psm
psm copied to clipboard
Hardening and Registration fails due to new PowerShell Security-Features
Describe the bug
- Step:
convert to securestring
fails withConvertFrom-SecureString : Access is denied.
- Step:
Run PSM registration
fails withConvertTo-SecureString : Key not valid for use in specified state.
- Step:
Run PSM hardening
fails with... some steps failed: AppLocker
To Reproduce Run psm role on Windows Server 2019 with latest Patches installed.
Expected behavior No error, successful PSM-Installation.
Additional context After some googling I think the issue is related to those commands requiring a "user"-session: https://www.reddit.com/r/PowerShell/comments/jafyin/convertfromsecurestring_in_pssession_results_in/
I got the automation working by adding become
(https://docs.ansible.com/ansible/latest/user_guide/become.html) to those 3 steps:
- name: Run PSM hardening
become: yes
become_method: runas
become_user: Administrator
win_shell: |
...