search

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
https://hotcakex.github.io
MIT License
1.87k stars 148 forks source link

[Bug]: Starting with Windows 24H2, Hardening Module will no longer work as system #375

Closed kamellemann closed 1 month ago

kamellemann commented 1 month ago

Tools category

Harden Windows Security Module

Does Your System Meet The Requirements?

Is your Windows Installation Genuine?

Did You Read The Frequently Asked Questions?

Please Explain The Bug

Starting with Windows 24H2, Hardening Module will no longer work as system. All fine when running as normal user. Error: ParentContainsErrorRecordException: Exception setting "Host": "The type initializer for 'HardenWindowsSecurity.GlobalVars' threw an exception." Import-Module: The module to process 'Harden-Windows-Security-Module.psm1', listed in field 'ModuleToProcess/RootModule' of module manifest 'C:\Hardening\Harden-Windows-Security-Module\0.6.7\Harden-Windows-Security-Module.psd1' was not processed because no valid module was found in any module directory.

Name Value

PSVersion 7.4.6 PSEdition Core GitCommitId 7.4.6 OS Microsoft Windows 10.0.26100 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

Error Details

Exception             :
    Type           : System.Management.Automation.PSInvalidOperationException
    ErrorRecord    :
        Exception             :
            Type    : System.Management.Automation.ParentContainsErrorRecordException
            Message : The module to process 'Harden-Windows-Security-Module.psm1', listed in field 'ModuleToProcess/RootModule' of module
manifest 'C:\Hardening\Harden-Windows-Security-Module\0.6.7\Harden-Windows-Security-Module.psd1' was not processed because no valid module
was found in any module directory.
            HResult : -2146233087
        TargetObject          : Harden-Windows-Security-Module
        CategoryInfo          : ResourceUnavailable: (Harden-Windows-Security-Module:String) [], ParentContainsErrorRecordException
        FullyQualifiedErrorId : Modules_ModuleFileNotFound
    TargetSite     :
        Name          : LoadModuleManifest
        DeclaringType : [Microsoft.PowerShell.Commands.ModuleCmdletBase]
        MemberType    : Method
        Module        : System.Management.Automation.dll
    Message        : The module to process 'Harden-Windows-Security-Module.psm1', listed in field 'ModuleToProcess/RootModule' of module
manifest 'C:\Hardening\Harden-Windows-Security-Module\0.6.7\Harden-Windows-Security-Module.psd1' was not processed because no valid module
was found in any module directory.
    InnerException :
        Type    : System.IO.FileNotFoundException
        Message : The module to process 'Harden-Windows-Security-Module.psm1', listed in field 'ModuleToProcess/RootModule' of module
manifest 'C:\Hardening\Harden-Windows-Security-Module\0.6.7\Harden-Windows-Security-Module.psd1' was not processed because no valid module
was found in any module directory.
        HResult : -2147024894
    Source         : System.Management.Automation
    HResult        : -2146233079
    StackTrace     :
   at Microsoft.PowerShell.Commands.ModuleCmdletBase.LoadModuleManifest(String moduleManifestPath, ExternalScriptInfo manifestScriptInfo,
Hashtable data, Hashtable localizedData, ManifestProcessingFlags manifestProcessingFlags, Version minimumVersion, Version maximumVersion,
Version requiredVersion, Nullable`1 requiredModuleGuid, ImportModuleOptions& options, Boolean& containedErrors)
   at Microsoft.PowerShell.Commands.ModuleCmdletBase.LoadModule(PSModuleInfo parentModule, String fileName, String moduleBase, String prefix,
SessionState ss, Object privateData, ImportModuleOptions& options, ManifestProcessingFlags manifestProcessingFlags, Boolean& found, Boolean&
moduleFileFound)
   at Microsoft.PowerShell.Commands.ModuleCmdletBase.LoadUsingExtensions(PSModuleInfo parentModule, String moduleName, String fileBaseName,
String extension, String moduleBase, String prefix, SessionState ss, ImportModuleOptions options, ManifestProcessingFlags
manifestProcessingFlags, Boolean& found, Boolean& moduleFileFound)
   at Microsoft.PowerShell.Commands.ModuleCmdletBase.LoadUsingMultiVersionModuleBase(String moduleBase, ManifestProcessingFlags
manifestProcessingFlags, ImportModuleOptions importModuleOptions, Boolean& found)
   at Microsoft.PowerShell.Commands.ImportModuleCommand.ImportModule_LocallyViaName(ImportModuleOptions importModuleOptions, String name)
TargetObject          : Harden-Windows-Security-Module
CategoryInfo          : ResourceUnavailable: (Harden-Windows-Security-Module:String) [Import-Module], PSInvalidOperationException
FullyQualifiedErrorId : Modules_ModuleFileNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
InvocationInfo        :
    MyCommand        : Import-Module
    ScriptLineNumber : 1
    OffsetInLine     : 1
    HistoryId        : 10
    Line             : Import-Module -Name 'C:\Hardening\Harden-Windows-Security-Module'
    Statement        : Import-Module -Name 'C:\Hardening\Harden-Windows-Security-Module'
    PositionMessage  : At line:1 char:1
                       + Import-Module -Name 'C:\Hardening\Harden-Windows-Security-Module'
                       + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    InvocationName   : Import-Module
    CommandOrigin    : Internal
ScriptStackTrace      : at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo :
      0
      1
kamellemann commented 1 month ago

Running as user image Running as system image

kamellemann commented 1 month ago

image

HotCakeX commented 1 month ago

Hi, Thanks for the report, i found the issue and i'm going to fix it in version 0.6.8 which is coming out very soon.

The problem is that the method LocalUserRetriever.Get() doesn't include SYSTEM in the returned users list, in this line.

by the way, do you have a specific requirement to run the module as SYSTEM?

kamellemann commented 1 month ago

Hi, great, thank´s for the fast feedback. We are running this script in AVD as custom compliance script via intune.

kamellemann commented 1 month ago

I´ve modified the files you have changed on my system and all fine now: image

kamellemann commented 1 month ago

I just need to comment these lines out image

HotCakeX commented 1 month ago

But those are related to toast notification, the problem with running the module as SYSTEM was that its SID is a well-known one and not like other user accounts which i fixed and will release new update today. With that change i can run the module on my device as SYSTEM too using PSexec.

kamellemann commented 1 month ago

Yepp, i´ve modified globalvars as well, but without having this line commented out, i got an error. But seems to be related to my manual modification :-)

HotCakeX commented 1 month ago

Just released version 0.6.8, if you run any of the functions it will auto update to the latest version, or you can update it manually if you like.

Here is the release notes: https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.6.8

Thanks again for reporting :)