Closed JustinCochran closed 7 years ago
Peck49
commented
7 years ago Having the same problem. Group three throws an error when being created, so is not created. Then the template will not get created, as the file group (3) doesn't exist, so the file screens are not created as the template doesn't exist.
abg-andrew
commented
7 years ago Can report the same thing is happening to me, Server 2008, 2008 R2 and 2012.
AciidSn3ak3r
commented
7 years ago Can confirm the same thing too. Was under the impression the script didn't change but the list of file types did. FYI I updated the server it runs on with the following KB's on the 19th (so potentially cause, anyone else do this). KB2987107 - IE11 Security Update KB4018271 - IE11 Security Update KB4019108 - May 2017 Security update for .net KB4019264 - 2017-05 Security Monthly quality roll up KB4019263 - 2017-05 Security Only quality update KB4019112 - May 2017 Security and Quality Roll up for .net
mjtilford
commented
7 years ago I've managed to work out the issue and have written a fix. The problem is that the file group 3 in this update is EXACTLY 4096 characters long which turns out is 1 bigger than you are allowed.
You can fix this in one of two ways, both on line 76. Pick whichever version you are happy with: if (($LengthOfStringsInWorkingArray + 1 + $.Length) -ge 4096) if (($LengthOfStringsInWorkingArray + 1 + $.Length) -gt 4095)
Peck49
commented
7 years ago Can confirm that changing line 76 to 4095 as opposed to 4096 resolved the issue for me.
PaulyHaley
commented
7 years ago Good spot. There should be some error handling in the script for unforeseen problems like this and a way to notify an administrator, so it can be investigated, otherwise you blissfully think your being protected, when in actual fact your not! I imagine once this has been setup, you would not think to check or monitor it regularly after the initial implementation and your scripts are running.
JustinCochran
commented
7 years ago Changing to 4095 resolved this issue for me as well. Thanks!
AciidSn3ak3r
commented
7 years ago @mjtilford you're missing an underscore in the strings you've provided. Without it, it caused my script to fail. This is what I used - if (($LengthOfStringsInWorkingArray + 1 + $.Length) -gt 4095)_
Also, should this be closed? It's clearly still a bug in the script.
Also, this caused the CryptoBlockerTemplate settings to go amiss.
nexxai
commented
7 years ago Hi guys,
Sorry, I was out of town this weekend and only just got back to see this. I've updated the main script to reflect the 4096->4095 change.
As a side note: leaving an issue like this is the best way to get a hold of us, this weekend was just an aberration.
Thanks
I was running this script all morning and tweaking it. I got it to work wonderfully on Server 2012 R2. I let it sit for a few hours and update in the background.
Now when it run both the default script and my modified one it fails to create CryptoBlockerGroup3, the Template, and the file Screens. It stops after: Add new file groups.
The syntax of this command is:
Filescrn Filegroup Add /Filegroup:FG_NAME /Members:"MEMBERS" [/Nonmembers:"NONMEMBERS"] [/Remote:MACHINE]
/Filegroup:FG_NAME Add file group with name FG_NAME.
/Members:"MEMBERS" Configure file group member patterns. MEMBERS is a list of file name patterns separated by '|'.
/Nonmembers:"NONMEMBERS" Configure file group non-member patterns. NONMEMBERS is a list of file name patterns separated by '|'.
/Remote:MACHINE Perform the operation on machine MACHINE.
Example: Filescrn Filegroup Add /Filegroup:"Log Files" /Members:".log|.history"