Closed dzcmr closed 11 months ago
SamErde
commented
1 year ago Good catch, @dzcmr. (No pun intended.) I see where/why that is happening in the mode 4 code. It's part of a try/catch block that needs to be scoped specifically to each fix or changed to a different confirmation method. Thanks for the feedback!
TrimarcJake
commented
1 year ago @dzcmr What Powershell version are you using?
dzcmr
commented
1 year ago Just 5, I can go back and get the minor version if you need
TrimarcJake
commented
1 year ago Interesting! No need to get the minor version. I was curious if this was a 7.4.0 related issue, but nope!
TrimarcJake
commented
1 year ago Hi @dzcmr! Would you mind running Invoke-Locksmith -Mode 3 and sending me a redacted version of the generated CSV file?
The reason I ask: Mode 4 doesn't currently auto-run fixes for all identified issues. So, the behavior you've described makes sense if you skipped the last fixable issue.
That being said, Locksmith should inform you if there are remaining issues that it is unable to fix.
dzcmr
commented
1 year ago Hey, so this was the first issue it found (from a longish list) - It covered Auditing not being enabled, ESC1, ESC4, ESC5.
some of the ESC5s remain but I've manually fixed up everything else (except for auditing which isn't possible as it's not a real CA but a proxy CA - i.e. it appears like a CA but is not)
I can still send through a redacted output though if it helps.
TrimarcJake
commented
1 year ago Interesting. Well, either way, the Locksmith team all agreed to change it anyway! Look for a different dialog soon. :D
TrimarcJake
commented
12 months ago @dzcmr I started working on improving the Mode 4 confirmation dialog this morning and got a little carried away. If you've got a moment, would you mind testing the testing branch?
What I expected would happen:
What actually happened:
Sample output: