/build/static/layout/Breadcrumb_cap_w.png

Creating HTTP OPTIONS Deny Verb

I have a Powershell script that I have attached to a Kscript as a dependency to check if a Deny Verb exists in IIS, and if not create one.  I routinely run PShells scripts this way, and I have had great success with them...but for some reason this one will not run when executed by KACE.  If I run this same PShells script/command locally on the Windows machine, it works fine.   There's something about the syntax that Kace is not liking - but I'm just not seeing it.



The first part of the function below works fine...it's only the Options portion that just isn't doing anything - specifically the highlighted line

function remediateIIS {

$date = Get-Date -format MMddyyyy

$rootFolder = "C:\inetpub\wwwroot"

$iisstartFile = "C:\inetpub\wwwroot\iisstart.htm"

$FileExists = Test-Path $iisstartFile

$verbExists = Get-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST' -Filter 'system.webServer/security/requestFiltering/verbs' -Name collection | select verb

$iisLog = "C:\Options\AdminScripts\NexposeRemediations\remediateIIS.log"


#Check to see if the default IIS start page is present.  If so, rename it

If ($FileExists -eq $True)

{

#-File Found

Add-Content $iisLog "$date  :  remediateIIS    : INFO  :  $iisstartFile was found. Issuing command to rename it..."

Rename-Item -Path $iisstartFile -NewName "iisstart.htm_NexposeRemediations_$date" -Force

} Else {

#-File NOT Found

Add-Content $iisLog "$date  :  remediateIIS    : INFO  :  $iisstartFile was NOT found. Doing nothing else..."

}

 

#Check to see if the OPTIONS verb is present.  If not, Create HTTP OPTIONS Deny Verb at root level of IIS

If (Test-Path -Path $rootFolder) {

If ($verbExists -like '*OPTIONS*')

{

#-Verb Found

Add-Content $iisLog "$date  :  remediateIIS    : INFO  :  HTTP Options Deny Verb was found. Doing nothing else..." 

} Else {

#-Verb NOT Found

Add-Content $iisLog "$date  :  remediateIIS    : INFO  :  HTTP Options Deny Verb was NOT found. Issuing command to create it..."

Set-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST' -Filter 'system.webServer/security/requestFiltering/verbs' -Value @{VERB="OPTIONS";allowed="False"} -Name collection

}

 } 

Asked 2 years ago 0 views
0 Comments   [ + ] Show comments

Answers (4)

Posted by: Nioky 2 years ago
Yellow Belt
0

Hi,


Do you find anything in the script execution logs ?

Which command do you use to call the .ps1 script ?

Do you have kace's replica ? Is it all replicated before executing the script ?


Let us know :)


Posted by: afbicbill 2 years ago
White Belt
0

1. No Kace replicas...

2. Added my PS1 file as a dependency, then called like this:  Launch $(KACE_SYS_DIR)\WindowsPowerShell\v1.0\powershell.exe with params -executionpolicy remotesigned -File $(KACE_DEPENDENCY_DIR)\remediateIIS.ps1 I run a ton of PowerShell scripts this way, and they typically work great.

3.  Script execution log below...thx for that...I had forgotten to look there...   see below


Running with credntials provided: domain [*****] user [*****]

Get-WebConfigurationProperty : Retrieving the COM class factory for component with CLSID

{688EEEE5-6A7E-422F-B2E1-6AF00DC944A6} failed due to the following error: 80040154 Class not

registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

At C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\1057\remediateIIS.ps1:15 char:16

+ ... erbExists = Get-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APP ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : NotSpecified: (:) [Get-WebConfigurationProperty], COMException

+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.IIs.PowerShel

l.Provider.GetConfigurationPropertyCommand

Set-WebConfigurationProperty : Retrieving the COM class factory for component with CLSID

{688EEEE5-6A7E-422F-B2E1-6AF00DC944A6} failed due to the following error: 80040154 Class not

registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

At C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\1057\remediateIIS.ps1:37 char:4

+          Set-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOS ...

+          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : NotSpecified: (:) [Set-WebConfigurationProperty], COMException

+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.IIs.PowerShel

l.Provider.SetConfigurationPropertyCommand

Launched Process: powershell.exe


Posted by: Nioky 2 years ago
Yellow Belt
0

Hi,


For what I can find, it could be related to the fact that the powershell process launched by KACE is in x86 while the module you are using must be under a x64 process.

I am not sure how to proceed to get a x64 Powershell process but it must be depending on the path you are using when you call your script.

You could rather try to use "C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe" or "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" I think.


I also find these :

Scripting : KScript saying that a Powershell is executed successfully, but nothing is changed. (itninja.com) : Last comment is the same answer as me so it should do the trick

How to run PowerShell's 64bit modules using the SMA's Native PowerShell Support (327636) (quest.com) : These also talk about the "sysnative" path.


Let me know, it can be usefull in the future for me as well!

Posted by: afbicbill 2 years ago
White Belt
0

I'm at a loss on this one...

Output Log

Running with credntials provided: domain [*****] user [*****]

Get-WebConfigurationProperty : Retrieving the COM class factory for component with CLSID

{688EEEE5-6A7E-422F-B2E1-6AF00DC944A6} failed due to the following error: 80040154 Class not

registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

At C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\1057\remediateIIS.ps1:15 char:16

+ ... erbExists = Get-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APP ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : NotSpecified: (:) [Get-WebConfigurationProperty], COMException

+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.IIs.PowerShel

l.Provider.GetConfigurationPropertyCommand

Set-WebConfigurationProperty : Retrieving the COM class factory for component with CLSID

{688EEEE5-6A7E-422F-B2E1-6AF00DC944A6} failed due to the following error: 80040154 Class not

registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

At C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\1057\remediateIIS.ps1:37 char:4

+          Set-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOS ...

+          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : NotSpecified: (:) [Set-WebConfigurationProperty], COMException

+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.IIs.PowerShel

l.Provider.SetConfigurationPropertyCommand

Launched Process: powershell.exe


Activity Log

verify - launch_program

Launching program: 'C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe' '-executionpolicy remotesigned -File C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\1057\remediateIIS.ps1' wait='true'

verify - on_verify_success

verify - on_verify_failure

Comments:
  • Is this with the "sysnative" path ? - Nioky 2 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ