psm icon indicating copy to clipboard operation
psm copied to clipboard

Published 20 hours ago verified publisher icon cyberark

Hardening and Registration fails due to new PowerShell Security-Features

Open drandreas opened this issue 2 years ago • 1 comments

Describe the bug

  • Step: convert to securestring fails with ConvertFrom-SecureString : Access is denied.
  • Step: Run PSM registration fails with ConvertTo-SecureString : Key not valid for use in specified state.
  • Step: Run PSM hardening fails with ... some steps failed: AppLocker

To Reproduce Run psm role on Windows Server 2019 with latest Patches installed.

Expected behavior No error, successful PSM-Installation.

Additional context After some googling I think the issue is related to those commands requiring a "user"-session: https://www.reddit.com/r/PowerShell/comments/jafyin/convertfromsecurestring_in_pssession_results_in/

I got the automation working by adding become (https://docs.ansible.com/ansible/latest/user_guide/become.html) to those 3 steps:

    - name: Run PSM hardening
      become: yes
      become_method: runas
      become_user: Administrator
      win_shell: |
        ...

drandreas avatar Oct 11 '21 22:10 drandreas