Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserRightsAssignment AccountPolicy SecurityTemplate: this resources are note compiled by the module #169

Open
fullenw1 opened this issue Sep 10, 2021 · 0 comments
Open

UserRightsAssignment AccountPolicy SecurityTemplate: this resources are note compiled by the module #169

fullenw1 opened this issue Sep 10, 2021 · 0 comments

Comments

@fullenw1
Copy link

Details of the scenario you tried and the problem that is occurring

The modules compiles the SecurityOption resource fine.
But no trace of the 3 other resources in the MOF file:

  • UserRightsAssignment
  • AccountPolicy
  • SecurityTemplate

I tried to remove them all
and add them again one by one to see if the issue is related to one of them,
but even this way they don't appear in the MOF output.

Verbose logs showing the problem

MOF content:

instance of MSFT_SecurityOption as $MSFT_SecurityOption1ref
{
Network_access_Let_Everyone_permissions_apply_to_anonymous_users = "Disabled";
 Domain_controller_LDAP_server_signing_requirements = "Require Signing";
 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts = "Enabled";
 Name = "Global";
 ResourceID = "[SecurityOption]Global";
 Network_security_LDAP_client_signing_requirements = "Require Signing";
 Network_access_Shares_that_can_be_accessed_anonymously = "lsass,netlogon,samr";
 Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares = "Enabled";
 Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares = "Enabled";
 SourceInfo = "::2::2::SecurityOption";
 ModuleVersion = "2.10.0.0";
 ModuleName = "SecurityPolicyDsc";
 Network_access_Allow_anonymous_SID_Name_translation = "Disabled";

Suggested solution to the issue

The DSC configuration that is used to reproduce the issue (as detailed as possible)

This is the YAML configuration (DATUM)

SecurityPolicyDsc:
  SecurityOption:
    - Name: Global
      Domain_controller_LDAP_server_signing_requirements: Require Signing
      Network_access_Allow_anonymous_SID_Name_translation: Disabled
      Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts: Enabled
      Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares: Enabled
      Network_access_Let_Everyone_permissions_apply_to_anonymous_users: Disabled
      Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares: Enabled
      Network_access_Shares_that_can_be_accessed_anonymously: "lsass,netlogon,samr"
      Network_security_LDAP_client_signing_requirements: Require Signing
  UserRightsAssignment:
    - Policy: Enable_computer_and_user_accounts_to_be_trusted_for_delegation
      Identity: 'Builtin\Administrators'
      Ensure: Present
    - Policy: Access_this_computer_from_the_network
      Identity: 'Builtin\Administrators, NT Authority\Enterprise Domain Controllers, Authenticated Users'
      Ensure: Present
  AccountPolicy:
    - Name: Global
      Enforce_user_logon_ restrictions: Enabled
  SecurityTemplate:
    - IsSingleInstance: Yes
      Path: 'C:\Temp\Template.inf'

The DATUM resolution sees all objects:

PS> Resolve-NodeProperty -DatumTree $Datum -Node $Node -PropertyPath   SecurityPolicyDsc

Name                           Value                                                                                                                                                                                                 
----                           -----                                                                                                                                                                                                 
SecurityOption                 {System.Collections.Specialized.OrderedDictionary}                                                                                                                                                    
UserRightsAssignment           {System.Collections.Specialized.OrderedDictionary, System.Collections.Specialized.OrderedDictionary}                                                                                                  
AccountPolicy                  {System.Collections.Specialized.OrderedDictionary}                                                                                                                                                    
SecurityTemplate               {System.Collections.Specialized.OrderedDictionary}

The operating system the target node is running

OsName               : Microsoft Windows Server 2012 R2 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 9600.20090.amd64fre.winblue_ltsb.210709-1700
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14409.1018
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14409.1018
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Manifest   2.10.0.0   SecurityPolicyDsc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fullenw1