search

fbprogmbh / MBAM-Test-Automation

The MBAM Test Automation Package gives you the ability to get an overview about the availability and the security status of your Microsoft Bitlocker Administration and Monitoring (MBAM) system. You can easily create HTML-reports, even on a regulary basis. Or test specific components and security issues of your system.
https://fb-pro.com/mbam-test-automation-package/
BSD 3-Clause "New" or "Revised" License
8 stars 1 forks source link

No error with gpo_template file in configured environment #32

Open devesly opened 4 years ago

devesly commented 4 years ago

In the gpo_template file all policies are marked as disabled. This should raise some error messages in a configured environment where policies are enabled. Problem: If the write-logfile function throws an error it will be catch and obj.status and obj.passed will be set to an incorrect value regardless of the result of Get-MBAMGpoRuleState.

 if($policy.PolicyState -eq 'disabled')
            {
                try 
                {
                    Get-MBAMGpoRuleState -PolicyKey $policy.PolicyKey -PolicyValue $policy.PolicyValue -path $policy.PolicyPath -ErrorAction Stop | Out-Null

                    $obj.Status = "Policy falsely enabled"
                    $obj.Passed = 2

                    # log error
                    $mes = "MBAM Policy $($policy.PolicyKey) falsely enabled, please check settings."+[System.Environment]::NewLine
                    $msg += $_.Exception.toString()+[System.Environment]::NewLine
                    $msg += "; " + $_.ScriptStackTrace.toString()
                    write-LogFile -Path $LogPath -name $LogName -message $msg -Level Error

                }
                catch
                {
                    $obj.Status = "Policy disabled as expected"
                    $obj.Passed = 1
                }            
            }