Add "Advanced Audit Policy" Rule Handling#1556
Conversation
|
@microsoft-github-policy-service agree company="Full Spectrum Software LLC" |
|
@MrAutomater can you (or someone else) take a look at this and tell me if it's a reasonable approach for addressing #1533? If I get a thumbs up for this general approach then I can work on adding tests, rebasing, and updating generated files. Thanks! |
|
I am on vacation this week, but I can take a look when I get back next week and let you know
Thanks,
Jerry Martin
…________________________________
From: Frederick Morlock ***@***.***>
Sent: Monday, 22 June 2026 12:30:36
To: microsoft/PowerStig ***@***.***>
Cc: Jerry Martin ***@***.***>; Mention ***@***.***>
Subject: Re: [microsoft/PowerStig] Add "Advanced Audit Policy" Rule Handling (PR #1556)
[https://avatars.githubusercontent.com/u/774597?s=20&v=4]FrederickGeek8 left a comment (microsoft/PowerStig#1556)<#1556 (comment)>
@MrAutomater<https://github.com/MrAutomater> can you (or someone else) take a look at this and tell me if it's a reasonable approach for addressing #1533<#1533>?
If I get a thumbs up for this general approach then I can work on adding tests, rebasing, and updating generated files.
Thanks!
—
Reply to this email directly, view it on GitHub<#1556?email_source=notifications&email_token=AICAG35DVAHXEAP7T3BJIN35BFULZA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZXGEYDKNJQGIYKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4771055020>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AICAG34FYYO3JNUNZVWIMDL5BFULZAVCNFSNUABFKJSXA33TNF2G64TZHMYTGMRRGAYDKMRZHNEXG43VMU5TINRYGUYTQMJVGM42C5QC>.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS<https://github.com/notifications/mobile/ios/AICAG3ZJZMAH5Q5G3Z4GQWD5BFULZA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZXGEYDKNJQGIYKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y> and Android<https://github.com/notifications/mobile/android/AICAG343N7Y33E2QVWPHQP35BFULZA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZXGEYDKNJQGIYKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>. Download it today!
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
No code has been changed. This new module will be modified for "Advanced" audit policy parsing in another commit. Making a copy here makes the changes in subsequent commits more obvious.
This assumes a certain stability in the RawString text, but the pattern seems to hold for now.
e7e264a to
18ad79a
Compare
|
I just rebased my branch, added tests, and updated processed files. Unfortunately copying Not sure if that changes whether you/we want to merge |
Based on the AuditPolicyRule tests. An `AuditPolicyRuleAdvanced` base class had to be created, otherwise a Common Test would fail that checks whether the base class matches the name of the child class.
Note that there is now a new "AuditPolicyRuleAdvanced" rule type introduced in the XML. This is because of the new AuditPolicyRuleAdvanced base class introduced in the previous commit.
These conversions were failing before but need to be manually set
18ad79a to
acd2afb
Compare
|
I had to make some small tweaks to my implementation get the tests to pass (it turns out I was running them incorrectly locally). I also updated the "Unreleased" section of the Changelog. I did not bump the version number -- not sure if that's something you'd do. This should be ready for review now! |
|
@MrAutomater I've rebased on |
Pull Request (PR) description:
This PR adds proper handling for "Advanced Audit Policy" rules that were not being applied (as was reported in #1533). These rules appear in Windows 10, 11, and Server STIGs are currently are no-ops. In essence, this PR is just changing the parsing logic of AuditPolicyRule to support the new language used by those items. Rather than overloading the parsing of
AuditPolicyRuleConvert, I created & modified a copy of that file, introducingAuditPolicyRuleAdvancedConvert.This Pull Request (PR) fixes the following issues:
This PR fixes #1533 (and other related STIGs like Win11 and WinServer). In doing so, 8-9 STIG items are now applied across Windows Client/Server STIGs.
# of rules now covered:
Task list: