Access: Schakel Uit Unsigned Add-ins

<# ================================================================================ OFFICE POWERSHELL SCRIPT - Nederlandse Baseline voor Veilige Cloud ================================================================================ .SYNOPSIS Access - Disable Trust Bar for Unsigned Add-ins .DESCRIPTION DISA STIG Control: O365-AC-000002 Controleert dat Trust Bar notificaties voor unsigned add-ins zijn uitgeschakeld en geblokkeerd in Microsoft Access. Dit voorkomt dat gebruikers onveilige add-ins kunnen laden. Registry Path: HKCU:\Software\Policies\Microsoft\Office\16.0\Access\Security\TrustCenter Registry Value: DisableTrustBarNotifications Expected Value: 1 (Enabled - block unsigned add-ins) .NOTES Filename: disable-unsigned-addins.ps1 Author: Nederlandse Baseline voor Veilige Cloud Version: 1.0 DISA STIG: O365-AC-000002 .PARAMETER Monitoring Controleert huidige registry setting .PARAMETER Remediation Past registry setting aan naar aanbevolen waarde .PARAMETER Revert Verwijdert registry setting .EXAMPLE .\disable-unsigned-addins.ps1 -Monitoring #> #Requires -Version 5.1 [CmdletBinding()] param( [Parameter()][switch]$Monitoring, [Parameter()][switch]$Remediation, [Parameter()][switch]$Revert, [Parameter()][switch]$WhatIf ) $ErrorActionPreference = 'Stop' $PolicyName = "Access - Disable Trust Bar Unsigned Add-ins" $RegistryPath = "HKCU:\Software\Policies\Microsoft\Office\16.0\Access\Security\TrustCenter" $RegistryValueName = "DisableTrustBarNotifications" $ExpectedValue = 1 function Test-Compliance { try { if (-not (Test-Path $RegistryPath)) { return @{ IsCompliant = $false; RegistryPathExists = $false; CurrentValue = $null; ExpectedValue = $ExpectedValue } } $regValue = Get-ItemProperty -Path $RegistryPath -Name $RegistryValueName -ErrorAction SilentlyContinue $currentValue = if ($regValue) { $regValue.$RegistryValueName } else { $null } return @{ IsCompliant = ($currentValue -eq $ExpectedValue) RegistryPathExists = $true CurrentValue = $currentValue ExpectedValue = $ExpectedValue } } catch { return @{ IsCompliant = $false; Error = $_.Exception.Message } } } function Invoke-Monitoring { Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "$PolicyName" -ForegroundColor Cyan Write-Host "Nederlandse Baseline voor Veilige Cloud" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan $result = Test-Compliance Write-Host "`nRegistry Path: $RegistryPath" -ForegroundColor Gray Write-Host "Value Name: $RegistryValueName" -ForegroundColor Gray Write-Host "Expected Value: $($result.ExpectedValue) (Disable unsigned add-ins)" -ForegroundColor Gray if (-not $result.RegistryPathExists) { Write-Host "`nStatus: [FAIL] NON-COMPLIANT" -ForegroundColor Red Write-Host "Registry path does not exist" -ForegroundColor Yellow return $result } Write-Host "Current Value: $($result.CurrentValue)" -ForegroundColor $(if ($result.IsCompliant) { 'Green' } else { 'Red' }) if ($result.IsCompliant) { Write-Host "`nStatus: [OK] COMPLIANT" -ForegroundColor Green } else { Write-Host "`nStatus: [FAIL] NON-COMPLIANT" -ForegroundColor Red } return $result } function Invoke-Remediation { Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "REMEDIATION: $PolicyName" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan try { if (-not (Test-Path $RegistryPath)) { Write-Host "`nCreating registry path..." -ForegroundColor Yellow New-Item -Path $RegistryPath -Force | Out-Null Write-Host "[OK] Registry path created" -ForegroundColor Green } Write-Host "`nSetting registry value..." -ForegroundColor Yellow Set-ItemProperty -Path $RegistryPath -Name $RegistryValueName -Value $ExpectedValue -Type DWord -Force Write-Host "[OK] DisableTrustBarNotifications = $ExpectedValue configured" -ForegroundColor Green Start-Sleep -Milliseconds 500 return Test-Compliance } catch { Write-Host "`n[FAIL] ERROR: $_" -ForegroundColor Red throw } } function Invoke-Revert { Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "REVERT: $PolicyName" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan try { if (Test-Path $RegistryPath) { $regValue = Get-ItemProperty -Path $RegistryPath -Name $RegistryValueName -ErrorAction SilentlyContinue if ($regValue) { Remove-ItemProperty -Path $RegistryPath -Name $RegistryValueName -Force Write-Host "[OK] Registry value removed" -ForegroundColor Green } } } catch { Write-Host "[FAIL] ERROR: $_" -ForegroundColor Red throw } } try { if ($Monitoring) { $result = Invoke-Monitoring exit $(if ($result.IsCompliant) { 0 } else { 1 }) } elseif ($Remediation) { $result = Invoke-Remediation exit $(if ($result.IsCompliant) { 0 } else { 1 }) } elseif ($Revert) { Invoke-Revert exit 0 } else { Write-Host "`nUsage: .\disable-unsigned-addins.ps1 [-Monitoring] [-Remediation] [-Revert]" -ForegroundColor Yellow } } catch { Write-Error "Script failed: $_" exit 2 }