Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
None
-
Night's Watch
-
NW - 2021-10-06, NW - 2021-10-20
-
Needs Assessment
-
45403
-
1
-
Needs Assessment
Description
The puppet agent msi installer updates registry keys as per PA-3263. It searches for registry items and updates the value if it matches the nssm.exe. There is a scenario where this fails and causes the installation to fail. If the Admin user does not have permission to read one of these keys that are unrelated to puppet, the script will fail and the user will be unable to install the puppet agent.
The error we see is in the `Get-ChildItem` for several keys where there are special permissions limiting the access.
Action start 10:39:22: RemoveLegacyNssmRegistryKey.
|
MSI (s) (3C!60) [10:39:22:904]: PROPERTY CHANGE: Deleting WixQuietExec64CmdLine property. Its current value is '"[%WINDIR]\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -InputFormat None -NoProfile -ExecutionPolicy Bypass -Command "if (Test-Path -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components') { Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components' -Recurse | foreach { foreach ($prop in $_.Property) { if($_.GetValue($prop) -like '*service\nssm.exe*') { Remove-ItemProperty -Path $_.PSPath -Name $prop -ErrorAction Stop } } }; Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components' -Recurse | foreach { foreach ($prop in $_.Property) { if($_.GetValue($prop) -like '*puppet\bin\nssm.exe*') { Remove-ItemProperty -Path $_.PSPath -Name $prop -ErrorAction Stop } } } }"'.
|
WixQuietExec64: Entering WixQuietExec64 in C:\windows\Installer\MSIF890.tmp, version 3.10.2516.0
|
WixQuietExec64: "C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -InputFormat None -NoProfile -ExecutionPolicy Bypass -Command "if (Test-Path -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components') { Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components' -Recurse | foreach { foreach ($prop in $_.Property) { if($_.GetValue($prop) -like '*service\nssm.exe*') { Remove-ItemProperty -Path $_.PSPath -Name $prop -ErrorAction Stop } } }; Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components' -Recurse | foreach { foreach ($prop in $_.Property) { if($_.GetValue($prop) -like '*puppet\bin\nssm.exe*') { Remove-ItemProperty -Path $_.PSPath -Name $prop -ErrorAction Stop } } } }"
|
WixQuietExec64: Get-ChildItem : Requested registry access is not allowed.
|
WixQuietExec64: At line:1 char:113
|
WixQuietExec64: + ... ponents') { Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVe ...
|
WixQuietExec64: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
WixQuietExec64: + CategoryInfo : PermissionDenied: (HKEY_LOCAL_MACH...ADA9BE7FB000B78:String) , SecurityEx
|
WixQuietExec64: ception
|
WixQuietExec64: + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.GetChildItemCommand
|
Please provide a process to skip this action, or allow for errors in it.