Using cookbook to change windows group, audit and security policies


#1

Hi Everyone. Does anyone know how to use the chef cookbooks to change windows group, audit or security policies within the windows server operating systems (2008 and 2012)? I’m looking for something similar to the Chef Inspec resource “audit_policy” but for cookbooks instead. So far I haven’t been able to find anything after a few days of research, and I also can’t seem to find a way to modify these polices through shell scripts yet. Any help appreciated!


#2

This could help with this although I don’t believe its in supermarket > https://github.com/ChrisAWalker/cSecurityOptions_cookbook

You can also use dsc_resource to use powershell dsc modules that support this.


#3

Thanks for the quick reply @levigeinert

Do you know if using the dsc_resource would be any different from using a registry_key resource to edit the group policies directly? Currently we are using that, but not every setting seems accessible by reg key.

Also, what did you mean by “powershell dsc module”?


#4

Yes, some of the security settings cannot be modified by just editing a registry key. Instead they require a C or .NET library which is part of what I pointed you to. Powershell DSC Modules are used by dsc_resource to avoid having to write Chef resources for every specific activity on a windows system. Anything you can do in powershell dsc you can do in chef using dsc_resource.