Skip to content

Commit

Permalink
so that we c nca check login check policy #882
Browse files Browse the repository at this point in the history
  • Loading branch information
@SQLDBAWithABeard
SQLDBAWithABeard committed May 9, 2023
1 parent 30e05cc commit b4e76a5
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
9 changes: 9 additions & 0 deletions source/checks/Instancev5.Tests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,15 @@ Describe "Successful Login Auditing" -Tag LoginAuditSuccessful, Security, CIS, M
}
}

Describe "Login Check Policy" -Tag LoginCheckPolicy, Security, CIS, Medium, Instance -ForEach $InstancesToTest {
$skip = ($__dbcconfig | Where-Object { $_.Name -eq 'skip.security.LoginCheckPolicy' }).Value
Context "Testing if the CHECK_POLICY is enabled on all logins on $psitem" {
It "All logins should have the CHECK_POLICY option set to ON on $psitem" -Skip:$skip {
($psitem.logins | Where-Object { $_.LoginType -eq 'SqlLogin' -and $_.PasswordPolicyEnforced -eq $false -and $_.IsDisabled -eq $false }).Count | Should -Be 0 -Because "We expected the CHECK_POLICY for the all logins to be enabled"
}
}
}

Describe "Instance MaxDop" -Tag MaxDopInstance, MaxDop, Medium, Instance -ForEach ($InstancesToTest | Where-Object { $psitem.Name -notin $psitem.ConfigValues.ExcludeInstanceMaxDop }) {
$skip = ($__dbcconfig | Where-Object { $_.Name -eq 'skip.instance.MaxDopInstance' }).Value
Context "Testing Instance MaxDop Value on <_.Name>" {
Expand Down
6 changes: 6 additions & 0 deletions source/internal/functions/NewGet-AllInstanceInfo.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -410,6 +410,12 @@ function NewGet-AllInstanceInfo {
$Instance.SetDefaultInitFields([Microsoft.SqlServer.Management.Smo.Settings], $SettingsInitFields)
}

'LoginCheckPolicy' {
$LoginInitFields.Add("IsDisabled") | Out-Null # so we can check login check policy
$LoginInitFields.Add("PasswordPolicyEnforced") | Out-Null # so we can check login check policy
$Instance.SetDefaultInitFields([Microsoft.SqlServer.Management.Smo.Settings], $LoginInitFields)
}

Default { }
}

Expand Down

0 comments on commit b4e76a5

Please sign in to comment.