Windows Server 2016 CIS

Configure your Windows Server 2016 to meet CIS v1.2.0 standards. Some tasks can be turned off in the defaults main.yml file if you don't want automatic fixes.

Cautions

This role will change system settings which might cause issues. It’s not designed for auditing, but for fixing problems after an audit.

This role was created for a fresh Operating System installation. If you're applying it to an existing system, please check for any necessary changes specific to your setup.

To use the stable version, direct your operations to the main branch. This is based on the CIS Windows Server 2016 Benchmark.

Documentation

• Getting Started
  
• Customizing Roles
  
• Per-Host Configuration
  
• Getting the Most Out of the Role
  
• Wiki
  
• GitHub Repository Page
  

Requirements

General:

• Basic knowledge of Ansible. Here are some helpful links:
  • Main Ansible Documentation
  • Getting Started with Ansible
  • Tower User Guide
  • Ansible Community Info
• Ansible and/or Tower must be installed, configured, and operational. This means all basic settings are in place, required packages are installed, and infrastructure is set up.
• Review the tasks in this role to understand what each one does. Some tasks may disrupt services and cause unexpected issues on a live system. Familiarize yourself with the variables in the defaults/main.yml file or on the Main Variables Wiki Page.

Technical Dependencies:

• A working Ansible/Tower setup (this role is tested with Ansible version 2.9.1 and newer).
• Python3 environment for Ansible.

Role Variables

This role is designed so that users do not need to edit tasks directly. Customizations should be made via the defaults/main.yml file or through extra vars in your project, job, workflow, etc. You can find these variables here along with their descriptions.

Branches

• devel - The main development branch. Community contributions go here.
• main - The stable release branch.
• reports - A secured branch for scoring reports, no code should be added here.
• gh-pages - The GitHub pages branch.
• others - Individual branches for community members.

Community Contribution

We welcome community contributions to this role. Please follow these rules:

• Work in your own branch. Ensure all commits are Signed-off and GPG signed before merging.
• Community pull requests go to the devel branch.
• All pull requests in devel must have GPG signatures, Signed-off, and passed functional tests before they are approved.
• Once approved, your changes will be merged into the main branch for a new release.