How to configure the module: Examples and guidelines The following examples demonstrate the use of CEM in a production environment. Basic configuration examplesWhen you specify a compliance framework, CEM is configured to provide rule enforcement and configuration for that framework. For example, to enforce the Center for Internet Security (CIS) Server Level 1 benchmark for a node, you must classify the node with the cem_windows class, set the benchmark parameter to cis, and run Puppet. To learn more about CEM configuration, see the following examples. Advanced configuration exampleBuilding on the basic configuration examples, the control_configs section specifies advanced options for controls. Run Desired State Configuration resources as a specific userDesired State Configuration (DSC) requires local administrator privileges to modify Windows resources. Typically, the Puppet agent runs under a user account with these permissions. However, if the Puppet agent on a node does not have local administrator permissions, you can use Hiera to configure a user account that does have the required permissions. Allow local accounts to access nodesTo allow a local user account to access a node with RDP, set the top-level option allow_local_account_rdp to true. Enforce specific rulesTo configure CEM to enforce only specific rules, use the only key. Ignore specific rulesTo configure CEM to ignore specific rules, use the ignore key. Customize rulesYou can customize most rules by using the control_configs key and supplying the key with a hash value. Rename the Administrator and Guest accountsTo help protect your infrastructure, rename the Administrator and Guest accounts.