IIS 8.5 STIG issue

[pursca]

Describe the bug
after apply IIS 8.5 v1.7 STIG on windows 2016 with IIS on failed to report as true

To Reproduce
on a windows 2016 member server, with web server feature turned on, asp.net 4.7.2 installed, verify the sample iis site is working -
apply the following dsc config

configuration IisServerSTIG
{
param
(
[parameter()]
[string]
$NodeName = 'localhost'
)

Import-DscResource -ModuleName PowerStig

Node $NodeName
{
    IisServer BaseLine
    {
        IisVersion   = '8.5'
        LogPath      = 'C:\inetpub\logs\LogFiles'
        StigVersion = '1.7'
    }
}

}

IisServerSTIG -OutputPath C:\STIG\IIS\STIGConfig
Start-dscconfiguration -path c:\stig\IIS\stigconfig

{[NTFSAccessEntry][V-76745][medium][SRG-APP-000340-WSR-000029]::[IisServer]BaseLine} reported as not in desired state ... I manually checked the state of v-76745 and I think it is in desired state even though it does not have the following entry in ACL but the rule state that
"Verify the permissions for the following users; if the permissions are less restrictive, this is a finding.", in this case, missing one entry is more restrictive and should be validated as in desired state.

ALL APPLICATION PACKAGES (built-in security group): Read and execute

Expected behavior
ALL APPLICATION PACKAGES (built-in security group): Read and execute should be applied to inetpub folder permissions

or report back as true with this permission missing because it is more restrictive.

Screenshots

Additional context

[jcwalker]

Hi @pursca, we are aware of this issue. It's the same issue documented here - PowerShell/Win32-OpenSSH#750

We have it on the todo list