Rule V-220805 for WindowsClient-10 creates invalid group policy value #881
Comments
|
The most obvious result of this misconfiguration is the Windows Update (for unmanaged clients using Microsoft servers) fails. |
|
This issue will be fixed with the following PR: |
This seems to be fixed. Maybe this defect can get resolved. |
|
Still an issue - GPRegistryPolicyDSC has not released fix |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Rule V-220805 attempts to set the group policy value for "ComputerConfiguration\Administrative Templates\Network\SSL ConfigurationSettings\ECC Curve Order" to an array of allowed ECC curve algorithms. However instead of an array of algorithms, the result is a single string separated by spaces.
This appears to be rooted in a bug in GPRegistryPolicyDSC.
See issue dsccommunity/GPRegistryPolicyDsc#25
To Reproduce
Create a and apply configuration that contains the WindowsClient resource.
On the target computer, open the group policy editor (gpedit.msc).
Navigate to "ComputerConfiguration\Administrative Templates\Network\SSL ConfigurationSettings\ECC Curve Order"
Note the "ECC Curve Order" value.
Observed in versions 1.23 and 2.1
Expected behavior
"ECC Curve Order" should be:
Instead it is:
Screenshots
Should be:
Additional context
Although untested by me, this is may also a problem for:
WindowsServer-2012R2-DC 2.21
V-3338
V-3339
WindowsServer-2012R2-DC 3.1
V-226318 (legacy ID V-3338)
V-226319 (legacy ID V-3339)
V-226320 (legacy ID V-4443)
WindowsServer-2012R2-MS 2.19
V-3339
V-4443
WindowsServer-2012R2-MS 2.19
V-225495 (legacy ID V-3338)
V-225496 (legacy ID V-3339)
V-225497 (legacy ID V-4443)
All other uses of MultiString are either a single value or are empty.
The text was updated successfully, but these errors were encountered: