Επεξεργασία

Κοινή χρήση μέσω

Configure data based on Security Technical Information Guide (STIG)

  • Άρθρο

Applies To: Windows PowerShell 5.1

Note

Azure Automation State Configuration will be retired on September 30, 2027, please transition to Azure Machine Configuration by that date. For more information, see the blog post announcement. The Azure Machine Configuration service combines features of DSC Extension, Azure Automation State Configuration, and the most commonly requested features from customer feedback. Azure Machine Configuration also includes hybrid machine support through Arc-enabled servers.

Important

The Add, Compose configuration, and Gallery navigation links will be removed from the portal on March 31, 2025.

Creating configuration content for the first time can be challenging. In many cases, the goal is to automate configuration of servers following a "baseline" that hopefully aligns to an industry recommendation.

Note

This article refers to a solution that's maintained by the Open Source community. Support is only available in the form of GitHub collaboration, not from Microsoft.

Community project: PowerSTIG

A community project named PowerSTIG aims to resolve this issue by generating DSC content based on public information provided about STIG (Security Technical Implementation Guide),

Dealing with baselines is more complicated than it sounds. Many organizations need to document exceptions to rules and manage that data at scale. PowerSTIG addresses the problem by providing Composite Resources to address each area of the configuration rather than trying to address the entire range of settings in one large file.

After you create the configurations, you can use the DSC Configuration scripts to generate MOF files and upload the MOF files to Azure Automation. To pull configurations, register your servers from either on-premises or in Azure.

To try out PowerSTIG, visit the PowerShell Gallery and download the solution or select Project Site to view the documentation.

Next steps