Author Posts

October 5, 2015 at 7:30 am

I think I'm misunderstanding the try catch...

Below is my code, I'm trying to see if the actual auditpolicy's match the required audipolicy settings. If not it attempts to correct them.

		$dvhash = @{
			"Filtering Platform Connection" = "Failure"; 
			"Other Object Access Events" = "Failure";
			"Authorization Policy Change"="Success and failure"
			"test"="success"
		}
		
	#delcaring actual auditpol hash
	$audithash = @{}
	
		foreach( $string in ((auditpol /get /category:*) -match '\s\s+' -NotMatch 'Setting'-replace '^\s+([a-zA-Z0-9\s-\\\/(\)?]+\b)\s\s+([a-zA-Z0-9\s]+)', '$1 = $2'))
		{
			 $audithash += ConvertFrom-StringData -StringData $string
		}

foreach($dvh in $dvhash.keys)
{
	if($audithash[$dvh] -like "*" + $dvhash[$dvh] + "*")
	{
		write-host "all good! - $dvh"
	}	
	else
	{
		
		try
		{
			write-host "entering try - $dvh"
			
			if($dvhash[$dvh] -match "Success" -and $dvhash[$dvh] -match "Failure")
			{
				#success and failure
				(auditpol /set /subcategory:"$dvh" /success:enable /failure:enable) | out-null
			}
			elseif($dvhash[$dvh] -match "Success" -and $dvhash[$dvh] -notmatch "Failure")
			{
				#success
				(auditpol /set /subcategory:"$dvh" /success:enable) | out-null
			}
			else
			{
				#failure
				(auditpol /set /subcategory:"$dvh" /failure:enable) | out-null
			}

			"Pass!"
		}
		catch
		{
			write-host "Entring catch $dvh"
			$error[0]
			
		}
	
	}

}

Sample output looks like...

all good! - Authorization Policy Change
all good! - Other Object Access Events
entering try - test
Error 0x00000057 occurred:
The parameter is incorrect.

Pass!
all good! - Filtering Platform Connection

I thought on an error it would immediately go into the catch, but it appears I'm incorrect on thinking this. Can anyone help me out, or show me a good article that talks about try/catches and how they're actually used.

October 5, 2015 at 7:45 am

I also see that $error[0] never holds any information that auditpol passes, even with invalid parameters...

Would there be a better way to do this using $lasterrorcode ? (error 87 equaling invalid parameters)

October 5, 2015 at 7:49 am

Error handling when you're calling external commands such as auditpol.exe is a bit different (and also can vary depending on which PowerShell host you're using, which can be frustrating).

In PowerShell.exe, when a console application produces error output, it does _not_ trigger a powershell error by default. Instead, it will just set the automatic $LASTEXITCODE variable to whatever auditpol's exit code was (which should be non-zero), and you can check on that.

On the other hand, the ISE will actually produce a terminating PowerShell error whenever a console app writes to the stderr stream. Other hosts' behaviors may vary.

October 5, 2015 at 8:10 am

Ok, thanks!

I've changed it from a try catch to just a if($lasterrorvalue -ne 0)... as seen below. Seems to work, thanks again.

foreach($dvh in $dvhash.keys)
{
	if($audithash[$dvh] -like "*" + $dvhash[$dvh] + "*")
	{
		write-host "all good! - $dvh"
	}	
	else
	{
			write-host "entering try - $dvh"
			
			if($dvhash[$dvh] -match "Success" -and $dvhash[$dvh] -match "Failure")
			{
				#success and failure
				(auditpol /set /subcategory:"$dvh" /success:enable /failure:enable) | out-null
			}
			elseif($dvhash[$dvh] -match "Success" -and $dvhash[$dvh] -notmatch "Failure")
			{
				#success
				(auditpol /set /subcategory:"$dvh" /success:enable) | out-null
			}
			else
			{
				#failure
				(auditpol /set /subcategory:"$dvh" /failure:enable)  | out-nul
				if($LASTERRORCODE -ne 0)
				{
					"There is an issue setting the audit."
				}
			}

	}
	
}