Open rickbond4 opened 5 years ago
athaynes
commented
5 years ago Is the resource on the computer you are running the scan against? I have a few times where the resource copy to the target node in the DSCEA scan didn't complete and I just ended up copying them manually in the rare instance that happened to me.
rickbond4
commented
5 years ago Yes I am trying to scan the computer I am running the powershell on.
athaynes
commented
5 years ago Hmm, If you run Test-DscConfiguration do you get the same result?
rickbond4
commented
5 years ago yes I am getting the same type of error with Test-DscConfig. PS C:\Windows\system32> Test-DscConfiguration WARNING: [PNTOPSNOTE06]: [] The TEST operation will be carried against a pending configuration since the latest configuration has not converged yet. The PowerShell DSC resource NTFSAccessEntry from module <AccessControlDSC,1.2.0.0> does not exist at the PowerShell module path nor is it registered as a WMI DSC resource.
bcwilhite
commented
5 years ago Hi @rickbond4 could you execute the following PowerShell one-liner on the machine you're trying to run the configuration against and post the results here?
Get-DscResource | Select-Object -Property Module, Version -UniqueAlso, did you install the PowerSTIG module from the PowerShellGallery or from a local github repo?
rickbond4
commented
5 years ago On the Original win 10 machine I am now getting errors that there is a second CIM definition for every dependency. I think this is because I installed the module with the -Scope as a normal user, then reopened pwshell as a admin to run it. So I copied the module to the System32\windowspowershell\… folder.
When I run that command I get the duplicate CIM errors and then.
Module
AccessControlDSC
AuditPolicyDsc
FileContentDsc
PackageManagement
PolicyFileEditor
PowerSTIG
PSDesiredStateConfiguration
SecurityPolicyDsc
SqlServerDsc
WindowsDefenderDsc
xDnsServer
xPSDesiredStateConfiguration
xWebAdministration
xWinEventLog
bcwilhite
commented
5 years ago @rickbond4 Can you clean up all the modules by removing them, from all your module locations, to simplify troubleshooting, then redownload PowerSTIG, when you do, it should go in the Program Files directory, if you've elevated, rather than the Windows\System32 directory. Once you've done that, try again and report back if you will. Also, I updated the one-liner above to include the module version.
rickbond4
commented
5 years ago I will clean up all the modules on the windows 10 machine and try again. is just deleting the module folders the best way to clean them up?
Also I think I got it to work on a server 2016 machine connecting to another 2016 machine, but when I run the $audit.Compliance command I only get one line back.
and when I try to run the $audit.ResourcesNotInDesiredState[0] command I get a "can't index into a null array error at line:1 char:1.
rtabit
commented
5 years ago I think this happens when you build/use mof to audit on the same server you are auditing(-ComputerName value from commands is same computer you are executing command on) and install with scope as shown in wiki. Also you do not install DSCEA with scope even though wiki does, initial mistake (I'm guessing here, never actually tried installing DSCEA with scope).
Install-Module PowerSTIG -Scope CurrentUser
Install-Module DSCEA #forgot to add scope -Scope CurrentUserThis results in required modules cannot be found since they are in documents/powershell directory(or whatever). To fix this I ran:
(Get-Module PowerStig -ListAvailable).RequiredModules | % {
$PSItem | Install-Module -Force
}But then I got duplicates error. So I deleted required modules from documents/powershell and that seemed to fix issues. Another solution is to build/deploy/run audit commands on a authoring machine, and deploy modules to other deployment machines.
When running the command "Start-DSCEAscan -MofFile C:\test\localhost.mof -ComputerName PNTOPSNOTE06 -OutputPath C:\test\" I get the following error "WARNING: The DSCEA scan completed but job errors were detected. Please check 'results.20190219-1548-20.xml' for details"
Here is the details of the results file
NotFoundMIThe requested object could not be found.The PowerShell DSC resource NTFSAccessEntry from module <AccessControlDSC,1.2.0.0> does not exist at the PowerShell module path nor is it registered as a WMI DSC resource.DscResourceNotFoundMSFT_WmiErrorroot/Microsoft/Windows/DesiredStateConfigurationPNTOPSNOTE06<CLASS NAME="MSFT_WmiError"><PROPERTY NAME="CIMStatusCode" TYPE="uint32"></PROPERTY><PROPERTY NAME="CIMStatusCodeDescription" TYPE="string"></PROPERTY><PROPERTY NAME="error_Category" TYPE="uint16"></PROPERTY><PROPERTY NAME="error_Code" TYPE="uint32"></PROPERTY><PROPERTY NAME="error_Type" TYPE="string"></PROPERTY><PROPERTY NAME="error_WindowsErrorMessage" TYPE="string"></PROPERTY><PROPERTY NAME="ErrorSource" TYPE="string"></PROPERTY><PROPERTY NAME="ErrorSourceFormat" TYPE="uint16"></PROPERTY><PROPERTY NAME="ErrorType" TYPE="uint16"></PROPERTY><PROPERTY NAME="Message" TYPE="string"></PROPERTY><PROPERTY.ARRAY NAME="MessageArguments" TYPE="string"></PROPERTY.ARRAY><PROPERTY NAME="MessageID" TYPE="string"></PROPERTY><PROPERTY NAME="OtherErrorSourceFormat" TYPE="string"></PROPERTY><PROPERTY NAME="OtherErrorType" TYPE="string"></PROPERTY><PROPERTY NAME="OWningEntity" TYPE="string"></PROPERTY><PROPERTY NAME="PerceivedSeverity" TYPE="uint16"></PROPERTY><PROPERTY NAME="ProbableCause" TYPE="uint16"></PROPERTY><PROPERTY NAME="ProbableCauseDescription" TYPE="string"></PROPERTY><PROPERTY.ARRAY NAME="RecommendedActions" TYPE="string"></PROPERTY.ARRAY></CLASS>DscResourceNotFoundThe PowerShell DSC resource NTFSAccessEntry from module <AccessControlDSC,1.2.0.0> does not exist at the PowerShell module path nor is it registered as a WMI DSC resource.Void ProcessNativeCallback(Microsoft.Management.Infrastructure.Native.OperationCallbackProcessingContext, T, Boolean, Microsoft.Management.Infrastructure.Native.MiResult, System.String, Microsoft.Management.Infrastructure.Native.InstanceHandle)at Microsoft.Management.Infrastructure.Internal.Operations.CimAsyncObserverProxyBase`1.ProcessNativeCallback(OperationCallbackProcessingContext callbackProcessingContext, T currentItem, Boolean moreResults, MiResult operationResult, String errorMessage, InstanceHandle errorDetailsHandle)Microsoft.Management.Infrastructureroot/Microsoft/Windows/DesiredStateConfiguration:MSFT_DSCLocalConfigurationManagerDscResourceNotFoundCimExceptionroot/Microsoft/Windows/DesiredStateConfiguration:MSFT_DSCLocalConfigurationManagerStringInvalidOperation: (root/Microsoft/...gurationManager:String) [], CimExceptionfalsePNTOPSNOTE06I tried installing Install-Module -Name AccessControlDSC and that did not fix it. I also ran winrm quickconfig to make sure winrm was installed and working.