Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue] Health Checker - Get-SecurityCve-2022-21978 parameter ExchangeWellKnownSecurityGroups is null #2112

Open
dpaulson45 opened this issue Jun 19, 2024 · 0 comments
Open

[Issue] Health Checker - Get-SecurityCve-2022-21978 parameter ExchangeWellKnownSecurityGroups is null #2112

dpaulson45 opened this issue Jun 19, 2024 · 0 comments
Labels
Health Checker Issue P1
Milestone
HC - Dec 2024 Rel...

Comments

@dpaulson45
Copy link
Member

Describe the issue
Customer reported the following error issue and unable to execute the script.

Errors that occurred that wasn't handled
Error Index: 0
Get-SecurityCve-2022-21978 : Cannot bind argument to parameter 'ExchangeWellKnownSecurityGroups' because it is null.
Inner Exception:    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
   at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
   at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, Object inputToProcess)
   at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
Position Message: At C:\HealthChecker.ps1:15441 char:60
+ ...           CVE202221978 = (Get-SecurityCve-2022-21978 @cve21978Params)
+                                                          ~~~~~~~~~~~~~~~
Script Stack: at Get-OrganizationInformation<Process>, C:\HealthChecker.ps1: line 15440
at Get-HealthCheckerData, C:\HealthChecker.ps1: line 15529
at Invoke-HealthCheckerMainReport, C:\HealthChecker.ps1: line 15659
at <ScriptBlock><End>, C:\HealthChecker.ps1: line 16470
at <ScriptBlock>, <No file>: line 1

Expected behavior
We need to handle when a user who doesn't have the correct permissions to get the ntSecurityDescriptor from AD, that we need to properly report this and provide the best information that we can. This needs to be addressed if you are in the Organization Management role group as this is where we provide that permission normally for Exchange Admins.

Additional context
Need to go through and create a user that has a deny for Read Permissions on various locations where we are looking for the ntSecurityDescriptor and then properly handle this and report it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Health Checker Issue P1
Projects
None yet
Milestone
HC - Dec 2024 Release
Development

No branches or pull requests
1 participant
@dpaulson45