Detect Windows Optional Feature to enable specific findings in CSV lists

[Jerome-Maurin]

Hi,

This is a request for a new functionality in HardeningKitty, to enable the detection of certain Windows Optional Feature to enable or disable certain findings in lists.

For the following controls :

• "User Rights Assignment","Create symbolic links"
• "User Rights Assignment","Log on as a service"
  there are multiple entries in the CSV lists.

For example in the finding_list_cis_microsoft_windows_11_enterprise_23h2_machine.csv file :

• "User Rights Assignment","Create symbolic links"
• "User Rights Assignment","Create symbolic links (Hyper-V)"
  and
• "User Rights Assignment","Log on as a service"
• "User Rights Assignment","Log on as a service (Hyper-V)"
• "User Rights Assignment","Log on as a service (Windows Defender Application Guard)"

The idea would be to use the WindowsOptionalFeature method of HardeningKitty to choose to test or ignore a specific finding.

This would allow to adapt a the list dynamically based on the machine's enabled "Optional Features".

Is this something that could be considered ?

[0x6d69636b]

The Windows Optional feature is not the only distinguishing factor, another is wheter it is a DC or not (see issue #66). I could not find a solution that fits every case. However, after the Intune integration, I will give it more thought