microsoft
Rule V-220805 for WindowsClient-10 creates invalid group policy value
Describe the bug Rule V-220805 attempts to set the group policy value for "ComputerConfiguration\Administrative Templates\Network\SSL ConfigurationSettings\ECC Curve Order" to an array of allowed ECC curve algorithms. However instead of an array of algorithms, the result is a single string separated by spaces.
This appears to be rooted in a bug in GPRegistryPolicyDSC. See issue https://github.com/dsccommunity/GPRegistryPolicyDsc/issues/25
To Reproduce Create a and apply configuration that contains the WindowsClient resource. On the target computer, open the group policy editor (gpedit.msc). Navigate to "ComputerConfiguration\Administrative Templates\Network\SSL ConfigurationSettings\ECC Curve Order" Note the "ECC Curve Order" value.
Observed in versions 1.23 and 2.1
Expected behavior "ECC Curve Order" should be:
NistP256 NistP384
Instead it is:
NistP256 NistP384
Screenshots
Should be:
Additional context Although untested by me, this is may also a problem for: WindowsServer-2012R2-DC 2.21 V-3338 V-3339 WindowsServer-2012R2-DC 3.1 V-226318 (legacy ID V-3338) V-226319 (legacy ID V-3339) V-226320 (legacy ID V-4443) WindowsServer-2012R2-MS 2.19 V-3339 V-4443 WindowsServer-2012R2-MS 2.19 V-225495 (legacy ID V-3338) V-225496 (legacy ID V-3339) V-225497 (legacy ID V-4443)
All other uses of MultiString are either a single value or are empty.
The most obvious result of this misconfiguration is the Windows Update (for unmanaged clients using Microsoft servers) fails.
This issue will be fixed with the following PR: GPRegistryPolicyDSC Fix PR
This seems to be fixed. Maybe this defect can get resolved.
