The xSafeHarbor module contains the DSC configurations that allow you to setup the SafeHarbor example.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
Please check out common DSC Resources contributing guidelines.
The xSafeHarbor module contains the Assert-SafeHarborScenario.ps1 script file. This script allows you to exercise the SafeHarbor example by setting up a secure environment to run a particular application or service inside of an assume-breached network. This substantially reduces the attack surface of the application or service by configuring a highly customized, application specific environment, by limiting user access and by having "Just Enough" administrative control with full auditing.
To learn more details about this example, please see this blog post.
Note: This example require the use of Windows Management Framework (WMF) 5.0 Preview.
- BaseVhdFilePath: (Mandatory) Path to VHD file that would be used as base image for all the VMs.
- Credentials: Collection of credentials for following user names.
If not specified, the script will prompt for:
- DHCPServer\Administrator
- Corporate\Administrator
- Corporate\User1
- Corporate\Papa
- Corporate\DeptHead
- Safeharbor\Administrator
- Safeharbor\Mata
- VhdDestinationPath: Path where differencing VHDs will be stored.
- Validate: If specified, will run the validation steps at the end of example.
- PauseBetweenStages: If specified, pauses the script execution between various stages of example setup
- Update appveyor.yml to use the default template.
- Added default template files .codecov.yml, .gitattributes, and .gitignore, and .vscode folder.
- Updated configuration SafeHarborConfiguration.psm1 to pass tests.
- Minor bug fix: Replaced hardcoded hotfix ID for WMF with test for that version or higher.
- Initial release with the SafeHarbor example
$baseVhdFilePath = ‘C:\BaseVhd\serverdatacenter_en-us.vhd
.\Assert-SafeHarborScenario.ps1 -BaseVhdFilePath $baseVhdFilePath -Validate –PauseBetweenStages