Add new lines

fleetdm · Jan 27, 2024 · 4c72a82 · 4c72a82
1 parent 12ce9f9
commit 4c72a82
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/lib/macos-device-health.policies.yml b/lib/macos-device-health.policies.yml
@@ -3,7 +3,7 @@
   description: This policy checks if FileVault (disk encryption) is enabled.
   resolution: As an IT admin, turn on disk encryption in Fleet.
   query: SELECT 1 FROM filevault_status WHERE status = 'FileVault is On.';
-- name: macOS - Disble guest account
+- name: macOS - Disable guest account
   platform: darwin
   description: This policy checks if the guest account is disabled.
   resolution: An an IT admin, deploy a macOS, login window profile with the DisableGuestAccount option set to true.
@@ -12,7 +12,7 @@
   platform: darwin
   description: This policy checks if Firewall is enabled.
   resolution: An an IT admin, deploy a macOS, Firewall profile with the EnableFirewall option set to true.
-  query: SELECT 1 FROM managed_policies WHERE domain='com.apple.security.firewall' AND username = '' AND name='EnableFirewall' AND CAST(value AS INT) = 1
+  query: SELECT 1 FROM managed_policies WHERE domain='com.apple.security.firewall' AND username = '' AND name='EnableFirewall' AND CAST(value AS INT) = 1;
 - name: macOS - Require 10 character password
   platform: darwin
   description: This policy checks if the end user is required to enter a password, with at least 10 characters, to unlock the host.
@@ -49,4 +49,4 @@
             domain='com.apple.screensaver' AND 
             name='idleTime' AND 
             CAST(value AS INT) > 1200
-        );
+        );
diff --git a/lib/windows-device-health.policies.yml b/lib/windows-device-health.policies.yml
@@ -19,4 +19,5 @@
   platform: windows
   description: This policy checks if maximum amount of time (in minutes) the device is allowed to sit idle before the screen is locked. End users can select any value less than the specified maximum.
   resolution: "As an IT admin, to deploy a Windows profile with the MaxInactivityTimeDeviceLock option documented here: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-devicelock#maxinactivitytimedevicelock"
-  query: SELECT 1 FROM mdm_bridge where mdm_command_input = "<SyncBody><Get><CmdID>1</CmdID><Item><Target><LocURI>./Device/Vendor/MSFT/Policy/Result/DeviceLock/MaxInactivityTimeDeviceLock</LocURI></Target></Item></Get></SyncBody>" and CAST(mdm_command_output AS INT) <= 20;
+  query: SELECT 1 FROM mdm_bridge where mdm_command_input = "<SyncBody><Get><CmdID>1</CmdID><Item><Target><LocURI>./Device/Vendor/MSFT/Policy/Result/DeviceLock/MaxInactivityTimeDeviceLock</LocURI></Target></Item></Get></SyncBody>" and CAST(mdm_command_output AS INT) <= 20;
+