Configuration Hardening{
Node localhost {
Script CDPUserSvc {
GetScript = {
$Service = Get-Service -Name "CDPUserSvc*"
return @{ result = "$( $Service.Name) $( $Service.Status )" }
}
TestScript = {
$Service = Get-Service -Name "CDPUserSvc*"
if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
return $false
} else {
Write-Verbose "Service $( $Service.Name ) is in disable state."
return $true
}
}
SetScript = {
$Service = Get-Service -Name "CDPUserSvc*"
Write-Verbose "Applying settings to service $( $Service.Name )."
Stop-Service -Name $Service.Name
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc -Name Start -Value 4 -Type DWord
}
}
Script OneSyncSvc {
GetScript = {
$Service = Get-Service -Name "OneSyncSvc*"
return @{ result = "$( $Service.Name) $( $Service.Status )" }
}
TestScript = {
$Service = Get-Service -Name "OneSyncSvc*"
if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
return $false
} else {
Write-Verbose "Service $( $Service.Name ) is in disable state."
return $true
}
}
SetScript = {
$Service = Get-Service -Name "OneSyncSvc*"
Write-Verbose "Applying settings to service $( $Service.Name )."
Stop-Service -Name $Service.Name
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc -Name Start -Value 4 -Type DWord
}
}
Script PimIndexMaintenanceSvc {
GetScript = {
$Service = Get-Service -Name "PimIndexMaintenanceSvc*"
return @{ result = "$( $Service.Name) $( $Service.Status )" }
}
TestScript = {
$Service = Get-Service -Name "PimIndexMaintenanceSvc*"
if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
return $false
} else {
Write-Verbose "Service $( $Service.Name ) is in disable state."
return $true
}
}
SetScript = {
$Service = Get-Service -Name "PimIndexMaintenanceSvc*"
Write-Verbose "Applying settings to service $( $Service.Name )."
Stop-Service -Name $Service.Name
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc -Name Start -Value 4 -Type DWord
}
}
Script UserDataSvc {
GetScript = {
$Service = Get-Service -Name "UserDataSvc*"
return @{ result = "$( $Service.Name) $( $Service.Status )" }
}
TestScript = {
$Service = Get-Service -Name "UserDataSvc*"
if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
return $false
} else {
Write-Verbose "Service $( $Service.Name ) is in disable state."
return $true
}
}
SetScript = {
$Service = Get-Service -Name "UserDataSvc*"
Write-Verbose "Applying settings to service $( $Service.Name )."
Stop-Service -Name $Service.Name
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc -Name Start -Value 4 -Type DWord
}
}
Script UnistoreSvc {
GetScript = {
$Service = Get-Service -Name "UnistoreSvc*"
return @{ result = "$( $Service.Name) $( $Service.Status )" }
}
TestScript = {
$Service = Get-Service -Name "UnistoreSvc*"
if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
return $false
} else {
Write-Verbose "Service $( $Service.Name ) is in disable state."
return $true
}
}
SetScript = {
$Service = Get-Service -Name "UnistoreSvc*"
Write-Verbose "Applying settings to service $( $Service.Name )."
Stop-Service -Name $Service.Name
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc -Name Start -Value 4 -Type DWord
}
}
Script WpnUserService {
GetScript = {
$Service = Get-Service -Name "WpnUserService*"
return @{ result = "$( $Service.Name) $( $Service.Status )" }
}
TestScript = {
$Service = Get-Service -Name "WpnUserService*"
if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
return $false
} else {
Write-Verbose "Service $( $Service.Name ) is in disable state."
return $true
}
}
SetScript = {
$Service = Get-Service -Name "WpnUserService*"
Write-Verbose "Applying settings to service $( $Service.Name )."
Stop-Service -Name $Service.Name
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService -Name Start -Value 4 -Type DWord
}
}
}
}
Push-Location $PSScriptRoot
Enable-PSRemoting -Force -Confirm:$false
. $PSScriptRoot\Hardening.ps1
Hardening
Start-DscConfiguration -Path $PSScriptRoot\Hardening -Verbose -Wait -Forcefunction Resize-Image {
<#
.SYNOPSIS
Resize-Image resizes an image file
.DESCRIPTION
This function uses the native .NET API to resize an image file
.EXAMPLE
Resize the image to a specific size:
Resize-Image -InputFile "C:\userpic.jpg" -OutputFile "C:\userpic-400.jpg"-SquareHeight 400
#>
Param(
[Parameter( Mandatory )]
[string]$InputFile,
[Parameter( Mandatory )]
[string]$OutputFile,
[Parameter( Mandatory )]
[int32]$SquareHeight,
[ValidateRange( 1, 100 )]
[int]$Quality = 85
)
# Add System.Drawing assembly
Add-Type -AssemblyName System.Drawing
# Open image file
$Image = [System.Drawing.Image]::FromFile( $InputFile )
# Create empty square canvas for the new image
# Calculate the offset for centering the image
$Offset = 0
$SquareSide = if ( $Image.Height -lt $Image.Width ) {
$Image.Height
} else {
$Image.Width
$Offset = ( $Image.Height - $Image.Width ) / 4
}
$SquareImage = New-Object System.Drawing.Bitmap( $SquareSide, $SquareSide )
$SquareImage.SetResolution( $Image.HorizontalResolution, $Image.VerticalResolution )
# Draw new image on the empty canvas
$Canvas = [System.Drawing.Graphics]::FromImage( $SquareImage )
$Canvas.DrawImage( $Image, 0, - $Offset )
# Resize image
$ResultImage = New-Object System.Drawing.Bitmap( $SquareHeight, $SquareHeight )
$Canvas = [System.Drawing.Graphics]::FromImage( $ResultImage )
$Canvas.DrawImage( $SquareImage, 0, 0, $SquareHeight, $SquareHeight )
$ImageCodecInfo = [System.Drawing.Imaging.ImageCodecInfo]::GetImageEncoders() |
Where-Object MimeType -eq 'image/jpeg'
# https://msdn.microsoft.com/ru-ru/library/hwkztaft(v=vs.110).aspx
$EncoderQuality = [System.Drawing.Imaging.Encoder]::Quality
$EncoderParameters = New-Object System.Drawing.Imaging.EncoderParameters( 1 )
$EncoderParameters.Param[0] = New-Object System.Drawing.Imaging.EncoderParameter( $EncoderQuality, $Quality )
# Save the image
$ResultImage.Save( $OutputFile, $ImageCodecInfo, $EncoderParameters )
}Sessions, modules, and nested prompts are self-contained environments, but they are not child scopes of the global scope in the session.