Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6540

Allow Windows group resource to specify SID as title

    Details

      Description

      Without being able to use a SID in the title of a group resource on Windows, it can be difficult to write a manifest that works properly on internationalized versions of Windows. Take for instance, adding a user to the Administrators group.

      In English, this works to modify the Administrators group and add user bob (presuming they already exist):

      group { 'Administrators':
        members => ['bob'],
        auth_membership => false
      }
      

      The same code on French Windows, will actually create a new group named Administrators, which may be surprising. The user likely expected that the well-defined Administrators group with SID S-1-5-32-544 was used, which in this case is localized to Administrateurs. For cases where manifests are running only in one localized environment, this may already be well understood by users.

      However, this becomes quite painful if working across an environment with more than 1 localized set of accounts, as manifests must be special cased for each additional environment.

      The solution to referring to well-known accounts is typically to use the SIDs as defined at https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx to circumvent any localization problems.

      However, the group type does not support SIDs as titles, but likely could with some additional munging code.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ethan Ethan Brown
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Zendesk Support