Details of the scenario you tried and the problem that is occurring
I'm trying to use the AccountPolicy resource and if I include any of the Account Lockout settings the application of the resource fails with the error below. The examples don't include these settings, so I am not sure if I got the syntax correct, but it looks the same as other people with issues. I;ve tried the values with and without quotes.
PowerShell DSC resource MSFT_AccountPolicy failed to execute Set-TargetResource functionality with error message: Failed to update Account
Policy Account_lockout_duration,Reset_account_lockout_counter_after. Refer to %windir%\security\logs\scesrv.log for details.
Verbose logs showing the problem
The log file in question shows:
----Configure Security Policy...
Configure password information.
Error 87: The parameter is incorrect.
Error configuring account lockout information.
Error 1: Incorrect function.
System Access configuration was completed with one or more errors.
Suggested solution to the issue
The DSC configuration that is used to reproduce the issue (as detailed as possible)
# insert configuration here
Configuration PasswordPolicy {
Import-DscResource -ModuleName PsDesiredStateConfiguration
Import-DscResource -ModuleName AuditPolicyDsc
Import-DscResource -ModuleName SecurityPolicyDsc
AccountPolicy AccountPolicies
{
Name = 'PasswordPolicies'
Enforce_password_history = 24
Maximum_Password_Age = 42
Minimum_Password_Age = 0
Minimum_Password_Length = 10
Password_must_meet_complexity_requirements = 'Enabled'
Store_passwords_using_reversible_encryption = 'Disabled'
Account_lockout_duration = '0'
Account_lockout_threshold = '5'
Reset_account_lockout_counter_after = '30'
}
}The operating system the target node is running
OsName : Microsoft Windows Server 2019 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture : 64-bit
WindowsVersion : 1809
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage : en-US
OsMuiLanguages : {en-US}`
Version and build of PowerShell the target node is running
Name Value
---- -----
PSVersion 5.1.17763.592
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.592
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Version of the DSC module that was used ('dev' if using current dev branch)
master
Details of the scenario you tried and the problem that is occurring
I'm trying to use the AccountPolicy resource and if I include any of the Account Lockout settings the application of the resource fails with the error below. The examples don't include these settings, so I am not sure if I got the syntax correct, but it looks the same as other people with issues. I;ve tried the values with and without quotes.
Verbose logs showing the problem
The log file in question shows:
Suggested solution to the issue
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
Version and build of PowerShell the target node is running
Version of the DSC module that was used ('dev' if using current dev branch)
master