Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10547

Manage user rights on Windows

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.18.0
    • Component/s: None
    • Labels:
    • Template:
      PUP Bug Template
    • Team:
      Night's Watch
    • Story Points:
      5
    • Sprint:
      NW - 2020-07-08, NW - 2020-07-21, NW - 2020-08-06, NW - 2020-08-18
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Rights and privileges for local Windows users can now be managed using the `roles` property and `role_membership` parameter.
    • QA Risk Assessment:
      Needs Assessment

      Description

      As a continuation for PUP-1289 feature, we should consider the ability to grant/remove users' logon as a service right with puppet. Without this right, the user cannot be used as logon account for a service.

      This would also help better testing PUP-1289 through acceptance tests.

       

      Other rights can be considered:

      https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment#:~:text=User%20rights%20permissions%20control%20access,Policy%20name%20associated%20with%20it.

       

      Some useful links found for implementation:

      https://docs.microsoft.com/en-us/windows/win32/secbp/assigning-privileges-to-an-account

      https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaaddaccountrights

      https://github.com/microsoft/Windows-classic-samples/blob/master/Samples/Win7Samples/security/lsapolicy/lsaprivs/LsaPrivs.c

       

        Attachments

          Activity

            People

            Assignee:
            luchian.nemes Luchian Nemes
            Reporter:
            luchian.nemes Luchian Nemes
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support