Cis benchmark windows ad12/24/2023 From this point you can perform the above analysis, registry mounting, etc on the "dead" Windows installation on local storage. Hell you can even go through the motions of a Windows install (without actually starting the install) and hit Shift-F10 for a DOS box (does this still work?). If these are "bare metal" Windows hosts you can boot them into a "live" recovery environment that runs from DVD, USB, et al.Perhaps you have VMs on a storage array that might have LUN snapshots of its own?.Offline registries can be mounted here too. You now have a working VM to which you can mount other VM's virtual disks (after shutting them down of course) and analyze WTF happened. Are any of these VMs that may have snapshots from before The Great Cancering Of The Hosts took place? Snapshot the current state (just in case) then roll back to the snapshot.It denies any UAC prompts and will give the error access is denied.Ĭouple of random thoughts in no particular order: These CIS benchmarks are a pain.Įdit: the access denied is coming from the UAC settings in the GPO. Really sorry if none of this helps just thought I'd share. Or hopefully something else I mentioned can help. Not sure this will help much as this was not at the server level, but maybe you can make/access a local admin account that is able to run as admin. This allowed me run Power Shell as admin, enable SMBv1 and v2 using script and then change settings to start Lanman workstation services manually. Then from there it recognized my credentials (as local account), and I was able to retrieve the local admin account password using LAPS, and login as the local admin. I did this by creating an OU that blocks the GPO, then I had to log into them using a separate remote service (Zoho) since RDP stopped recognizing network credentials and it isn't a physical machine. First you must disable the CIS benchmark GPO. I used a Power Shell script to disable and re-enable them. It disabled the SMBv1 and v2 which in turn blocked the Lanman workstation service from starting(which stopped the machines from contacting the domain controller, so no account was recognized with permission associated with it on the network level). It was on some Win10 and all Win7 virtual machines. Had a similar issue to this but it was not server level OU. Update late evening : We've been able to restore quite a few servers now, but it's time consuming. Domain Controllers not affected, GPO was applied to servers OU.Some servers you cannot reach at all, while others you can actually get access to through management tools or run wmic.Any changes you do/remove/add a GPO will not be updated to any servers. Is full restore the only way to go, or is it possible to fix it? Any ideas fellow sysadmins?Įdit: The servers are not receiving updates to GPOs anymore. We'll of course take care of the administrator who did it, this is quite an unfortunate event. Reverting the GPOs does not solve the issue as it does not revert the changes. Manually restoring the permissions has been tried, but it was unsuccessful. The root cause seems to be related to file permissions changes in the GPO Taskmgr.exe error message "No such interface supported." "This file does not have a program associated with it for performing this action." Services are down, and not able to open applications on servers Group policy from Microsoft Windows 2019 CIS Benchmark v1.2.1 was accidently applied to all Server 2012 R2 and Server 2016 servers, and is causing the following:
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |