cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Deleted

Deleted
Not applicable

‎Apr 30 2020 02:43 AM - edited ‎Oct 08 2023 01:36 AM

‎Apr 30 2020 02:43 AM - edited ‎Oct 08 2023 01:36 AM

Deleted

Deleted

14.2K Views
4 Likes
32 Replies
Reply
32 Replies
Tsitan

‎Feb 22 2021 10:00 AM

‎Feb 22 2021 10:00 AM

Re: Policy Analyzer not working

@Deleted 

Yes, it have.

 

Preview file
50 KB
0 Likes
Reply
FLeven

‎Mar 17 2021 03:20 AM

‎Mar 17 2021 03:20 AM

Re: Policy Analyzer not working

Any chance, someone will take a look into fixing the problems, described by multiple individuals in this thread ? As the responsibility of the PA is to assist in security compliance reports, it should work in any environment, without flaws. If I have to question any result of this software, I cannot use it at all.

 

Maybe the security related tools, could be the tools Microsoft will open source and put on Github ?

0 Likes
Reply
StephanGee

‎Mar 18 2021 07:23 AM

‎Mar 18 2021 07:23 AM

Re: Policy Analyzer not working

@FLeven 

Maybe you can open up a support request here
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-compliance-toolkit-10

2021-03-18_15h21_44.png

I have an English OS but with "german" region. So for analyzing you might install Win10 in english until it is fixed.

0 Likes
Reply
FLeven

‎Jan 19 2022 02:04 AM

‎Jan 19 2022 02:04 AM

Re: Policy Analyzer not working

I did, I even mentioned the problems in official Microsoft tickets.
0 Likes
Reply
jasink97

‎Mar 31 2022 05:16 AM

‎Mar 31 2022 05:16 AM

Re: Policy Analyzer not working

@FLevenI think i have the solution to this problem and its really trivial. I think the problem is that the software can't read certain characters. I could solve this problem by going into an existing .policyrule file and editing out the unreadable character which was an '&'. However I still have problems using the effective state function because I get an error regarding secedit/auditpol and i can't find the 'EntityName' which causes the problem. I searched for files in %SystemRoot%\Security\Templates but there are multiple files and none of theme have have 'line 168 position 82' as stated in the error report. Even all lines combined don't reach 168 so I don't know which files policy analyzer is referring to. Anyone has an idea where auditpol/secedit files on a domain machine are stored and used by policy analyzer?

0 Likes
Reply
fredi_wams

‎May 20 2022 02:59 AM

‎May 20 2022 02:59 AM

Re: Policy Analyzer not working

@Deleted I've got the same problem on German Windows versions. Luckily, I managed to grab the offending file from the %tmp% directory. The problem is the unescaped ampersand (&) in the following line:

<AuditSubcategory><GUID>{0CCE9248-69AE-11D9-BED3-505054503030}</GUID><Name>Plug & Play-Ereignisse</Name><Setting>0</Setting><SourceFile>C:\Users\Administrator.DOMAIN\AppData\Local\Temp\tmp16F8.tmp</SourceFile><PolicyName>SERVER - auditpol /backup</PolicyName></AuditSubcategory>

This is the "Audit PNP Activity" policy, or "PNP-Überwachungsaktivität" in German. 

However, I don't have any idea for a workaround yet. The %tmp% file seems to be created with a random name and exists only for the fraction of a second. And the localized string does not come from the .adml files.

0 Likes
Reply
FLeven

‎May 20 2022 03:35 AM

‎May 20 2022 03:35 AM

Re: Policy Analyzer not working

@Deleted Good find, search for hardeningkitty and forget about the clunky old Policy analyzer.

0 Likes
Reply
AaronMargosis_Tanium

‎May 20 2022 11:59 AM

‎May 20 2022 11:59 AM

Re: Policy Analyzer not working

@FLeven - FWIW, I looked up hardeningkitty and it is more dependent on US-English than Policy Analyzer is.

Also FWIW, I'd really like to see these bugs fixed as well.

0 Likes
Reply
FLeven

‎May 20 2022 05:55 PM

‎May 20 2022 05:55 PM

Re: Policy Analyzer not working

It is clearly documented in the Code, you just have to change the Account Default named in the Switch from Line 464 to 490 in the invoke-hardeningkitty.ps1. we can PR this for De-de If necessary.
0 Likes
Reply
AaronMargosis_Tanium

‎May 20 2022 09:18 PM

‎May 20 2022 09:18 PM

Re: Policy Analyzer not working

And 860-870, just as an example? Whatever changes are made are going to be locale-dependent and have to be repeated for every language you want to support. Having to produce separate versions for every language you want to support is not a victory. The localization bugs in Policy Analyzer tend to be relatively few - but yes, they ought to be fixed. Not under my control.
0 Likes
Reply
FLeven

‎May 21 2022 05:37 AM

‎May 21 2022 05:37 AM

Re: Policy Analyzer not working

860-870 and 1714-1723 will work on any OS language. It is just the accounts that are hardcoded. With hardeningkitty you can finally automate your reports and create your own lists. reporting with PA is very time consuming.
0 Likes
Reply
fredi_wams

‎May 22 2022 11:29 PM

‎May 22 2022 11:29 PM

Re: Policy Analyzer not working

@FLeven Thanks for pointing me to hardeningkitty, didn't know about this before! Do you already have a German account name section you could share?

0 Likes
Reply
fredi_wams

‎May 23 2022 12:59 AM - edited ‎May 23 2022 01:00 AM

‎May 23 2022 12:59 AM - edited ‎May 23 2022 01:00 AM

Re: Policy Analyzer not working

@Deleted I found the origin of the offending string with the ampersand in German Windows, it's C:\Windows\System32\de-DE\msobjs.dll.mui.

 

If I disable the localization by taking ownership of the file, adding access rights, renaming it and rebooting, the error message in Policy Analyzer is gone.

 

You can also see the offending string by running auditpol /backup /file:backup.csv.

 

Of course it's still a bug in Policy Analyzer that it doesn't properly sanitize/escape the messages.

0 Likes
Reply