Hardening and Registration fails due to new PowerShell Security-Features

[drandreas]

Describe the bug

• Step: convert to securestring fails with ConvertFrom-SecureString : Access is denied.
• Step: Run PSM registration fails with ConvertTo-SecureString : Key not valid for use in specified state.
• Step: Run PSM hardening fails with ... some steps failed: AppLocker

To Reproduce Run psm role on Windows Server 2019 with latest Patches installed.

Expected behavior No error, successful PSM-Installation.

Additional context After some googling I think the issue is related to those commands requiring a "user"-session: https://www.reddit.com/r/PowerShell/comments/jafyin/convertfromsecurestring_in_pssession_results_in/

I got the automation working by adding become (https://docs.ansible.com/ansible/latest/user_guide/become.html) to those 3 steps:

    - name: Run PSM hardening
      become: yes
      become_method: runas
      become_user: Administrator
      win_shell: |
        ...

[drerik]

Is there coming an official patch from cyberark on this one, or are you accepting patches?