[AI Generated] Ensure correct DSC export of admin settings

[Trenly]

Copilot Summary

winget dsc export --all exports all admin settings as false even when enabled. Root cause: SecureSettingsContainer doesn't verify that verification hash writes succeed, causing subsequent reads to throw unhandled exceptions.

• Resolves winget dsc export --all has wrong values for Admin Settings #5881

Changes

AdminSettings.cpp

• Added exception handling around m_settingStream.Get() to catch verification failures
• Falls back to default values with error logging instead of crashing

Settings.cpp

• Changed SetVerificationData() to return bool indicating write success
• SecureSettingsContainer::Set() now checks verification write result
• Reverts main write if verification write fails (atomic operation)
• Added diagnostic logging for verification failures

Technical Detail

SecureSettingsContainer stores settings in one file and SHA256 hash in another. Write path was:

bool Set(value) {
    bool result = ExchangeSettingsContainer::Set(value);
    if (result) {
        SetVerificationData(hash);  // Return value ignored - bug
    }
    return result;
}

Now enforces atomicity:

bool Set(value) {
    bool result = ExchangeSettingsContainer::Set(value);
    if (result) {
        if (!SetVerificationData(hash)) {
            Remove();  // Revert
            return false;
        }
    }
    return result;
}

Read path now handles verification exceptions gracefully rather than leaving settings at default values.

Microsoft Reviewers: Open in CodeFlow

[JohnMcPMS]

Should have test that intentionally corrupts the verification file of the admin settings to confirm that you get default values out.

[Trenly]

Updated

[JohnMcPMS]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[JohnMcPMS]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[Trenly]

Huh. . . I tested this locally and had no test failures. Looking into it. . .

[Trenly]

@JohnMcPMS - I'm terribly confused here, the tests are passing on my local with the exception of VerifyIsSameVolume which always fails on my machine and I expect to be failing

[JohnMcPMS]

Packaged vs unpackaged??

Yes, when packaged the basic settings streams are not stored in files but in the app settings (which basically end up being in an offline registry hive I think...).

[JohnMcPMS]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).