Turn on behavior monitoring
+  - Scan removable drives
+  - Turn on e-mail scanning
+  - Configure Attack Surface Reduction rules
+  - Prevent users and apps from accessing dangerous websites
+  - Configure detection for potentially unwanted applications
+  - Minimize the number of simultaneous connections to the Internet or a Windows Domain (enabled = 3, was 1)
+
+2019-09-25 Release 2.4.0
+- Add new policy settings for windows 2019
+  - Turn Off notifications network usage
+  - Encryption Oracle Remediation
+  - Enumeration policy for external devices incompatible with Kernel DMA Protection
+  - Allow Clipboard synchronization across devices
+  - Allow upload of User Activities
+  - Require use of specific security layer for remote (RDP) connections
+  - Require user authentication for remote connections by using Network Level Authentication
+  - Prevent users from modifying settings
+
+2018-01-31 Release 2.3.0
+- make a backup of the registry.pol file
+- Add new policy settings:
+  - Configure SMB v1 client driver
+  - Configure SMB v1 server
+  - Remote host allows delegation of non-exportable credentials
+  - Turn off picture password sign-in
+  - Turn off Windows Location Provider
+  - Configure local setting override for reporting to Microsoft MAPS
+  - Require Mutual Authentication (NETLOGON)
+  - Require Mutual Authentication (SYSVOL)
+  - Allow Online Tips
+  - Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service
+  - Allow Message Service Cloud Sync
+  - Block all consumer Microsoft account user authentication
+
+2018-11-15 Release 2.2.0
+- Add 'gpupdate /force /n' as a scheduled task to fix 'illegal' changes to the registry
+
+2018-04-04 Release 2.1.1
+- release to puppet forge
+
+2018-01-23 Release 2.1.0
+- allows configurable result for enabled and disabled
+- policy_setting has changed to policy_value (same as local_security_policy)
+
+2017-12-19 Release 2.0.1
+- unknown (domain) policies already set on the system are ignored
+- trying to set an unknown/invalid policy using puppet will still result in an error
+
+2017-12-04 Release 2.0.0
+- makes advanced security policy settings ensurable
+- policy names are looked up in a list
+
+2017-11-28 Release 1.0.4
+- makes the provider case-insensitive
+
+2017-10-11 Release 1.0.3
+- change permission on lgpo.exe
+
+2017-07-06 Release 1.0.2
+- changed file persmissions because of missing administrator user
+
+2017-07-06 Release 1.0.1
+- add file lgpo.exe creation
+
+2017-07-06 Release 1.0.0
+- initial commit

Gemfile

@@ -1,19 +1,72 @@
 source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
-puppetversion = ENV.key?('PUPPET_VERSION') ? ENV['PUPPET_VERSION'] : ['>= 3.3']
-gem 'facter', '>= 1.7.0'
-gem 'kpn-style'
-gem 'metadata-json-lint'
-gem 'puppet', puppetversion
-gem 'puppet-lint', '>= 1.0.0'
-gem 'puppetlabs_spec_helper', '>= 1.0.0'
-gem 'rspec-puppet'
-
-# rspec must be v2 for ruby 1.8.7
-if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9'
-  gem 'rake', '~> 10.0'
-  gem 'rspec', '~> 2.0'
-else
-  # rubocop requires ruby >= 1.9
-  gem 'rubocop'
+def location_for(place_or_version, fake_version = nil)
+  git_url_regex = %r{\A(?<url>(https?|git)[:@][^#]*)(#(?<branch>.*))?}
+  file_url_regex = %r{\Afile:\/\/(?<path>.*)}
+
+  if place_or_version && (git_url = place_or_version.match(git_url_regex))
+    [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact
+  elsif place_or_version && (file_url = place_or_version.match(file_url_regex))
+    ['>= 0', { path: File.expand_path(file_url[:path]), require: false }]
+  else
+    [place_or_version, { require: false }]
+  end
+end
+
+ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
+minor_version = ruby_version_segments[0..1].join('.')
+
+group :development do
+  gem "fast_gettext", '1.1.0',                                   require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
+  gem "fast_gettext",                                            require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
+  gem "json_pure", '<= 2.0.1',                                   require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
+  gem "json", '= 1.8.1',                                         require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
+  gem "json", '= 2.0.4',                                         require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.1.0',                                         require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "rb-readline", '= 0.5.5',                                  require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "puppet-module-posix-default-r#{minor_version}", '~> 0.3', require: false, platforms: [:ruby]
+  gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.3',     require: false, platforms: [:ruby]
+  gem "puppet-module-win-default-r#{minor_version}", '~> 0.3',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "puppet-module-win-dev-r#{minor_version}", '~> 0.3',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
+end
+
+puppet_version = ENV['PUPPET_GEM_VERSION']
+facter_version = ENV['FACTER_GEM_VERSION']
+hiera_version = ENV['HIERA_GEM_VERSION']
+
+gems = {}
+
+gems['puppet'] = location_for(puppet_version)
+
+# If facter or hiera versions have been specified via the environment
+# variables
+
+gems['facter'] = location_for(facter_version) if facter_version
+gems['hiera'] = location_for(hiera_version) if hiera_version
+
+if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)}
+  # If we're using a Puppet gem on Windows which handles its own win32-xxx gem
+  # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445).
+  gems['win32-dir'] =      ['<= 0.4.9', require: false]
+  gems['win32-eventlog'] = ['<= 0.6.5', require: false]
+  gems['win32-process'] =  ['<= 0.7.5', require: false]
+  gems['win32-security'] = ['<= 0.2.5', require: false]
+  gems['win32-service'] =  ['0.8.8', require: false]
+end
+
+gems.each do |gem_name, gem_params|
+  gem gem_name, *gem_params
+end
+
+# Evaluate Gemfile.local and ~/.gemfile if they exist
+extra_gemfiles = [
+  "#{__FILE__}.local",
+  File.join(Dir.home, '.gemfile'),
+]
+
+extra_gemfiles.each do |gemfile|
+  if File.file?(gemfile) && File.readable?(gemfile)
+    eval(File.read(gemfile), binding)
+  end
 end
+# vim: syntax=ruby