What I expected would happen:

• Halting would allow continue of the fixes - i.e. just skip the one fix and move to the next one

What actually happened:

• Halting caused the script to terminate after pressing enter

Sample output:

Confirm
Continue with this operation?
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): H
SKIPPED!
Press enter to continue...:

Good catch, @dzcmr. (No pun intended.) I see where/why that is happening in the mode 4 code. It's part of a try/catch block that needs to be scoped specifically to each fix or changed to a different confirmation method. Thanks for the feedback!

@dzcmr What Powershell version are you using?

Just 5, I can go back and get the minor version if you need

Interesting! No need to get the minor version. I was curious if this was a 7.4.0 related issue, but nope!

Hi @dzcmr! Would you mind running Invoke-Locksmith -Mode 3 and sending me a redacted version of the generated CSV file?

The reason I ask: Mode 4 doesn't currently auto-run fixes for all identified issues. So, the behavior you've described makes sense if you skipped the last fixable issue.

That being said, Locksmith should inform you if there are remaining issues that it is unable to fix.

Hey, so this was the first issue it found (from a longish list) - It covered Auditing not being enabled, ESC1, ESC4, ESC5.

some of the ESC5s remain but I've manually fixed up everything else (except for auditing which isn't possible as it's not a real CA but a proxy CA - i.e. it appears like a CA but is not)

I can still send through a redacted output though if it helps.

Interesting. Well, either way, the Locksmith team all agreed to change it anyway! Look for a different dialog soon. :D

@dzcmr I started working on improving the Mode 4 confirmation dialog this morning and got a little carried away. If you've got a moment, would you mind testing the testing branch?