[PUP-10547] Manage user rights on Windows - Puppet Jira Server

XML

Word

Printable

Details

Type: New Feature
Status: Resolved
Priority: Medium
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.18.0
Component/s: None
Labels:
- doc_reviewed

Team:
Night's Watch
Story Points:
5
Sprint:
NW - 2020-07-08, NW - 2020-07-21, NW - 2020-08-06, NW - 2020-08-18

Release Notes:
New Feature
Release Notes Summary:
Rights and privileges for local Windows users can now be managed using the `roles` property and `role_membership` parameter.

QA Risk Assessment:
Needs Assessment

Description

As a continuation for ~~PUP-1289~~ feature, we should consider the ability to grant/remove users' logon as a service right with puppet. Without this right, the user cannot be used as logon account for a service.

This would also help better testing ~~PUP-1289~~ through acceptance tests.

Other rights can be considered:

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment#:~:text=User%20rights%20permissions%20control%20access,Policy%20name%20associated%20with%20it.

Some useful links found for implementation:

https://docs.microsoft.com/en-us/windows/win32/secbp/assigning-privileges-to-an-account

https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaaddaccountrights

https://github.com/microsoft/Windows-classic-samples/blob/master/Samples/Win7Samples/security/lsapolicy/lsaprivs/LsaPrivs.c

Attachments

Activity

People

Assignee:: Luchian Nemes

Reporter:: Luchian Nemes

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2020/06/23 11:37 PM

Updated:: 2020/08/20 2:04 AM

Resolved:: 2020/08/07 3:38 AM