diff options
author | nimisha <nimisha.sharad@msystechnologies.com> | 2017-02-09 16:23:22 +0530 |
---|---|---|
committer | Bryan McLellan <btm@loftninjas.org> | 2017-02-09 07:58:51 -0500 |
commit | 8188bf35ad65b8c87804181d74fb554278722783 (patch) | |
tree | 84d57e3a591d6fe2c3e05ecc22df332f902b9d12 /RELEASE_NOTES.md | |
parent | 42c9ff7af7c6126a7e1ebacf5cb1daab95d0b85b (diff) | |
download | chef-8188bf35ad65b8c87804181d74fb554278722783.tar.gz |
Added note that this feature requires SE_ASSIGNPRIMARYTOKEN_NAME user right
Signed-off-by: nimisha <nimisha.sharad@msystechnologies.com>
Diffstat (limited to 'RELEASE_NOTES.md')
-rw-r--r-- | RELEASE_NOTES.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 6d3f13663d..32ce78e2ad 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -13,6 +13,17 @@ _This file holds "in progress" release notes for the current release under devel The `execute` resource and simliar resources such as `script`, `batch`, and `powershell_script`now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials. +**Note**: For this feature the user that Chef runs as needs the 'SE_ASSIGNPRIMARYTOKEN_NAME' or 'SeAssignPrimaryTokenPrivilege' user right, when running as a service. By default the user has only LocalSystem and NetworkService rights. + +This is how the right can be added for a user in the recipe: +```ruby +# Add 'SeAssignPrimaryTokenPrivilege' for the user +Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege') + +# Check if the user has 'SeAssignPrimaryTokenPrivilege' rights +Chef::ReservedNames::Win32::Security.get_account_right('<user>').include?('SeAssignPrimaryTokenPrivilege') +``` + #### Properties The following properties are new or updated for the `execute`, `script`, `batch`, and `powershell_script` resources and any resources derived from them: |