Unable to Configure the policy

shabircse · November 11, 2024, 2:48pm

Hi,

i am trying to enable the below policy using a fixlets. i tried multiple ways but only the registry key is getting created the policy is still showing as not configured.

Methods Tried:

waithidden "{pathname of system folder}\reg.exe" add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup" /v "MaxSize" /t REG_DWORD /d 32768 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application" /v "MaxSize" /t REG_DWORD /d 32768 /f

 / To use this template, update or remove the following blocks and replace the Relevance
 
// Enter your action script here
 
begin prefetch block
 
  add prefetch item name=LGPO.zip sha1=4578a97946102a20505d1e8f09abedd1fd7a8d89 size=531635 url=https://download.microsoft.com/download/8/5/C/85C25433-A1B0-4FFA-9429-7E023E7DA8D8/LGPO.zip sha256=cb7159d134a0a1e7b1ed2ada9a3ce8ce8f4de391d14403d55438af824247cc55
 
  // Download UnZip utility
  add prefetch item name=unzip.exe sha1=84debf12767785cd9b43811022407de7413beb6f size=204800 url=http://software.bigfix.com/download/redist/unzip-6.0.exe sha256=2122557d350fd1c59fb0ef32125330bde673e9331eb9371b454c2ad2d82091ac
 
 
collect prefetch items
end prefetch block
 
// Add LGPO.zip to the client utility cache
utility __Download\LGPO.zip
 
// Add unzip.exe to the client utility cache
utility __Download\unzip.exe
 
waithidden __Download\unzip.exe -o "{pathname of client folder of current site}\__Download\LGPO.zip" -d "{pathname of client folder of current site}\__Download"
 
 
action uses wow64 redirection false
 
delete __createfile
createfile until EOF_EOF_EOF
; ----------------------------------------------------------------------
; PARSING COMPUTER POLICY
; Source file:  \temp\Registry.pol
 
Computer
SOFTWARE\Policies\Microsoft\Windows\EventLog\Application
MaxSize
DWORD:81920
 
; PARSING COMPLETED.
; ----------------------------------------------------------------------
 
EOF_EOF_EOF
 
delete regpol.txt
move __createfile regpol.txt
 
waithidden __Download\LGPO_30\LGPO.exe  /t regpol.txt
continue if {exit code of action = 0}

i cannot figure out what i am doing wrong here.?

DerrickD · November 11, 2024, 3:29pm

That’s 100% normal and 100% expected result.

Even though setting a GPO by reg key will have the same effect on the computer, it’s completely different. When doing GPO, it’s essentially a layer that sits on top of the registry so you can back out or change a policy at any time. That layer is stored in .POL files. C:\Windows\System32\GroupPolicy

If you are using LGPO to apply a .INF file, then it will show correctly… though LGPO.exe is more ideally restricted to only Local Security Policy and not GPO.

shabircse · November 11, 2024, 3:49pm

Hi @DerrickD ,

Thank you for the clarification. I’m currently working only with Local Security Policy changes, not Group Policy (GPO). By using LGPO.exe, I’m applying these settings directly to the local machine configuration and not through a GPO layer.

But still the policy is not getting configured.

JasonWalker · November 11, 2024, 5:42pm

The LGPO.EXE utility is very strict in how it parses the input file. I copied your script and ran it on mine, which failed when running the LGPO; in the BES Client Log, we can see that the LGPO process exited with errorlevel 1

Running it manually on the command line we can see the error message:

C:\BES\Client\__BESData\actionsite>__Download\LGPO_30\LGPO /t regpol.txt

LGPO.exe - Local Group Policy Object Utility
Version 3.0.2004.13001
Copyright (C) 2015-2020 Microsoft Corporation
Security Compliance Toolkit - https://www.microsoft.com/download/details.aspx?id=55319

Apply registry-based settings from LGPO text file: regpol.txt
Format error: invalid configuration line specified: " "
Policy processing aborted due to file format error

I did a bit further testing on your input file. We can use the text highlighting in Notepad:

The issue is the lines before ‘Computer’ and after ‘DWORD:81920’ contain blank spaces, and LGPO will not accept the line with blank spaces. It needs to be completely empty, just the CR/LF, no spaces or tabs allowed on those lines.

shabircse · November 11, 2024, 6:03pm

Yes @JasonWalker , Spaces where the culprit.

Final script which worked.

begin prefetch block
 
  add prefetch item name=LGPO.zip sha1=4578a97946102a20505d1e8f09abedd1fd7a8d89 size=531635 url=https://download.microsoft.com/download/8/5/C/85C25433-A1B0-4FFA-9429-7E023E7DA8D8/LGPO.zip sha256=cb7159d134a0a1e7b1ed2ada9a3ce8ce8f4de391d14403d55438af824247cc55
 
  // Download UnZip utility
  add prefetch item name=unzip.exe sha1=84debf12767785cd9b43811022407de7413beb6f size=204800 url=http://software.bigfix.com/download/redist/unzip-6.0.exe sha256=2122557d350fd1c59fb0ef32125330bde673e9331eb9371b454c2ad2d82091ac
 
 
collect prefetch items
end prefetch block
 
// Add LGPO.zip to the client utility cache
utility __Download\LGPO.zip
 
// Add unzip.exe to the client utility cache
utility __Download\unzip.exe
 
waithidden __Download\unzip.exe -o "{pathname of client folder of current site}\__Download\LGPO.zip" -d "{pathname of client folder of current site}\__Download"
 
 
action uses wow64 redirection false
 
delete __createfile
createfile until EOF_EOF_EOF
Computer
Software\Policies\Microsoft\Windows\Eventlog\Application
MaxSize
DWORD:81920
EOF_EOF_EOF
 
delete regpol.txt
move __createfile regpol.txt
 
waithidden __Download\LGPO_30\LGPO.exe  /t regpol.txt
continue if {exit code of action = 0}