Hello,
I'm encountering errors with the audit function in this package.
On some of our machines, the PowerShell function "(Get-BitLockerVolume).MountPoint" returns unusual drive letters like: \\?\Volume{2d8e1378-6a0d-4197-49d0-fe4e2f18cd72}.
Later in the package's code, a for loop (for mountpoint in mountpoint_list:) allows us to ignore these drives using an is_ignored.
If the condition ? in mountpoint is met (if "?" in mountpoint:), then the is_ignored is set to True, and therefore the drive will be ignored for the rest of the audit function. This is fine.
My problem stems from the other conditions tested afterward in the same loop. These are additional if statements, and therefore they are tested even if the first condition is met. However, for example, in the second condition, the function "Get-Volume -DriveLetter %s | Where-Object DriveType -EQ Removable" throws an error in the package. The returned error is "Get-Volume: Cannot find a positional parameter that accepts 2d8e1378-6a0d-4197-49d0-fe4e2f18cd72", etc.
It's clear that the DriveLetter argument doesn't accept the unusual volume name given to it. Or perhaps the curly braces {} are causing a syntax error.
I worked around this problem by starting the conditions with: if not is_ignored and. But while writing this message, I realize I would probably get the same result using elif statements.
With this modification, the package works a little better. The BitLocker key is retrieved from Active Directory and the WAPT console. But the audit remains in error because a new error occurs afterward. This time with the PowerShell function Get-BitLockerVolume. (Get-BitLockerVolume: Could not find a positional parameter that accepts the argument...)
I haven't yet identified which line of the audit script this new error occurs on. Nor why, since logically, strange volume names should no longer be used. But I thought it was already worthwhile to report the errors encountered in this first for loop.
I will add the cause of this new error to this post if I manage to find it.
Have a good day.
Vincent
tis-audit-bitlocker
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is provided on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version (1.8.2 / 2.0 / 2.1 / 2.2 / etc.) AS WELL AS the Enterprise / Discovery edition.
* Specify the server OS (Linux / Windows) and version (Debian Stretch/Buster - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine (Windows 7 / 10)
. * As with any community forum, support is provided voluntarily by members. If you require sales support, you can contact the Tranquil IT sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is provided on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version (1.8.2 / 2.0 / 2.1 / 2.2 / etc.) AS WELL AS the Enterprise / Discovery edition.
* Specify the server OS (Linux / Windows) and version (Debian Stretch/Buster - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine (Windows 7 / 10)
. * As with any community forum, support is provided voluntarily by members. If you require sales support, you can contact the Tranquil IT sales department at 02.40.97.57.55
-
VincentUCA
- Messages: 4
- Registration: Oct 25, 2023 - 2:49 p.m.
I found the cause of the problem by reading this page:
https://community.spiceworks.com/t/how-...g/932099/5
The problem stems from using the `remove` method within the `for` loop. This creates unexpected behavior. As a result, a strange reader isn't removed from the `mountpoint_list`, causing the script to fail.
So I followed the tip given on the webpage and modified the package code as follows for the first for loop:
The use of a second list as well as elif seems to resolve all the problems encountered with this package according to the initial tests carried out.
Good coding.
Vincent
https://community.spiceworks.com/t/how-...g/932099/5
The problem stems from using the `remove` method within the `for` loop. This creates unexpected behavior. As a result, a strange reader isn't removed from the `mountpoint_list`, causing the script to fail.
So I followed the tip given on the webpage and modified the package code as follows for the first for loop:
Code: Select all
mountpoint_list_raw = ensure_list(run_powershell("(Get-BitLockerVolume).MountPoint"))
mountpoint_list = []
# Cleaning mountpoints (unpartitionned devices and removal devices)
for mountpoint in mountpoint_list_raw:
is_ignored = False
if "?" in mountpoint:
print("INFO: An unknow volume has been detected and will be skipped (%s)" % mountpoint)
is_ignored = True
elif run_powershell("Get-Volume -DriveLetter %s | Where-Object DriveType -EQ Removable" % mountpoint.replace(":", "")):
is_ignored = True
elif run_powershell("(Get-PhysicalDisk | Where-Object BusType -EQ USB | ForEach-Object { Get-Disk -Number $_.DeviceId | Get-Partition | Get-Volume } | Where-Object DriveLetter -EQ '%s').DriveLetter -ne $null" % mountpoint.replace(":", "")):
is_ignored = True
else:
print(f"Adding '{mountpoint}' in mountpoint_list")
mountpoint_list.append(mountpoint)
if is_ignored:
print(f"'{mountpoint}' will be ignored")
#mountpoint_list.remove(mountpoint)
Good coding.
Vincent
