Merge pull request #855 from opscode/adamed-8391-password-policy

OC-8391: Chef::Provider::User::Windows fails with local password policies

1 files changed, 14 insertions, 1 deletions

diff --git a/lib/chef/util/windows/net_user.rb b/lib/chef/util/windows/net_user.rb
index 97d8f33834..eb68f6cebc 100644
--- a/lib/chef/util/windows/net_user.rb
+++ b/lib/chef/util/windows/net_user.rb
@@ -37,9 +37,14 @@ class Chef::Util::Windows::NetUser < Chef::Util::Windows
   #[:symbol_name, default_val]
   #default_val duals as field type
   #array index duals as structure offset
+
+  #OC-8391
+  #Changing [:password, nil], to [:password, ""],
+  #if :password is set to nil, windows user creation api ignores the password policy applied
+  #thus initializing it with empty string value.
   USER_INFO_3 = [
     [:name, nil],
-    [:password, nil],
+    [:password, ""],
     [:password_age, 0],
     [:priv, 0], #"The NetUserAdd and NetUserSetInfo functions ignore this member"
     [:home_dir, nil],
@@ -183,12 +188,20 @@ class Chef::Util::Windows::NetUser < Chef::Util::Windows
   def disable_account
     user_modify do |user|
       user[:flags] |= UF_ACCOUNTDISABLE
+      #This does not set the password to nil. It (for some reason) means to ignore updating the field.
+      #See similar behavior for the logon_hours field documented at
+      #http://msdn.microsoft.com/en-us/library/windows/desktop/aa371338%28v=vs.85%29.aspx
+      user[:password] = nil
     end
   end
 
   def enable_account
     user_modify do |user|
       user[:flags] &= ~UF_ACCOUNTDISABLE
+      #This does not set the password to nil. It (for some reason) means to ignore updating the field.      
+      #See similar behavior for the logon_hours field documented at
+      #http://msdn.microsoft.com/en-us/library/windows/desktop/aa371338%28v=vs.85%29.aspx
+      user[:password] = nil
     end
   end