What should be a simple registry DSC configuration has turned into a somewhat frustrating piece of guesswork. I'm trying to setting a binary registry key. I am finding it impossible to find the right format for the value data to get the key set correctly. I am trying to transform this registry file into DSC:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity]
"SrvsvcShareAdminConnect"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,27,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00
I have tried this with both registry and xregistry resource and hit the same format error ( I really don’t mind which I use). I have tried providing the data as an a single string, an array of strings, an array of strings appended with 0x to show it is hex etc. Ihave tried the suggestion here as well.
The closest I got is with the configuration below, which seemed to work:
Registry disableAdminShare {
Ensure = "Present"
Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity"
Force = $true
ValueName = "SrvsvcShareAdminConnect"
ValueData = @("010004806400000070000000000000001400000002005000030000000000180003000f00010200000000000520000000200200000000180003000f00010200000000000520000000250200000000180003000f0001020000000000052000000027020000010100000000000512000000010100000000000512000000")
ValueType = "Binary"
}
But looking at the log when it is applied, it seems to be converting the value into Decimal, resulting in an invalid entry:
'HKLM:\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity\SrvsvcSha
reAdminConnect' to '(1, 0, 4, 128, 100, 0, 0, 0, 112, 0, 0, 0, 0, 0, 0, 0, 20,
0, 0, 0, 2, 0, 80, 0, 3, 0, 0, 0, 0, 0, 24, 0, 3, 0, 15, 0, 1, 2, 0, 0, 0, 0,
0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 3, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0,
5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 24, 0, 3, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5,
32, 0, 0, 0, 39, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0,
0, 0, 5, 18, 0, 0, 0)' of type 'Binary'
VERBOSE: [SCDEV-RD-02]: LCM: [ End Set ]
I’m sure there is a simple answer to this, but I can’t locate anything in the documentation.
Best Answer
The format of the DSC
MSFT_Registry
Binary typeValueData
is a string with contiguous pairs of byte values, with an optional leading "0x"The trick is this bit of code from the resource in $env:windir\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_Registry.psm1.
It parses the value with:
Example
Using a slight variation on your input data:
You can create a properly formatted string with this:
In the MOF, you'll see this:
Here's an entire test sample to prove the point:
That results in the following output:
Looking at both a Server 2016 and a Windows 10 machine where I ran this, the registry looks correct.