Closed ssg47 closed 7 months ago
To me from the screenshot it seems like a broken GPO missing registry.xml file? It's why it's not able to scan it properly and asses. I guess it could be detected, as part of broken GPOs report or something.
Yes, the file is missing. The error shows in the GPOReport:
<ExtensionData>
<Error>
<Details>Could not find file '\\DomainControllerFQDN\sysvol\DomainFQDN\Policies\{GUIDString}\Machine\Preferences\Registry\Registry.xml'.</Details>
<Description>Errors.Extensions.GeneralError</Description>
</Error>
<Name>Windows Registry</Name>
</ExtensionData>
So GPOZaurr correctly detects a problem and expects you to fix it yourself. I don't think we can do any automation here other than maybe a report for GPOs that are broken the same way. What do you think GPOZaurr should do?
I've now created a GPO, added registry settings and went and deleted registry.xml in it. Sure enough error:
We could add GPOMissingFiles
report that would detect this issues, but all in all - it's a problem we can't really solve other then, removing the GPO or trying to remove respective part so it doesn't have this entry anymore.
I agree, there no automated fix. It does detect a problem but it's not in the report. I've inherited a mess - there were so many warnings when I first ran it that I missed this one. Currently, on the Group Policy Summary table, it is showing as all green but it's definitely not healthy so just a column in that table flagging that would be useful (or add it to the problem column).
I know this is a minor grumble. I was amazed when I saw the size of the module. You must be very proud of your work!
I'll try to add another report and maybe improve the message about this when scanning. I expect people that run GPOZaurr to pay attention to any warnings. I can't put "errors" everywhere, but i'll see what we can do.
That's fair enough. Thank you.
I've created new report for that:
WARNING: Get-XMLGPO - Reading GPO content [XXX-GPO-S-C Hardening (v10.0.1)/DomainFQDN] returned an error. This may be because of non-english language. Assesing EMPTY using old method which can report false positives. Be careful please.
In issue #10 you have seen this error in a Dutch language GPO. I am seeing it in an English language GPO.
The policy has user settings disabled and contains both Policies and Preferences. There are multiple policies but a single preference. In GPMC, it shows an error for the preference:
An unknown error occurred while data was gathered for this extension. Details: Could not find file '\\DomainControllerFQDN\sysvol\DomainFQDN\Policies\{GUIDstring}\Machine\Preferences\Registry\Registry.xml'.
I'm happy to help if you want to incorporate this in your marvellous module. Otherwise, I'm happy for you to close as a known issue.