PowerShell / PSDscResources

MIT License
129 stars 54 forks source link

Registry: Cannot set same key for different users credentials #210

Open piotrminkina opened 1 year ago

piotrminkina commented 1 year ago

Hello,

With the Registry resource, you cannot configure the same registry key for different users, at the same time, with the same configuration. Take a look at the following example.

Details of the scenario you tried and the problem that is occurring

> . .\RegistryExample.ps1
> $cred1 = Get-Credential
> $cred2 = Get-Credential
> RegistryExample -ConfigurationData @{AllNodes = @( @{ NodeName = 'localhost'; PSDscAllowDomainUser = $true; PsDscAllowPlainTextPassword = $true } ) } -Credential1 $cred1 -Credential2 $cred2

Verbose logs showing the problem

Test-ConflictingResources : A conflict was detected between resources '[Registry]Run_user1
(C:\RegistryExample.ps1::15::9::Registry)' and '[Registry]Run_user2
(C:\RegistryExample.ps1::23::9::Registry)' in node 'localhost'. Resources have identical key properties but there are differences in the following
non-key properties: 'PsDscRunAsCredential'. Values 'System.Management.Automation.PSCredential' don't match values 'System.Management.Automation.PSCredential'. Please update these property values so that they
are identical in both cases.
At line:289 char:9
+         Test-ConflictingResources $keywordName $canonicalizedValue $k ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Write-Error], InvalidOperationException
    + FullyQualifiedErrorId : ConflictingDuplicateResource,Test-ConflictingResources
Compilation errors occurred while processing configuration 'RegistryExample'. Please review the errors reported in error stream and modify your configuration code appropriately.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:3917 char:5
+     throw $ErrorRecord
+     ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (RegistryExample:String) [], InvalidOperationException
    + FullyQualifiedErrorId : FailToProcessConfiguration

Suggested solution to the issue

I don't know if there is any reasonable way out of this situation. What comes to mind is adding a new DSC property, marked as a key, but optional. This property would not be used in the implementation of the resource, but it would give the possibility of additional identification of this resource, well, and would allow to solve this conflict. For example, a configuration with this key could look like the following.

Registry "Run_$($Credential1.UserName)"
{
    Identify = $Credential1.UserName
    PsDscRunAsCredential = $Credential1
    # ...
}

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Configuration RegistryExample {
    param (
        [Parameter(Mandatory)]
        [ValidateNotNullorEmpty()]
        [PSCredential] $Credential1,

        [Parameter(Mandatory)]
        [ValidateNotNullorEmpty()]
        [PSCredential] $Credential2
    )

    Import-DscResource -ModuleName 'PSDscResources' -ModuleVersion '2.12.0.0'

    Node $AllNodes.NodeName {
        Registry "Run_$($Credential1.UserName)"
        {
            PsDscRunAsCredential = $Credential1
            Key = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run'
            ValueName = 'SomeApp'
            ValueData = 'C:\SomeApp.exe'
        }

        Registry "Run_$($Credential2.UserName)"
        {
            PsDscRunAsCredential = $Credential2
            Key = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run'
            ValueName = 'SomeApp'
            ValueData = 'C:\SomeApp.exe'
        }
    }
}

The operating system the target node is running

OsName               : Microsoft Windows 11 Pro
OsOperatingSystemSKU : 48
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-GB
OsMuiLanguages       : {en-GB}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.22621.2428
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2428
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

2.12.0.0