Test-Compliance on Windows 2016

[kman27]

Test-Compliance on Windows 2016 with the audit file: DISA_STIG_Server_2016_v1r1.audit returns the following error.

Cannot validate argument on parameter 'checkType'. The argument CHECK_REGEX does not belong...

FAILED windows Server 2016 is not installed on this system or the Remote Registry service is disabled on the target.

I am thinking that this is because the audit file calls for CHECK_REGEX and the Compliance.psm1 only supports the audit items:

Script currently supports following audit items:
    ANONYMOUS_SID_SETTING
    AUDIT_POLICY_SUBCATEGORY
    AUDIT_POWERSHELL
    CHECK_ACCOUNT
    FILE_CHECK
    FILE_PERMISSIONS
    FILE_VERSION
    LOCKOUT_POLICY
    PASSWORD_POLICY
    REG_CHECK
    REGISTRY_PERMISSIONS
    REGISTRY_SETTING
    REPORT
    SERVICE_POLICY
    USER_RIGHTS_POLICY

[iadgovuser1]

We haven't incorporated any Windows Server 2016 items into this project yet. We wrote the .audit file for Windows 10 that exists in this repo so it doesn't surprise me that a different audit file doesn't work. That being said, it shouldn't be too hard to add support for CHECK_REGEX.

[kman27]

Thanks! The other items that I see in the audit file are as follows:

CHECK_REGEX
CHECK_NOT_REGEX
CHECK_EQUAL
CHECK_NOT_EQUAL
CHECK_GREATER_THAN_OR_EQUAL
WMI_POLICY
AUDIT_USER_TIMESTAMPS

[iadgovuser1]

@kman27 Thanks for letting us know. We are going to completely rewrite the compliance module at some point so it will be easier for us to use from an automation standpoint and also have better coverage of all the check types.