From 11681412afec264c67ec01cdb7ce42d3d6d175a1 Mon Sep 17 00:00:00 2001 From: twangboy Date: Wed, 13 Feb 2019 16:59:07 -0700 Subject: [PATCH] Add test for explicit lists --- tests/integration/modules/test_win_lgpo.py | 55 +++++++++++++++++----- 1 file changed, 42 insertions(+), 13 deletions(-) diff --git a/tests/integration/modules/test_win_lgpo.py b/tests/integration/modules/test_win_lgpo.py index b87fb7c6f9..a36066da95 100644 --- a/tests/integration/modules/test_win_lgpo.py +++ b/tests/integration/modules/test_win_lgpo.py @@ -123,25 +123,25 @@ class WinLgpoTest(ModuleCase): ret = self.run_function('lgpo.set_computer_policy', (policy_name, policy_config)) log.debug('lgpo set_computer_policy ret == %s', ret) + cmd = ['lgpo.exe', + '/parse', + '/m', + r'c:\Windows\System32\GroupPolicy\Machine\Registry.pol'] if assert_true: self.assertTrue(ret) - lgpo_output = self.run_function( - 'cmd.run', - (), - cmd='lgpo.exe /parse /m c:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol') + lgpo_output = self.run_function('cmd.run', (), cmd=' '.join(cmd)) # validate that the lgpo output doesn't say the format is invalid self.assertIsNone( - re.search( - r'Invalid file format\.', - lgpo_output, - re.IGNORECASE), 'Failed validating Registry.pol file format') + re.search(r'Invalid file format\.', lgpo_output, re.IGNORECASE), + msg='Failed validating Registry.pol file format') # validate that the regexes we expect are in the output for expected_regex in expected_regexes: - match = re.search( - expected_regex, - lgpo_output, - re.IGNORECASE) - self.assertIsNotNone(match, 'Failed validating policy "{0}" configuration, regex "{1}" not found in lgpo output'.format(policy_name, expected_regex)) + match = re.search(expected_regex, lgpo_output, re.IGNORECASE) + self.assertIsNotNone( + match, + msg='Failed validating policy "{0}" configuration, regex ' + '"{1}" not found in lgpo output:\n{2}' + ''.format(policy_name, expected_regex, lgpo_output)) else: # expecting it to fail self.assertNotEqual(ret, True) @@ -255,6 +255,35 @@ class WinLgpoTest(ModuleCase): 'Not Configured', [r'; Source file: c:\\windows\\system32\\grouppolicy\\machine\\registry.pol[\s]*; PARSING COMPLETED.']) + @destructiveTest + def test_set_computer_policy_Pol_HardenedPaths(self): + # Disable Pol_HardenedPaths + log.debug('Attempting to disable Pol_HardenedPaths') + self._testComputerAdmxPolicy( + 'Pol_HardenedPaths', + 'Disabled', + [r'Computer[\s]*Software\\policies\\Microsoft\\Windows\\NetworkProvider\\HardenedPaths[\s]*\*[\s]*DELETEALLVALUES']) + # Configure Pol_HardenedPaths + log.debug('Attempting to configure Pol_HardenedPaths') + self._testComputerAdmxPolicy( + 'Pol_HardenedPaths', + { + 'Hardened UNC Paths': { + r'\\*\NETLOGON': 'RequireMutualAuthentication=1, RequireIntegrity=1', + r'\\*\SYSVOL': 'RequireMutualAuthentication=1, RequireIntegrity=1' + } + }, + [ + r'Computer[\s]*Software\\policies\\Microsoft\\Windows\\NetworkProvider\\HardenedPaths[\s]*\\\\\*\\NETLOGON[\s]*SZ:RequireMutualAuthentication=1, RequireIntegrity=1[\s]*', + r'Computer[\s]*Software\\policies\\Microsoft\\Windows\\NetworkProvider\\HardenedPaths[\s]*\\\\\*\\SYSVOL[\s]*SZ:RequireMutualAuthentication=1, RequireIntegrity=1[\s]*', + ]) + # Not Configure Pol_HardenedPaths + log.debug('Attempting to set Pol_HardenedPaths to Not Configured') + self._testComputerAdmxPolicy( + 'Pol_HardenedPaths', + 'Not Configured', + [r'; Source file: c:\\windows\\system32\\grouppolicy\\machine\\registry.pol[\s]*; PARSING COMPLETED.']) + @destructiveTest def test_set_computer_policy_WindowsUpdate(self): '''