Open AndrevdG opened 2 years ago
I had this same issue now, and I did what AndrevdG had done, by removing the HIVE shortnotation HKLM: from Key value and I expect the
RefreshRegistryPolicy 'ActivateClientSideExtension'
{
IsSingleInstance = 'Yes'
}
block should automatically call the gpupdate to refresh the registry.pol file but that did not happen. I had to manually run gpupdate /force and the settings/changes happened and saw the result.
Only gpupdate /force is creating the registry key and setting the value but not alone using gpupdate. I guess gpupdate /force overwrites existing values irrespective of the same policy, being applied earlier or not. RefreshRegistryPolicy need to be updated to invoke gpupdate/force.
Hi Andrew/Vijay,
I have configured local group policy, exported them locally on the server using the LGPO command and converted to DSC using the command "ConvertFrom-GPO -Path '.\Windows 10 Version 1903 and Windows Server Version 1903 Security Baseline\GPOs\' -OutputConfigurationScript"
The command gets executed with the following error and i see a PS1 file created locally and contains policies with "RegistryPolicyFile 'Registry(POL): "
Error:
Write-DSCString : The Write-DSCString command was called but the parameters block is missing a property name
At C:\Program Files\WindowsPowerShell\Modules\BaselineManagement\4.1.1\Parsers\GPO\Registry.ps1:360 char:5
Write-DSCString -Resource -Name "Registry(POL): $(Join-Path -Path ...
CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Write-DSCString
When I try to run the same below listed policy on a different standalone server, i get to see an error "RegistryPolicyFile : The term 'egistryPolicyFile' is not recognized ". Could you please suggest how can i fix this and run on a single new server
Policy :
RegistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators' { Key = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI' ValueData = 0 TargetType = 'ComputerConfiguration' ValueType = 'Dword' ValueName = 'EnumerateAdministrators' }
Error :
RegistryPolicyFile : The term 'egistryPolicyFile' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
egistryPolicyFile 'Registry(POL): HKLM:\Software\Microsoft\Windows\Cu ...
+ CategoryInfo : ObjectNotFound: (egistryPolicyFile:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Appreciate any leads. Thank you.
@rahul8062 I think you would be best of creating a new issue/question related to your problem as, as far as I can see, it is not related to the original post.
That being said, based on the information provided the thing that stands out to me is your error message:
RegistryPolicyFile : The term 'egistryPolicyFile' is not recognized as the name of a cmdlet, function, script file, or operable program.
My guess is that either you made a spelling error (forgetting the 'R' somewhere) or potentially you copy/pasted the contents from somewhere and there is some control character embedded. In that case I would suggest copying the content of the file to notepad and checking if there are no extraneous characters. Other than that I am not sure what is happening for you.
I am experiencing the same issue as AndrevdG and avijayanand-star. Applying the generated DSC configuration as is breaks group policy. If I remove the hive notation from the "Key =" sections of the localhost.mof, the DSC applies without issue.
Was any cause/solution to this situation determined?
When converting a group policy to DSC register values are converted to 'RegisterPolicyFile' values, like for instance:
After the mof file is created and applied, group policy fails with a registry error:
The processing of Group Policy failed because of an internal system error. Please see the Group Policy operational log for the specific error message. An attempt will be made to process Group Policy again at the next refresh cycle.
Sadly eventlog does not seem to indicate any useable information as to what the issue was, but after enabling debug logging for group policy I found the following error(s) in de debug log:
In the same log I also noticed that other register paths are displayed differently, for instance:
Based on this I suspected that considering the registry.pol file the settings are added to by 'RegistryPolicyFile ' are already aimed at Machine or User level, only the subpath is contained within the file.
If I manually change the exported register files to omit 'HKLM:\' from the 'Key' value then the resulting mof file seems to apply correctly. So:
does work, policy processing runs without error and no longer an error is logged in the debug logging (and more importantly, the register key/value is created)