Try/Catch issues

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of ertuu85 ertuu85 1 year, 5 months ago.

  • Author
    Posts
  • #30421
    Profile photo of ertuu85
    ertuu85
    Participant

    I think I'm misunderstanding the try catch...

    Below is my code, I'm trying to see if the actual auditpolicy's match the required audipolicy settings. If not it attempts to correct them.

    		$dvhash = @{
    			"Filtering Platform Connection" = "Failure"; 
    			"Other Object Access Events" = "Failure";
    			"Authorization Policy Change"="Success and failure"
    			"test"="success"
    		}
    		
    	#delcaring actual auditpol hash
    	$audithash = @{}
    	
    		foreach( $string in ((auditpol /get /category:*) -match '\s\s+' -NotMatch 'Setting'-replace '^\s+([a-zA-Z0-9\s-\\\/(\)?]+\b)\s\s+([a-zA-Z0-9\s]+)', '$1 = $2'))
    		{
    			 $audithash += ConvertFrom-StringData -StringData $string
    		}
    
    foreach($dvh in $dvhash.keys)
    {
    	if($audithash[$dvh] -like "*" + $dvhash[$dvh] + "*")
    	{
    		write-host "all good! - $dvh"
    	}	
    	else
    	{
    		
    		try
    		{
    			write-host "entering try - $dvh"
    			
    			if($dvhash[$dvh] -match "Success" -and $dvhash[$dvh] -match "Failure")
    			{
    				#success and failure
    				(auditpol /set /subcategory:"$dvh" /success:enable /failure:enable) | out-null
    			}
    			elseif($dvhash[$dvh] -match "Success" -and $dvhash[$dvh] -notmatch "Failure")
    			{
    				#success
    				(auditpol /set /subcategory:"$dvh" /success:enable) | out-null
    			}
    			else
    			{
    				#failure
    				(auditpol /set /subcategory:"$dvh" /failure:enable) | out-null
    			}
    
    			"Pass!"
    		}
    		catch
    		{
    			write-host "Entring catch $dvh"
    			$error[0]
    			
    		}
    	
    	}
    
    }
    

    Sample output looks like...

    all good! - Authorization Policy Change
    all good! - Other Object Access Events
    entering try - test
    Error 0x00000057 occurred:
    The parameter is incorrect.
    
    Pass!
    all good! - Filtering Platform Connection
    

    I thought on an error it would immediately go into the catch, but it appears I'm incorrect on thinking this. Can anyone help me out, or show me a good article that talks about try/catches and how they're actually used.

  • #30422
    Profile photo of ertuu85
    ertuu85
    Participant

    I also see that $error[0] never holds any information that auditpol passes, even with invalid parameters...

    Would there be a better way to do this using $lasterrorcode ? (error 87 equaling invalid parameters)

  • #30423
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Error handling when you're calling external commands such as auditpol.exe is a bit different (and also can vary depending on which PowerShell host you're using, which can be frustrating).

    In PowerShell.exe, when a console application produces error output, it does _not_ trigger a powershell error by default. Instead, it will just set the automatic $LASTEXITCODE variable to whatever auditpol's exit code was (which should be non-zero), and you can check on that.

    On the other hand, the ISE will actually produce a terminating PowerShell error whenever a console app writes to the stderr stream. Other hosts' behaviors may vary.

  • #30424
    Profile photo of ertuu85
    ertuu85
    Participant

    Ok, thanks!

    I've changed it from a try catch to just a if($lasterrorvalue -ne 0)... as seen below. Seems to work, thanks again.

    foreach($dvh in $dvhash.keys)
    {
    	if($audithash[$dvh] -like "*" + $dvhash[$dvh] + "*")
    	{
    		write-host "all good! - $dvh"
    	}	
    	else
    	{
    			write-host "entering try - $dvh"
    			
    			if($dvhash[$dvh] -match "Success" -and $dvhash[$dvh] -match "Failure")
    			{
    				#success and failure
    				(auditpol /set /subcategory:"$dvh" /success:enable /failure:enable) | out-null
    			}
    			elseif($dvhash[$dvh] -match "Success" -and $dvhash[$dvh] -notmatch "Failure")
    			{
    				#success
    				(auditpol /set /subcategory:"$dvh" /success:enable) | out-null
    			}
    			else
    			{
    				#failure
    				(auditpol /set /subcategory:"$dvh" /failure:enable)  | out-nul
    				if($LASTERRORCODE -ne 0)
    				{
    					"There is an issue setting the audit."
    				}
    			}
    
    	}
    	
    }
    

You must be logged in to reply to this topic.