Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RegistryPolicyFile: MultiString with multiple items not formatted correctly in policy file #25

Open
General-Fault opened this issue May 21, 2021 · 1 comment
Open

RegistryPolicyFile: MultiString with multiple items not formatted correctly in policy file #25

General-Fault opened this issue May 21, 2021 · 1 comment
Assignees
@bcwilhite

Comments

@General-Fault
Copy link

General-Fault commented May 21, 2021
edited

Details of the scenario you tried and the problem that is occurring

When setting a registry policy file value that is a MultiString with multiple entries, all items end up in the same entry separated by spaces.

For example, when setting the group policy "ComputerConfiguration\Administrative Templates\Network\SSL ConfigurationSettings\ECC Curve Order" (registry key "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002:EccCurves" to @('curve25519', 'NistP384', NistP256'), the three values are saved in one string as 'curve25519 NistP384 NistP256'.

The fault can be found in New-GPRegistrySettingsEntry (

GPRegistryPolicyDsc/source/Modules/GPRegistryPolicyFileParser/GPRegistryPolicyFileParser.psm1

Line 310 in 3f0c234

$dataBytes = [System.Text.Encoding]::Unicode.GetBytes($RegistryPolicy.ValueData + "`0")
) where the ValueData array is implicitly cast to a string before being passed to Unicode.GetBytes. The array string separates the values with a space, not a null character as is needed.

Verbose logs showing the problem

N/A

Suggested solution to the issue

New-GPRegistrySettingsEntry should join the values with a null character before passing to Unicode.GetBytes

as in

[System.Text.Encoding]::Unicode.GetBytes(($RegistryPolicy.ValueData -join "`0") + "`0")

Similarly Format-MultiStringValue should not split on a space.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

This can be reproduced using Invoke-DscResource

invoke-dscresource -ModuleName GPRegistryPolicyDsc -Name RegistryPolicyFile -Method Set -Property @{
    TargetType = 'ComputerConfiguration'
    Key = 'SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002'
    ValueName = 'EccCurves'
    ValueData = @('curve25519', 'NistP384', 'NistP256')
    ValueType = 'MultiString'
    Ensure = 'Present'
} -verbose

The operating system the target node is running

Name Value
OsName Microsoft Windows 10 Enterprise LTSC
OsOperatingSystemSKU 125
OsArchitecture 64-bit
WindowsVersion 1809
WindowsBuildLabEx 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage en-US
OsMuiLanguages {en-US}

Version and build of PowerShell the target node is running

Name Value
PSVersion 5.1.17763.1852
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.1852
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Version of the DSC module that was used

Name Version Path
GPRegistryPolicyDsc 1.2.0 C:\Program Files\WindowsPowerShell\Modules\GPRegistryPolicyDsc\1.2.0\GPRegistryPolicyDsc.psd1
@General-Fault General-Fault mentioned this issue May 21, 2021
Open
@bcwilhite bcwilhite self-assigned this Jun 7, 2021
@bcwilhite
Copy link
Contributor

@erjenkin and I are able to reproduce this issue. We'll have a fix PR submitted this afternoon with additional detail/findings.

@bcwilhite bcwilhite mentioned this issue Jun 7, 2021
Merged
9 tasks
This was referenced Nov 1, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bcwilhite bcwilhite

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@General-Fault @bcwilhite