search

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
https://hotcakex.github.io
MIT License
1.87k stars 148 forks source link

[Bug]: Get-NetFirewallProfile: The specified network name is no longer available. #78

Closed JuliusBairaktaris closed 1 year ago

JuliusBairaktaris commented 1 year ago

Tools category

Harden Windows Security Module

Does your system meet the requirements?

Explain the bug

When I execute the command "Confirm-SystemCompliance", I encounter the error: "Get-NetFirewallProfile: The specified network name is no longer available." This occurs even though I'm operating from a privileged PowerShell terminal and have just installed the relevant module.

Harvester57 commented 1 year ago

Can confirm, I have the same bug present on my systems.

Is your system language English ? Maybe a localization problem ?

JuliusBairaktaris commented 1 year ago

Yes. English-US

HotCakeX commented 1 year ago

Do you get errors when you run these ? 🤔

Get-NetFirewallProfile -Name domain -PolicyStore localhost -ErrorAction Stop
Get-NetFirewallProfile -Name Private -PolicyStore localhost -ErrorAction Stop
Get-NetFirewallProfile -Name Public -PolicyStore localhost -ErrorAction Stop

Get-NetFirewallProfile -Name domain -ErrorAction Stop
Get-NetFirewallProfile -Name Private -ErrorAction Stop
Get-NetFirewallProfile -Name Public -ErrorAction Stop
JuliusBairaktaris commented 1 year ago 
PowerShell 7.3.6
PS C:\Users\X> Get-NetFirewallProfile -Name domain -PolicyStore localhost -ErrorAction Stop
Get-NetFirewallProfile: The specified network name is no longer available.
PS C:\Users\X> Get-NetFirewallProfile -Name Private -PolicyStore localhost -ErrorAction Stop
Get-NetFirewallProfile: The specified network name is no longer available.
PS C:\Users\X> Get-NetFirewallProfile -Name Public -PolicyStore localhost -ErrorAction Stop
Get-NetFirewallProfile: The specified network name is no longer available.
PS C:\Users\X>
PS C:\Users\X> Get-NetFirewallProfile -Name domain -ErrorAction Stop

Name                            : Domain
Enabled                         : True
DefaultInboundAction            : NotConfigured
DefaultOutboundAction           : NotConfigured
AllowInboundRules               : NotConfigured
AllowLocalFirewallRules         : NotConfigured
AllowLocalIPsecRules            : NotConfigured
AllowUserApps                   : NotConfigured
AllowUserPorts                  : NotConfigured
AllowUnicastResponseToMulticast : NotConfigured
NotifyOnListen                  : True
EnableStealthModeForIPsec       : NotConfigured
LogFileName                     : %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogMaxSizeKilobytes             : 4096
LogAllowed                      : False
LogBlocked                      : False
LogIgnored                      : NotConfigured
DisabledInterfaceAliases        : {NotConfigured}

PS C:\Users\X> Get-NetFirewallProfile -Name Private -ErrorAction Stop

Name                            : Private
Enabled                         : True
DefaultInboundAction            : NotConfigured
DefaultOutboundAction           : NotConfigured
AllowInboundRules               : NotConfigured
AllowLocalFirewallRules         : NotConfigured
AllowLocalIPsecRules            : NotConfigured
AllowUserApps                   : NotConfigured
AllowUserPorts                  : NotConfigured
AllowUnicastResponseToMulticast : NotConfigured
NotifyOnListen                  : True
EnableStealthModeForIPsec       : NotConfigured
LogFileName                     : %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogMaxSizeKilobytes             : 4096
LogAllowed                      : False
LogBlocked                      : False
LogIgnored                      : NotConfigured
DisabledInterfaceAliases        : {NotConfigured}

PS C:\Users\X> Get-NetFirewallProfile -Name Public -ErrorAction Stop

Name                            : Public
Enabled                         : True
DefaultInboundAction            : NotConfigured
DefaultOutboundAction           : NotConfigured
AllowInboundRules               : NotConfigured
AllowLocalFirewallRules         : NotConfigured
AllowLocalIPsecRules            : NotConfigured
AllowUserApps                   : NotConfigured
AllowUserPorts                  : NotConfigured
AllowUnicastResponseToMulticast : NotConfigured
NotifyOnListen                  : True
EnableStealthModeForIPsec       : NotConfigured
LogFileName                     : %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogMaxSizeKilobytes             : 4096
LogAllowed                      : False
LogBlocked                      : False
LogIgnored                      : NotConfigured
DisabledInterfaceAliases        : {NotConfigured}

PS C:\Users\X>
HotCakeX commented 1 year ago

Thank you!

I can't reproduce the issue on my system or VM, it works with and without admin rights. I wonder what your systems have in common that you both can repro it.

Either way I'll switch to Group policy xml parsing for Firewall section and release new version today!

Ainatar commented 1 year ago

Same bug here, in my case my system is in spanish, es-ES.

HotCakeX commented 1 year ago

I've updated the module to version 0.0.6, the bug should be fixed now

https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.0.4-6

Ainatar commented 1 year ago

I've updated the module to version 0.0.6, the bug should be fixed now

https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.0.4-6

Now its fixed for me, but i have found another error, this time is a localization one. On the line 1770 of Confirm-SystemCompliance.psm1, you are checking for the "Hyper-V Administrators" group. For me it fails, because in spanish is localized as "Administradores de Hyper-V". You could use the SID instead of the name i guess. If you run the command "Get-LocalGroup | Select Name, Objectclass, Principalsource, sid" you will find that the Hyper-V Administrators group has the SID S-1-5-32-578 (i think its generic for everyone).

HotCakeX commented 1 year ago

I've updated the module to version 0.0.6, the bug should be fixed now https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.0.4-6

Now its fixed for me, but i have found another error, this time is a localization one. On the line 1770 of Confirm-SystemCompliance.psm1, you are checking for the "Hyper-V Administrators" group. For me it fails, because in spanish is localized as "Administradores de Hyper-V". You could use the SID instead of the name i guess. If you run the command "Get-LocalGroup | Select Name, Objectclass, Principalsource, sid" you will find that the Hyper-V Administrators group has the SID S-1-5-32-578 (i think its generic for everyone).

Thanks for letting me know, I'll fix it! it's a well-known SID

by the way does that mean you also have a problem with this part of the hardening script?

Get-LocalUser | Where-Object { $_.enabled -EQ "True" } | Select-Object "Name" |
                ForEach-Object { Add-LocalGroupMember -Group "Hyper-V Administrators" -Member $_.Name -ErrorAction SilentlyContinue }
Ainatar commented 1 year ago

by the way does that mean you also have a problem with this part of the hardening script?

Get-LocalUser | Where-Object { $_.enabled -EQ "True" } | Select-Object "Name" |
                ForEach-Object { Add-LocalGroupMember -Group "Hyper-V Administrators" -Member $_.Name -ErrorAction SilentlyContinue }

The command apparently runs without any errors, but i guess it did nothing? Because that group doesnt exist on my pc with that name. How can i check if it has done what its supposed to do? Sorry, but my PS knowledge is limited haha

Probably you can use the Add-LocalGroupMember command with the -SID instead of -Group, to make that command to work on any language OS.

HotCakeX commented 1 year ago

by the way does that mean you also have a problem with this part of the hardening script?

Get-LocalUser | Where-Object { $_.enabled -EQ "True" } | Select-Object "Name" |
                ForEach-Object { Add-LocalGroupMember -Group "Hyper-V Administrators" -Member $_.Name -ErrorAction SilentlyContinue }

The command apparently runs without any errors, but i guess it did nothing? Because that group doesnt exist on my pc with that name. How can i check if it has done what its supposed to do? Sorry, but my PS knowledge is limited haha

Probably you can use the Add-LocalGroupMember command with the -SID instead of -Group, to make that command to work on any language OS.

Of course, i will use SID instead, it's important for it to be multilingual/international 🙂

HotCakeX commented 1 year ago

Fixed: https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.0.7

Ainatar commented 1 year ago

Thanks, now the Confirm-SystemCompliance command runs normally and it does its work. But! Here comes another headache. I have noticed that in the report most of the options appear as "False", which is strange. I went to check them directly on the gpedit.msc, and they are actually applied. So i guess that for the check up it must be using the english names of each Group Policy, thats why it fails for me.

HotCakeX commented 1 year ago

Thanks, now the Confirm-SystemCompliance command runs normally and it does its work. But! Here comes another headache. I have noticed that in the report most of the options appear as "False", which is strange. I went to check them directly on the gpedit.msc, and they are actually applied. So i guess that for the check up it must be using the english names of each Group Policy, thats why it fails for me.

Can you run this command as admin and then share the xml output with me? you can email me if you don't want to share it publicly.

gpresult /Scope Computer /x .\GPResult.xml /f

Wanna take a look at the group policy output in your language, I didn't know they were translated.

Ainatar commented 1 year ago

Can you run this command as admin and then share the xml output with me? you can email me if you don't want to share it publicly.

I have sent you an email.

HotCakeX commented 1 year ago

Can you run this command as admin and then share the xml output with me? you can email me if you don't want to share it publicly.

I have sent you an email.

Thank you! I see now that it completely breaks the code when it's not in English because everything is translated!

An alternative method is to use registry keys for verifying policies

HotCakeX commented 1 year ago

Found a way to quickly change from Group policy to registry for compliance checking, takes care of different locales, should be ready by tomorrow

Ainatar commented 1 year ago

Found a way to quickly change from Group policy to registry for compliance checking, takes care of different locales, should be ready by tomorrow

Sounds promising, good job!

HotCakeX commented 1 year ago

Found a way to quickly change from Group policy to registry for compliance checking, takes care of different locales, should be ready by tomorrow

Sounds promising, good job!

Thank you! Just released the new update. All of the issues mentioned in this thread should be fixed now (I hope) 🙂

https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.0.8

Ainatar commented 1 year ago

Thank you! Just released the new update. All of the issues mentioned in this thread should be fixed now (I hope) 🙂

https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.0.8

So far everything seems to work well, really nice job! 😄 Thank you for your efforts and your time.

HotCakeX commented 1 year ago

Thank you! Just released the new update. All of the issues mentioned in this thread should be fixed now (I hope) 🙂 https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.0.8

So far everything seems to work well, really nice job! 😄 Thank you for your efforts and your time.

Awesome! you're welcome ^^

HotCakeX commented 1 year ago

Since all the issues are fixed I'm going to close this as completed. please make new issues if you see any other problems!