search

dsccommunity / ComputerManagementDsc

DSC resources for for configuration of a Windows computer. These DSC resources allow you to perform computer management tasks, such as renaming the computer, joining a domain and scheduling tasks as well as configuring items such as virtual memory, event logs, time zones and power settings.
https://dsccommunity.org
MIT License
300 stars 83 forks source link

WindowsEventLog: Add parameter to set RestrictGuestAccess registry key #338

Closed aydeisen closed 3 years ago

aydeisen commented 4 years ago

Details of the scenario you tried and the problem that is occurring

Add a parameter to set the "RestrictGuestAccess" registry value for Windows Event Logs

Verbose logs showing the problem

N/A

Suggested solution to the issue

Add RestrictGuestAccess to WindowsEventLog so it can be set within the resource and not separately using the Registry resource

The DSC configuration that is used to reproduce the issue (as detailed as possible)

        Registry AppRestrictGuestAccess
        {
            Force     = $True
            Ensure    = "Present"
            Key       = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application"
            ValueName = "RestrictGuestAccess"
            ValueData = "1"
            ValueType = "dword"
        }

The operating system the target node is running

Server versions 2008/R2, 2012/R2, 2016, and 2019

Version and build of PowerShell the target node is running

WMF 5.1

Version of the DSC module that was used ('dev' if using current dev branch)

8.2.0.0

PlagueHO commented 4 years ago

To confirm, the proposal would result in the MOF changing like this:

[ClassVersion("1.0.0.1"), FriendlyName("WindowsEventLog")]
class DSC_WindowsEventLog : OMI_BaseResource
{
    [Key, Description("Specifies the given name of a Windows Event Log")] String LogName;
    [Write, Description("Specifies the given state of a Windows Event Log")] Boolean IsEnabled;
    [Write, Description("Specifies the given maximum size in bytes for a specified Windows Event Log")] Sint64 MaximumSizeInBytes;
    [Write, Description("Specifies the given LogMode for a specified Windows Event Log"), ValueMap{"AutoBackup","Circular","Retain"}, Values{"AutoBackup","Circular","Retain"}] String LogMode;
    [Write, Description("Specifies the given SecurityDescriptor for a specified Windows Event Log")] String SecurityDescriptor;
    [Write, Description("Specifies the given LogFile path of a Windows Event Log")] String LogFilePath;
    [Write, Description("Specifies the given LogRetentionDays for the Logmode 'AutoBackup'")] Sint32 LogRetentionDays;
    [Write, Description("Restricts guest access to the specified Windows Event Log")] Boolean RestrictGuestAccess;
};

Setting a value of True to RestrictGuestAccess would set the key value to "1" and setting to False would set the key value to "0", as per https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpsb/0b9673a7-ce0a-49b4-912b-591efdb37cdf

This should be easy enough, although would need to ensure the appropriate registry path exists (which is what the Registry resource takes care of).

aydeisen commented 4 years ago

Confirmed: that's exactly what I'm looking for

cohdjn commented 3 years ago

Working on other updates to this resource. Will update as part of the PR with the other issues.