search

dsccommunity / GPRegistryPolicyDsc

DSC resources used to apply and manage local group policies by modifying the respective .pol file.
MIT License
21 stars 7 forks source link

RegistryPolicyFile: MultiString with multiple items not formatted correctly in policy file #25

Closed General-Fault closed 6 months ago

General-Fault commented 3 years ago

Details of the scenario you tried and the problem that is occurring

When setting a registry policy file value that is a MultiString with multiple entries, all items end up in the same entry separated by spaces.

For example, when setting the group policy "ComputerConfiguration\Administrative Templates\Network\SSL ConfigurationSettings\ECC Curve Order" (registry key "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002:EccCurves" to @('curve25519', 'NistP384', NistP256'), the three values are saved in one string as 'curve25519 NistP384 NistP256'.

The fault can be found in New-GPRegistrySettingsEntry (https://github.com/dsccommunity/GPRegistryPolicyDsc/blob/3f0c2341eb03219637f0832562465008c80b0d0d/source/Modules/GPRegistryPolicyFileParser/GPRegistryPolicyFileParser.psm1#L310) where the ValueData array is implicitly cast to a string before being passed to Unicode.GetBytes. The array string separates the values with a space, not a null character as is needed.

Verbose logs showing the problem

N/A

Suggested solution to the issue

New-GPRegistrySettingsEntry should join the values with a null character before passing to Unicode.GetBytes

as in 

[System.Text.Encoding]::Unicode.GetBytes(($RegistryPolicy.ValueData -join "`0") + "`0")

Similarly Format-MultiStringValue should not split on a space.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

This can be reproduced using Invoke-DscResource

invoke-dscresource -ModuleName GPRegistryPolicyDsc -Name RegistryPolicyFile -Method Set -Property @{
    TargetType = 'ComputerConfiguration'
    Key = 'SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002'
    ValueName = 'EccCurves'
    ValueData = @('curve25519', 'NistP384', 'NistP256')
    ValueType = 'MultiString'
    Ensure = 'Present'
} -verbose

The operating system the target node is running

Name Value
OsName Microsoft Windows 10 Enterprise LTSC
OsOperatingSystemSKU 125
OsArchitecture 64-bit
WindowsVersion 1809
WindowsBuildLabEx 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage en-US
OsMuiLanguages {en-US}

Version and build of PowerShell the target node is running

Name Value
PSVersion 5.1.17763.1852
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.1852
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Version of the DSC module that was used

Name Version Path
GPRegistryPolicyDsc 1.2.0 C:\Program Files\WindowsPowerShell\Modules\GPRegistryPolicyDsc\1.2.0\GPRegistryPolicyDsc.psd1
bcwilhite commented 3 years ago

@erjenkin and I are able to reproduce this issue. We'll have a fix PR submitted this afternoon with additional detail/findings.

General-Fault commented 6 months ago

Has this been fixed in 1.3.1?

General-Fault commented 6 months ago

To answer my own question - confirmed fixed in 1.3.1. Thank you!

johlju commented 6 months ago

Thanks for confirming that. I close this issue then.