Skip to content

Unable to test PowerShell Auditing Settings via registry #63

@matt2005

Description

@matt2005

When testing for PowerShell auditing settings I am unable to test for the following value as it contains a "*"

The code below is what I'm currently using which doesn't work. I have tried escaping the * by "*" but that doesn't work.

Registry 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames\' "*" { Should -Be '*'}

The problem code is the expandproperty as shown below.

Get-ItemProperty HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames\ | Select-Object -ExpandProperty '*'

Here is the Full Context that I'm using for the PowerShell Audit Settings.

Context -Name 'Powershell Auditing' -Fixture {
        #Turn on Module Logging: Enabled
        Registry 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\' 'EnableModuleLogging' { Should -BeExactly 1}
        #* Module Names: *
        Registry 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames\' "*" { Should -Be '*'}
        #* Turn on Powershell Script Block Logging:
        #    * Enabled
        Registry 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\' 'EnableScriptBlockLogging' { Should -Be 1}
        #* Log script block invocation start / stop events:
        #   * Disabled
        IF (Test-Path 'HKLM\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockInvocationLogging') {
            #If Value doesn't exist it defaults to 0
            Registry 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\' 'EnableScriptBlockInvocationLogging' {Should -BeLessOrEqual 0}
        }
    }

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions