Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

registry_key needs to be case insensitive #254

Closed
alexpop opened this issue Nov 23, 2015 · 0 comments
Closed

registry_key needs to be case insensitive #254

alexpop opened this issue Nov 23, 2015 · 0 comments
Labels
Type: Bug Feature not working as expected

Comments

@alexpop
Copy link
Contributor

alexpop commented Nov 23, 2015

Repro steps:

  1. Take a Windows 2012r2 instance and run the following Powershell command:
PS C:\> Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0 -name NTLMMinServerSec

NtlmMinServerSec : 536870912
  1. Use this chef-client resource to set NTLMMinServerSec to the desired value:
registry_key 'HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0' do
  values [{ name: 'NTLMMinServerSec', type: :dword, data: 537_395_200 }]
  recursive true
  action :create
end
  1. Run the following Powershell command to retrieve the value of the registry key:
PS C:\> Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0 -name NTLMMinServerSec

NtlmMinServerSec : 537395200

^ This shows that the chef-client registry_key resource found the entry and set the desired value. Observe the case insensitive nature of the NTLM in the Powershell and chef-client context.

  1. Run an inspec test using this rule, currently used in compliance-profiles/base/windows/test/base_spec.rb:
rule 'windows-base-203' do
  impact 1.0
  title 'Enable Strong Encryption for Windows Network Sessions on Servers'
  describe registry_key('HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0') do
    it { should exist }
    its('NTLMMinServerSec') { should eq 537395200 }
  end
end
  1. Run an inspec test using this rule:
rule 'windows-base-203' do
  impact 1.0
  title 'Enable Strong Encryption for Windows Network Sessions on Servers'
  describe registry_key('HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0') do
    it { should exist }
    its('NtlmMinServerSec') { should eq 537395200 }
  end
end

Expected results:

  • Test 4 succeeds
  • Test 5 succeeds

Actual results:

  • Test 4 fails with this output:
    3) Registry Key HKLM\System\CurrentControlSet\Control\Lsa\MSV10 NTLMMinServerSec
       Failure/Error: its('NTLMMinServerSec') { should eq 537395200 }
       NoMethodError:
         undefined method `[]' for nil:NilClass
       # /Users/apop/.chefdk/gem/ruby/2.1.0/gems/inspec-0.9.3/lib/resources/registry_key.rb:56:in `method_missing'
       # demo/windows/test/random.rb:48:in `block (3 levels) in load'
  • Test 5 succeeds

Test 4 fails because the registry_key inspec resource is case sensitive.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Feature not working as expected
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexpop @chris-rock