Add user to local security policy windows


#1

How to add users to any one of the policy in local security policy settings
chef client version 11.18.12


#2

I am unsure if there is a chef resource for this, and as such, I am using the batch resource.

I would take a look at using the NTRights utility as per this page

You could do it like so:

batch 'seservicelogonright' do
  code <<-EOH
    ntrights -u "#{myusername}" +r SeServiceLogonRight
  EOH
end

Here is some more information on the usage of the NTRights utility.


#3

There are a couple chef libary functions that may help:

# Add 'SeAssignPrimaryTokenPrivilege' for the user
Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege')

# Check if the user has 'SeAssignPrimaryTokenPrivilege' rights
Chef::ReservedNames::Win32::Security.get_account_right('<user>').include?('SeAssignPrimaryTokenPrivilege')

#4

@Matt_Wrock - Good info - Where would I also find this information for future reference?


#5

Ideally we would expose a ueser rights assignment resource and that would be added to the docs. As it stands now this is just a utility function we use inside of chef. I wrote it and so I so happen to know about it. I realize thats a terrible answer, but the full resource has not been prioritized.


#6

HAHA - As terrible as the answer may be - Thanks for the honesty.

I guess there is also the possibility of using a custom library within the cookbook? guessing this could be a pain when another also requires the same
function within a separate cookbook?