search

dsccommunity / SecurityPolicyDsc

A wrapper around secedit.exe to configure local security policies
MIT License
177 stars 53 forks source link

AccountPolicy: Support for -Prefix when importing the MSFT_AccountPolicy Module #170

Open AndrewStrickland opened 2 years ago

AndrewStrickland commented 2 years ago

Details of the scenario you tried and the problem that is occurring

We bypass the LCM and process the MOF manually. To avoid conflicts in loading DSC Modules, they are imported using the -Prefix argument.

Import-Module -Name C:\Program Files\WindowsPowerShell\Modules\SecurityPolicyDsc\2.10.0.0\DSCResources\MSFT_AccountPolicy\MSFT_AccountPolicy.psm1 -Function 'Test-TargetResource','Set-Targetresource' -Prefix AccountPolicy -PassThru -ErrorAction Stop

Now when Test-AccountPolicyTargetResource is executed, it errors.

Verbose logs showing the problem

Get-Command : The term 'Set-TargetResource' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the 
spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Program 
Files\WindowsPowerShell\Modules\SecurityPolicyDsc\2.10.0.0\Modules\SecurityPolicyResourceHelper\SecurityPolicyResourceHelper.psm1:467 char:27
+ ... ameters = ( Get-Command -Name "Set-TargetResource" -Module $ModuleNam ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Set-TargetResource:String) [Get-Command], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand

Suggested solution to the issue

C:\Program Files\WindowsPowerShell\Modules\SecurityPolicyDsc\2.10.0.0\Modules\SecurityPolicyResourceHelper\SecurityPolicyResourceHelper.psm1 Line 467-468

Current: 

$moduleParameters = ( Get-Command -Name "Set-TargetResource" -Module $ModuleName ).Parameters.Keys |
        Where-Object -FilterScript { $PSItem -notin $commonParameters }

Proposed:

$moduleParameters = ( Get-Command -Name "Set-*TargetResource" -Module $ModuleName ).Parameters.Keys |
        Where-Object -FilterScript { $PSItem -notin $commonParameters }

The DSC configuration that is used to reproduce the issue (as detailed as possible)

instance of MSFT_AccountPolicy as $MSFT_AccountPolicy1ref
{
ModuleVersion = "2.10.0.0";
 Account_lockout_threshold = 3;
 Name = "Account_lockout_threshold";
 SourceInfo = "::2::9::AccountPolicy";
 ModuleName = "SecurityPolicyDsc";
 ResourceID = "[AccountPolicy][V-205629][medium][SRG-OS-000021-GPOS-00005]::[WindowsServer]WindowsServer-2019-MS-2.2";
 ConfigurationName = "GenerateMOF";
};

The operating system the target node is running

OsName               : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value                                                                                                         
----                           -----                                                                                                         
PSVersion                      5.1.17763.2183                                                                                                
PSEdition                      Desktop                                                                                                       
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                       
BuildVersion                   10.0.17763.2183                                                                                               
CLRVersion                     4.0.30319.42000                                                                                               
WSManStackVersion              3.0                                                                                                           
PSRemotingProtocolVersion      2.3                                                                                                           
SerializationVersion           1.1.0.1

Version of the DSC module that was used

PS \> Get-Module SsecurityPolicyDsc -ListAvailable

    Directory: C:\Program Files\WindowsPowerShell\Modules

ModuleType Version    Name                                ExportedCommands                                                                   
---------- -------    ----                                ----------------                                                                   
Manifest   2.10.0.0   SecurityPolicyDsc
AndrewStrickland commented 2 years ago

Confirmed that this is NOT an issue in 3.0.0-preview0006