New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardening and Registration fails due to new PowerShell Security-Features #115

Open

drandreas opened this issue Oct 11, 2021 · 1 comment

Labels

drandreas commented Oct 11, 2021

Describe the bug

Step: convert to securestring fails with ConvertFrom-SecureString : Access is denied.
Step: Run PSM registration fails with ConvertTo-SecureString : Key not valid for use in specified state.
Step: Run PSM hardening fails with ... some steps failed: AppLocker

To Reproduce
Run psm role on Windows Server 2019 with latest Patches installed.

Expected behavior
No error, successful PSM-Installation.

Additional context
After some googling I think the issue is related to those commands requiring a "user"-session:
https://www.reddit.com/r/PowerShell/comments/jafyin/convertfromsecurestring_in_pssession_results_in/

I got the automation working by adding become (https://docs.ansible.com/ansible/latest/user_guide/become.html) to those 3 steps:

    - name: Run PSM hardening
      become: yes
      become_method: runas
      become_user: Administrator
      win_shell: |
        ...

The text was updated successfully, but these errors were encountered:

ConjOps added the contributor label

drerik commented Mar 2, 2022

Is there coming an official patch from cyberark on this one, or are you accepting patches?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment