search

dsccommunity / SecurityPolicyDsc

A wrapper around secedit.exe to configure local security policies
MIT License
177 stars 53 forks source link

SecurityOption : Interactive_logon_Message_ #123

Closed ghost closed 5 years ago

ghost commented 5 years ago

Details of the scenario you tried and the problem that is occurring

applied the following options however the resource is erroring but from what I can tell it is applying the setting as the txt and the title are being updated. attached as much info as poss.

Interactive_logon_Message_text_for_users_attempting_to_log_on = 'By logging into the ONTHEMARKET PLC network you agree to abide by the terms of the Device and Acceptable Use Policy (ADUP). Users are responsible for ensuring that they act in accordance with the ADUP and other policies and legislation. Users activity is monitored to ensure policy and legal compliance, more information can be found at XXXXXX.XXXXXX.XXX.' # 2.3.7.4 (L1) Configure 'Interactive logon: Message text for users attempting to log on'

Interactive_logon_Message_title_for_users_attempting_to_log_on = 'ONTHEMARKET PLC' # 2.3.7.5 (L1) Configure 'Interactive logon: Message title for users attempting to log on'

Verbose logs showing the problem

Job {6C0671B7-8158-11E9-8414-38BAF8EE55B5} : MIResult: 1 Error Message: The SendConfigurationApply function did not succeed. Message ID: MI RESULT 1 Error Category: 0 Error Code: 1 Error Type: MI

Job {6C0671B7-8158-11E9-8414-38BAF8EE55B5} : MIResult: 1 Error Message: PowerShell DSC resource MSFT_SecurityOption failed to execute Set-TargetResource functionality with error message: Failed to update security option Interactive_logon_Message_text_for_users_attempting_to_log_on. Refer to %windir%\security\logs\scesrv.log for details. Message ID: ProviderOperationExecutionFailure Error Category: 7 Error Code: 1 Error Type: MI

Job {6C0671B7-8158-11E9-8414-38BAF8EE55B5} : This event indicates that failure happens when LCM is processing the configuration. Error Id is 0x1. Error Detail is The SendConfigurationApply function did not succeed.. Resource Id is [SecurityOption]AccountSecurityOptions and Source Info is C:\Windows\secure-windows-build.ps1::339::9::SecurityOption. Error Message is PowerShell DSC resource MSFT_SecurityOption failed to execute Set-TargetResource functionality with error message: Failed to update security option Interactive_logon_Message_text_for_users_attempting_to_log_on. Refer to %windir%\security\logs\scesrv.log for details. .

Job {6C0671B7-8158-11E9-8414-38BAF8EE55B5} : Message Failed to update security option Interactive_logon_Message_text_for_users_attempting_to_log_on. Refer to %windir%\security\logs\scesrv.log for details. HResult -2146233087 StackTrack at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke) at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync) at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection1 input, PSDataCollection1 output, PSInvocationSettings settings) at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection1 input, PSDataCollection1 output, PSInvocationSettings settings) at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings) at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd, List1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration, LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32& resultStatusHandle, Collection1& result, ErrorRecord& errorRecord, PSModuleInfo localRunSpaceModuleInfo)

Suggested solution to the issue

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# insert configuration here

The operating system the target node is running

Version and build of PowerShell the target node is running

Version of the DSC module that was used ('dev' if using current dev branch)

markwragg commented 5 years ago

I am seeing the same issue, the logon message is applied successfully but DSC always returns:

PowerShell DSC resource MSFT_SecurityOption  failed to execute Set-TargetResource functionality with error message: Failed to update security option Interactive_logon_Message_text_for_users_attempting_to_log_on
markwragg commented 5 years ago

Actually I realised I was still using an old version of the resource. The problem went away for me after I updated via Install-Module 'SecurityPolicyDsc' -Force.

I was previously using version 2.6.0.0 of the module, seems to be fixed having updated to 2.8.0.0

jcwalker commented 5 years ago

@markwragg awesome! Glad you got it figured out.