search

dsccommunity / SecurityPolicyDsc

A wrapper around secedit.exe to configure local security policies
MIT License
177 stars 53 forks source link

The term 'secedit.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. #165

Open marinmuso opened 3 years ago

marinmuso commented 3 years ago

Details of the scenario you tried and the problem that is occurring

I get an error trying to run the following:

(Invoke-DscResource -Name AccountPolicy -Method Get -Property @{Name ='notrequired'} -ModuleName SecurityPolicyDsc).Account_lockout_duration

This happens after the DSC is successfully applied to the machine. I am running the above command to test the DSC configuration...

Verbose logs showing the problem

==> azure-arm.dsc_node: The term 'secedit.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
==> azure-arm.dsc_node: the spelling of the name, or if a path was included, verify that the path is correct and try again.
==> azure-arm.dsc_node:     + CategoryInfo          : ObjectNotFound: (secedit.exe:) [], CimException
==> azure-arm.dsc_node:     + FullyQualifiedErrorId : CommandNotFoundException
==> azure-arm.dsc_node:     + PSComputerName        : localhost
==> azure-arm.dsc_node:
==> azure-arm.dsc_node: The PowerShell DSC resource '[AccountPolicy]DirectResourceAccess' with SourceInfo '' threw one or more non-terminating
==> azure-arm.dsc_node: errors while running the Get-TargetResource functionality. These errors are logged to the ETW channel called
==> azure-arm.dsc_node: Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
==> azure-arm.dsc_node:     + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
==> azure-arm.dsc_node:     + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
==> azure-arm.dsc_node:     + PSComputerName        : localhost

Suggested solution to the issue

SecEdit.exe is available:

PS C:\Users\admintest> where.exe secedit.exe C:\Windows\System32\SecEdit.exe

The DSC configuration that is used to reproduce the issue (as detailed as possible)

AccountPolicy AccountPolicies
 {
            Name = "PasswordPolicies"
            Account_lockout_duration                             = 30
            Account_lockout_threshold                            = 10
            Enforce_password_history                             = 24
            Maximum_Password_Age                                 = 60
            Minimum_Password_Age                                 = 1
            Minimum_Password_Length                              = 28
            Password_must_meet_complexity_requirements           = 'Enabled'
            Reset_account_lockout_counter_after                  = 30
 }

The operating system the target node is running

OsName               : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.x86fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.17763.1852
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.1852
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used

2.1.0.0