Need Help with Set-DBAExtendedProtection - not working properly on remote server #9545
Unanswered
ClaudiaBowlin
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Set-DbaExtendedProtection does not seem to be working properly against a remote machine , the command executes and reports success however the registry is not updated correctly and settings are not changed as expected (Settings are either staying the default or flipped to the default value of 0).
I am running this against a remote machine since our DB servers do not have dbatools installed on them. (When I use the same code and I substitute server name with local machine name, it does work :( , So I am also questioning IF it can be used remotely (to me implied since I am passing a server/instance???)).
Additionally, when I manually (or edit the RegistryKey via PS cmd) set a value of 1(allowed) in configuration manager, and then use the Set-DbaExtendedProtection cmd to attempt to set value to 2 (required), the result is that the configuration is actually flipped to 0 (off - the default value)
This to me proves that I AM able to ACCESS/EDIT the registry and my permissions are correct to make changes?
I have permissions to successfully do a Get-dbaExtendedProtection against the remote machine, and I can successfully run a manual update to the registryKey via powershell using the same credentials:
I have tried passing numerical value as well as strings (per the documentation).
Sequence of cmds I ran:
(I tested with and without explicit restart of SQL Server)
Console Output as follows (ran the cmd with -verbose), I have abstracted server/instance/IP information:
VERBOSE: [10:33:36][Set-DbaExtendedProtection] Processing SERVER\INSTANCE2022.
VERBOSE: [10:33:36][Resolve-DbaNetworkName] Resolving SERVER using .NET.Dns GetHostEntry
VERBOSE: [10:33:36][Resolve-DbaNetworkName] Resolving XXXX using .NET.Dns GetHostByAddress
VERBOSE: [10:33:36][Get-DbaCmObject] Configuration loaded | Cache disabled: False
VERBOSE: [10:33:36][Get-DbaCmObject] [SERVER] Retrieving Management Information
VERBOSE: [10:33:36][Get-DbaCmObject] [SERVER] Accessing computer using Cim over WinRM
VERBOSE: [10:33:36][Get-DbaCmObject] [SERVER] Accessing computer using Cim over WinRM - Success
VERBOSE: [10:33:36][Resolve-DbaNetworkName] Resolving XXXX using .NET.Dns GetHostEntry
VERBOSE: [10:33:36][Resolve-DbaNetworkName] Resolving XXXX using .NET.Dns GetHostEntry
VERBOSE: [10:33:36][Resolve-DbaNetworkName] Resolving XXXX using .NET.Dns GetHostByAddress
VERBOSE: [10:33:36][Invoke-ManagedComputerCommand] Connecting to SQL WMI XXXX (XXXX was fully qualified Server Name).
VERBOSE: [10:33:40][Set-DbaExtendedProtection] Regroot: Software\Microsoft\Microsoft SQL Server\MSSQL16.INSTANCE2022
VERBOSE: [10:33:40][Set-DbaExtendedProtection] ServiceAcct:gmsaacct
VERBOSE: [10:33:40][Set-DbaExtendedProtection] InstanceName: INSTANCE2022
VERBOSE: [10:33:40][Set-DbaExtendedProtection] VSNAME: SERVER\INSTANCE2022
VERBOSE: [10:33:40][Set-DbaExtendedProtection] Value: 2
VERBOSE: Performing the operation "Connecting to SERVER\INSTANCE2022 to modify the ExtendedProtection value in Software\Microsoft\Microsoft SQL Server\MSSQL16.INSTANCE2022 for INSTANCE2022" on target "local".
ComputerName InstanceName SqlInstance ExtendedProtection
SERVER INSTANCE2022 SERVER\INSTANCE2022 1 - Allowed
Running Set-DbaExtendedProtection cmd:
SERVER INSTANCE2022 vSERVER\INSTANCE2022 0 - Off
Verify Settings AFTER the command is run:
SERVER INSTANCE2022 vSERVER\INSTANCE2022 0 - Off
Here are my Versions:
PS 7.4.5 and 5.1.X
DBATools 2.1.26
Can someone help me? Anyone else have experience using dbatools or PS to flip this flag on 100+ instances without having to explicitly edit the registry keys?
Thank you
Beta Was this translation helpful? Give feedback.
All reactions