[cmdletBinding()] param($outDir) function Check-WindowsServer2025 { $osname = (get-wmiobject Win32_OperatingSystem).Caption if ($osname.Contains("Windows Server 2025")) { return $true } else { return $false } } function Check-AzureLocal23H2 { $osname = (get-wmiobject Win32_OperatingSystem).Caption $osver = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").DisplayVersion if ($osname.Contains("Azure Stack HCI")) { if ($osver -eq "23H2") { return $true } else { return $false } } else { return $false } } function Check-MicrosoftOsConfigModule { $osConfigModule = "Microsoft.OSConfig" $moduleExists = Get-InstalledModule -Name $osConfigModule -AllVersions -ErrorAction silentlycontinue if ($moduleExists) { return $true } else { return $false } } if (Check-AzureLocal23H2) { Write-Verbose "Check-WindowsServer2025: Azure Local 23H2" } else { Write-Verbose "Check-WindowsServer2025: Unsupported Operating System" return -1 exit } if (!(Check-MicrosoftOsConfigModule)) { Write-Verbose "Check-MicrosoftOsConfigModule: OsConfig Module dows not exist" return -1 exit } $auditScenario = "" if($outDir -eq $null) { $outDir = $env:TEMP } else { if(!(Test-Path -Path $outDir)) { $outDir = $env:TEMP } } if (!($outDir -like "*\")) { $outDir = $outDir+"\" } $dateTime = Get-Date -Format "yyyyMMdd_HHmmss" $auditScenario = "SecurityBaseline/AzureStackHCI" $logFileName = $outDir+"WindowsBaseLine_AzureLocal_$datetime.log" Write-Verbose $auditScenario Write-Verbose "LogFile: $logFileName" $results = (Get-OSConfigDesiredConfiguration -Scenario $auditScenario) $results | ft Name, @{ Name = "Status"; Expression={$_.Compliance.Status} }, @{ Name = "Severity"; Expression={$_.Compliance.Severity} }, @{ Name = "Reason"; Expression={$_.Compliance.Reason} } -AutoSize -Wrap 2>&1| Out-File -Encoding default -FilePath $logFileName -width 160 $numOfCompliant = 0 $numOfTotal = 0 foreach ($result in $results) { if($result.Compliance.Status -eq "Compliant") { $numOfCompliant++ $numOfTotal++ } elseif ($result.Compliance.Status -eq "NotCompliant") { $numOfTotal++ } } return [math]::Round(($numOfCompliant / $numOfTotal * 100),0)