Closed An78toi13ne06 closed 7 months ago
Hi,
After installing HardenAd via the powershell script, I noticed that the GPO HAD-TS-Local-admins-groups had an error with the scheduled task:
When looking at the scheduled task XML, it looks like there is a "corruption?" in the xml formatting :
<?xml version="1.0" encoding="utf-8"?> <ScheduledTasks clsid="{CC63F200-7309-4ba0-B154-A71CD118DBCC}"> <<<<<<<< HEAD:Inputs/GroupPolicies/HAD-TS-Local-admins-groups/{9B7F544A-EA37-4135-87E2-1D44C8D76C1C}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml.backup <TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}" name="HardenAD\HAD_Manage_Local_Administrators_Group" image="1" userContext="0" removePolicy="0" changed="2023-03-21 15:30:35" uid="{2CE63049-895B-4F96-AEB8-6CA1C0110146}"> <Properties action="R" name="HardenAD\HAD_Manage_Local_Administrators_Group" runAs="NT AUTHORITY\System" logonType="S4U"> <Task version="1.2"> <RegistrationInfo> <Author>HARDEN\ad</Author> <Description></Description> ======== <TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}" name="HardenAD\HAD_Delete_Powershell_Logs" image="2" changed="2023-08-10 14:22:52" uid="{26B91C95-DF5A-4510-BADE-6555D8745423}"> <Properties action="U" name="HardenAD\HAD_Delete_Powershell_Logs" runAs="NT AUTHORITY\System" logonType="S4U"> <Task version="1.2"> <RegistrationInfo> <Author>HARDEN\Administrator</Author> <Description>Delete powershell log files older than 7 days</Description> >>>>>>>> 56-bitlocker-issue:Inputs/GroupPolicies/HAD-PowerShell-Logs/{9BC7A0A1-5911-4505-8800-A5A12C837301}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml </RegistrationInfo> <Principals> <Principal id="Author"> <UserId>NT AUTHORITY\System</UserId> <LogonType>S4U</LogonType> <RunLevel>HighestAvailable</RunLevel> </Principal> </Principals> <Settings> <IdleSettings> <Duration>PT5M</Duration> <WaitTimeout>PT1H</WaitTimeout> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <ExecutionTimeLimit>PT1H</ExecutionTimeLimit> <Priority>7</Priority> </Settings> <Triggers> <CalendarTrigger> <StartBoundary>2023-08-11T19:15:00</StartBoundary> <Enabled>true</Enabled> <<<<<<<< HEAD:Inputs/GroupPolicies/HAD-TS-Local-admins-groups/{9B7F544A-EA37-4135-87E2-1D44C8D76C1C}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml.backup <Subscription><QueryList><Query Id="0" Path="Security"><Select Path="Security">*[System[EventID=5139]]</Select><Select Path="Security">*[System[EventID=4743]]</Select><Select Path="Security">*[System[EventID=4742]]</Select><Select Path="Security">*[System[EventID=4741]]</Select></Query></QueryList></Subscription> <ValueQueries> <Value name="EventID">Event/System/EventID</Value> <Value name="NewDN">Event/EventData/Data[@Name="NewObjectDN"]</Value> <Value name="OldDN">Event/EventData/Data[@Name="OldObjectDN"]</Value> <Value name="TargetPC">Event/EventData/Data[@Name="TargetUserName"]</Value> </ValueQueries> </EventTrigger> </Triggers> <Actions Context="Author"> <Exec> <Command>powershell.exe</Command> <Arguments>Start-HardenADLocalGroups -ComputerName '"$(TargetPC)"' -EventID $(EventID) -OldDN '"$(OldDN)"' -NewDN '"$(NewDN)"'</Arguments> ======== <ScheduleByWeek> <WeeksInterval>1</WeeksInterval> <DaysOfWeek> <Monday/> </DaysOfWeek> </ScheduleByWeek> <ExecutionTimeLimit>PT30M</ExecutionTimeLimit> </CalendarTrigger> </Triggers> <Actions Context="Author"> <Exec> <Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Command> <Arguments>-File "C:\Windows\HardenAD\ScheduledTasks\HAD_Delete_Powershell_Logs\HAD_Delete_Powershell_Logs.ps1" -ExecutionPolicy Bypass</Arguments> >>>>>>>> 56-bitlocker-issue:Inputs/GroupPolicies/HAD-PowerShell-Logs/{9BC7A0A1-5911-4505-8800-A5A12C837301}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml </Exec> </Actions> </Task> </Properties> </TaskV2> </ScheduledTasks>
It seems it should have two tasks but they are mixed together.
Fixed in the dev branch but there may be other bugs...
Hi, i have the same error with dev branch
Fixed in 2.9.7.
Hi,
After installing HardenAd via the powershell script, I noticed that the GPO HAD-TS-Local-admins-groups had an error with the scheduled task:
When looking at the scheduled task XML, it looks like there is a "corruption?" in the xml formatting :
It seems it should have two tasks but they are mixed together.