Hi All,
Can you please help me with corrective action happening every time when the agent runs. This happens to localgroups and empty values as per my GP (required for as per CIS Standards). Please note there is no changes from either System side or the script side for all the below settings. All of the settings are not even registry value to create a workaround. Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Access Credential Manager as a trusted caller]/ensure: created (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Create permanent shared objects]/ensure: created (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Deny access to this computer from the network]/policy_value: policy_value changed '*S-1-5-21-225823623-629818758-2605879389-6034176,lcladmsystem,*S-1-5-32-546,*S-1-5-7' to '*S-1-5-21-225823623-629818758-2605879389-6034176,*S-1-5-21-3326136169-1111179677-1669346923-500,*S-1-5-32-546,*S-1-5-7' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Enable computer and user accounts to be trusted for delegation]/ensure: created (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Modify an object label]/ensure: created (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Synchronize directory service data]/ensure: created (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Act as part of the operating system]/policy_value: policy_value changed 'APPServices' to '*S-1-5-21-3326136169-1111179677-1669346923-1001' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Adjust memory quotas for a process]/policy_value: policy_value changed '*S-1-5-19,*S-1-5-20,APPServices,*S-1-5-32-544,*S-1-5-32-547' to '*S-1-5-19,*S-1-5-20,*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-32-547' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Allow log on locally]/policy_value: policy_value changed 'APPServices,*S-1-5-32-544,*S-1-5-32-547' to '*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-32-547' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Impersonate a client after authentication]/policy_value: policy_value changed '*S-1-5-19,*S-1-5-20,APPServices,*S-1-5-32-544,*S-1-5-6' to '*S-1-5-19,*S-1-5-20,*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-6' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Lock pages in memory]/policy_value: policy_value changed 'APPServices' to '*S-1-5-21-3326136169-1111179677-1669346923-1001' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Deny log on as a batch job]/policy_value: policy_value changed 'APPServices,*S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559' to '*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Deny log on as a service]/policy_value: policy_value changed 'APPServices,*S-1-5-80-0' to '*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-80-0' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Perform volume maintenance tasks]/policy_value: policy_value changed 'APPServices,*S-1-5-32-544' to '*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Profile system performance]/policy_value: policy_value changed 'APPServices,*S-1-5-32-544,*S-1-5-32-547' to '*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-32-547' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Replace a process level token]/policy_value: policy_value changed '*S-1-5-19,*S-1-5-20,APPServices' to '*S-1-5-19,*S-1-5-20,*S-1-5-21-3326136169-1111179677-1669346923-1001' (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Default_domain_policy/Local_security_policy[Enforce user logon restrictions]/ensure: created (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Default_domain_policy/Local_security_policy[Maximum lifetime for service ticket]/ensure: created (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Default_domain_policy/Local_security_policy[Maximum lifetime for user ticket]/ensure: created (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Default_domain_policy/Local_security_policy[Maximum lifetime for user ticket renewal]/ensure: created (corrective) Notice: /Stage[main]/Cc_hieratest::Policy::Default_domain_policy/Local_security_policy[Maximum tolerance for computer clock synchronization]/ensure: created (corrective) Notice: Applied catalog in 16.99 seconds https://github.com/ayohrling/local_security_policy/issues/111 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b6a18999-939d-4516-804a-e55195ca7477n%40googlegroups.com.
