You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Details of the scenario you tried and the problem that is occurring
If you want to use a blank line in the text, the correct syntax is to include '," ",' in your text. When this is passed to the resource it successfully puts the correct value in the registry, however the DSC Resource reports a failure and suggests checking '%windir%\se
curity\logs\scesrv.log' However there are no errors in this log either.
Secondly, if you try to pass in a here string with a blank line, the Format-LogonMessage function doesn't account for blank lines.
Verbose logs showing the problem
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] An LCM method call arrived from computer JEREMYDSCTEST with user sid
S-1-5-18.
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Set ]
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Resource ] [[SecurityOption]SecurityOpions]
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Test ] [[SecurityOption]SecurityOpions]
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_text_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: Foo, ,Bar Desired policy: Foo," ",Bar
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_title_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: ATTENTION NETWORK USER Desired policy: ATTENTION NETWORK USER
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ End Test ] [[SecurityOption]SecurityOpions]
in 1.3590 seconds.
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Set ] [[SecurityOption]SecurityOpions]
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_text_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: Foo, ,Bar Desired policy: Foo," ",Bar
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_title_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: ATTENTION NETWORK USER Desired policy: ATTENTION NETWORK USER
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ End Set ] [[SecurityOption]SecurityOpions]
in 2.3000 seconds.
VERBOSE: [2024-07-11 01:53:16Z] [ERROR] PowerShell DSC resource MSFT_SecurityOption failed to execute
Set-TargetResource functionality with error message: Failed to update security option
Interactive_logon_Message_text_for_users_attempting_to_log_on. Refer to %windir%\security\logs\scesrv.log for details.
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ End Set ]
VERBOSE: [2024-07-11 01:53:16Z] [ERROR] The SendConfigurationApply function did not succeed.
VERBOSE: [2024-07-11 01:53:17Z] [VERBOSE] Operation 'Invoke CimMethod' complete.
VERBOSE: [2024-07-11 01:53:17Z] [VERBOSE] Time taken for configuration job to complete is 4.617 seconds
Suggested solution to the issue
Adjust the Format-LogonMessage so that it supports blank lines in here strings properly. Presently the following happens:
I think I see the issue here. SecEdit expects foo," ",bar as the input to includer a blank line, but in the exported config you get: MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,Foo, ,Bar
Therefore the Test-Resource value doesn't match the expected value.
If you changed line 53 of MSFT_SecurityOption.psm1 to to $resultValue = ($currentValue -split '7,')[-1].Trim().replace(', ,','," ",') I think that would work for the comparison of the desired value with the currnt value.
<#.SYNOPSIS Secedit.exe uses an INI file with security policies and their associated values (key value pair). The value to a policy must be on one line. If the message is a multiple line message a comma is used for the line break and if a comma is intended for grammar it must be surrounded with double quotes..PARAMETERMessage The logon message to be formated#>functionFormat-LogonMessage
{
[OutputType([System.String])]
[CmdletBinding()]
param
(
[Parameter(Mandatory=$true)]
[string]
$Message
)
$formatText=$Message-split'\n'if ($formatText.count-gt1)
{
$lines=$formatText-split'\n'|ForEach-Object-Process { ($PSItem-replace',','","').Trim() }
$resultValue= ($lines-join',').Replace(',,','," ",')
}
else
{
$resultValue=$formatText
}
return$resultValue
}
Details of the scenario you tried and the problem that is occurring
If you want to use a blank line in the text, the correct syntax is to include '," ",' in your text. When this is passed to the resource it successfully puts the correct value in the registry, however the DSC Resource reports a failure and suggests checking '%windir%\se
curity\logs\scesrv.log' However there are no errors in this log either.
Secondly, if you try to pass in a here string with a blank line, the Format-LogonMessage function doesn't account for blank lines.
Verbose logs showing the problem
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] An LCM method call arrived from computer JEREMYDSCTEST with user sid
S-1-5-18.
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Set ]
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Resource ] [[SecurityOption]SecurityOpions]
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Test ] [[SecurityOption]SecurityOpions]
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_text_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: Foo, ,Bar Desired policy: Foo," ",Bar
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_title_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: ATTENTION NETWORK USER Desired policy: ATTENTION NETWORK USER
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ End Test ] [[SecurityOption]SecurityOpions]
in 1.3590 seconds.
VERBOSE: [2024-07-11 01:53:15Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ Start Set ] [[SecurityOption]SecurityOpions]
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_text_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: Foo, ,Bar Desired policy: Foo," ",Bar
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Testing SecurityOption: Interactive_logon_Message_title_for_users_attempting_to_log_on
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: [[SecurityOption]SecurityOpions]
Current policy: ATTENTION NETWORK USER Desired policy: ATTENTION NETWORK USER
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ End Set ] [[SecurityOption]SecurityOpions]
in 2.3000 seconds.
VERBOSE: [2024-07-11 01:53:16Z] [ERROR] PowerShell DSC resource MSFT_SecurityOption failed to execute
Set-TargetResource functionality with error message: Failed to update security option
Interactive_logon_Message_text_for_users_attempting_to_log_on. Refer to %windir%\security\logs\scesrv.log for details.
VERBOSE: [2024-07-11 01:53:16Z] [VERBOSE] [JEREMYDSCTEST]: LCM: [ End Set ]
VERBOSE: [2024-07-11 01:53:16Z] [ERROR] The SendConfigurationApply function did not succeed.
VERBOSE: [2024-07-11 01:53:17Z] [VERBOSE] Operation 'Invoke CimMethod' complete.
VERBOSE: [2024-07-11 01:53:17Z] [VERBOSE] Time taken for configuration job to complete is 4.617 seconds
Suggested solution to the issue
The outtput should be
foo," ",bar
2. Work out the exit code (or whatever) issue which is leading the resource to think SecEdit is failing.
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
OsName : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage : en-US
OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
Name Value
PSVersion 5.1.20348.2400
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.20348.2400
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Version of the DSC module that was used
2.10.0
The text was updated successfully, but these errors were encountered: