-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Interactive_logon_Message_text_for_users_attempting_to_log_on: A blank line causes the resource to fail even though it worked #197
Comments
I think I see the issue here. SecEdit expects Therefore the Test-Resource value doesn't match the expected value. |
If you changed line 53 of MSFT_SecurityOption.psm1 to |
Replacement Format-LogonMessage function: <#
.SYNOPSIS
Secedit.exe uses an INI file with security policies and their associated values (key value pair).
The value to a policy must be on one line. If the message is a multiple line message a comma is used
for the line break and if a comma is intended for grammar it must be surrounded with double quotes.
.PARAMETER Message
The logon message to be formated
#>
function Format-LogonMessage
{
[OutputType([System.String])]
[CmdletBinding()]
param
(
[Parameter(Mandatory = $true)]
[string]
$Message
)
$formatText = $Message -split '\n'
if ($formatText.count -gt 1)
{
$lines = $formatText -split '\n' | ForEach-Object -Process { ($PSItem -replace ',', '","').Trim() }
$resultValue = ($lines -join ',').Replace(',,','," ",')
}
else
{
$resultValue = $formatText
}
return $resultValue
} |
I've made both of these mods to my local copy and it is working now. |
Details of the scenario you tried and the problem that is occurring
If you want to use a blank line in the text, the correct syntax is to include '," ",' in your text. When this is passed to the resource it successfully puts the correct value in the registry, however the DSC Resource reports a failure and suggests checking '%windir%\se
curity\logs\scesrv.log' However there are no errors in this log either.
Secondly, if you try to pass in a here string with a blank line, the Format-LogonMessage function doesn't account for blank lines.
Verbose logs showing the problem
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] An LCM method call arrived from computer JEREMYDSCTEST with user sid
S-1-5-18.
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Set ]
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Resource ] [[SecurityOption]SecurityOpions]
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Test ] [[SecurityOption]SecurityOpions]
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_text_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: Foo, ,Bar Desired policy: Foo," ",Bar
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_title_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: ATTENTION NETWORK USER Desired policy: ATTENTION NETWORK USER
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ End Test ] [[SecurityOption]SecurityOpions]
in 1.3590 seconds.
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Set ] [[SecurityOption]SecurityOpions]
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_text_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: Foo, ,Bar Desired policy: Foo," ",Bar
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_title_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: ATTENTION NETWORK USER Desired policy: ATTENTION NETWORK USER
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ End Set ] [[SecurityOption]SecurityOpions]
in 2.3000 seconds.
VERBOSE: [2024-07-11 01:53:16Z] [ERROR] PowerShell DSC resource MSFT_SecurityOption failed to execute
Set-TargetResource functionality with error message: Failed to update security option
Interactive_logon_Message_text_for_users_attempting_to_log_on. Refer to %windir%\security\logs\scesrv.log for details.
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ End Set ]
VERBOSE: [2024-07-11 01:53:16Z] [ERROR] The SendConfigurationApply function did not succeed.
VERBOSE: [2024-07-11 01:53:17Z] [VERBOSE] Operation 'Invoke CimMethod' complete.
VERBOSE: [2024-07-11 01:53:17Z] [VERBOSE] Time taken for configuration job to complete is 4.617 seconds
Suggested solution to the issue
The outtput should be
foo," ",bar
2. Work out the exit code (or whatever) issue which is leading the resource to think SecEdit is failing.
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
OsName : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage : en-US
OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
Name Value
PSVersion 5.1.20348.2400
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.20348.2400
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Version of the DSC module that was used
2.10.0
The text was updated successfully, but these errors were encountered: