The xSafeHarbor module contains the DSC configurations that allow you to setup the SafeHarbor example.
Please check out common DSC Resources contributing guidelines.
The xSafeHarbor module contains the Assert-SafeHarborScenario.ps1 script file. This script allows you to exercise the SafeHarbor example by setting up a secure environment to run a particular application or service inside of an assume-breached network. This substantially reduces the attack surface of the application or service by configuring a highly customized, application specific environment, by limiting user access and by having "Just Enough" administrative control with full auditing.
To learn more details about this example, please see this blog post.
Note: This example require the use of Windows Management Framework (WMF) 5.0 Preview.
- BaseVhdFilePath: (Mandatory) Path to VHD file that would be used as base image for all the VMs.
- Credentials: Collection of credentials for following user names.
If not specified, the script will prompt for:
- DHCPServer\Administrator
- Corporate\Administrator
- Corporate\User1
- Corporate\Papa
- Corporate\DeptHead
- Safeharbor\Administrator
- Safeharbor\Mata
- VhdDestinationPath: Path where differencing VHDs will be stored.
- Validate: If specified, will run the validation steps at the end of example.
- PauseBetweenStages: If specified, pauses the script execution between various stages of example setup
- Minor bug fix: Replaced hardcoded hotfix ID for WMF with test for that version or higher.
- Initial release with the SafeHarbor example
$baseVhdFilePath = ‘C:\BaseVhd\serverdatacenter_en-us.vhd
.\Assert-SafeHarborScenario.ps1 -BaseVhdFilePath $baseVhdFilePath -Validate –PauseBetweenStages