diff options
-rw-r--r-- | lib/chef/win32/security/sid.rb | 3 | ||||
-rw-r--r-- | spec/functional/win32/sid_spec.rb | 7 | ||||
-rw-r--r-- | spec/spec_helper.rb | 1 |
3 files changed, 8 insertions, 3 deletions
diff --git a/lib/chef/win32/security/sid.rb b/lib/chef/win32/security/sid.rb index 7f461fd766..f8bd934876 100644 --- a/lib/chef/win32/security/sid.rb +++ b/lib/chef/win32/security/sid.rb @@ -213,7 +213,8 @@ class Chef end # See https://technet.microsoft.com/en-us/library/cc961996.aspx - # In practice, this is generally the same as current_user + # In practice, this seems to be SID.current_user for Microsoft Accounts, the current + # user's Domain Users group for domain accounts, and SID.None otherwise. def self.default_security_object_group token = Chef::ReservedNames::Win32::Security.open_current_process_token Chef::ReservedNames::Win32::Security.get_token_information_primary_group(token) diff --git a/spec/functional/win32/sid_spec.rb b/spec/functional/win32/sid_spec.rb index a12cfb6e79..1f5f66178a 100644 --- a/spec/functional/win32/sid_spec.rb +++ b/spec/functional/win32/sid_spec.rb @@ -26,8 +26,11 @@ describe 'Chef::ReservedNames::Win32::SID', :windows_only do SID ||= Chef::ReservedNames::Win32::Security::SID end - it 'should resolve default_security_object_group as the current user' do - expect(SID.default_security_object_group).to eq(SID.current_user) + it 'should resolve default_security_object_group as a sane user group', :windows_not_domain_joined_only do + # Domain accounts: domain-specific Domain Users SID + # Microsoft Accounts: SID.current_user + # Else: SID.None + expect(SID.default_security_object_group).to eq(SID.None).or eq(SID.current_user) end context 'running as an elevated administrator user' do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index fb284c721b..775b49c145 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -126,6 +126,7 @@ RSpec.configure do |config| config.filter_run_excluding :windows_powershell_dsc_only => true unless windows_powershell_dsc? config.filter_run_excluding :windows_powershell_no_dsc_only => true unless ! windows_powershell_dsc? config.filter_run_excluding :windows_domain_joined_only => true unless windows_domain_joined? + config.filter_run_excluding :windows_not_domain_joined_only => true if windows_domain_joined? config.filter_run_excluding :solaris_only => true unless solaris? config.filter_run_excluding :system_windows_service_gem_only => true unless system_windows_service_gem? config.filter_run_excluding :unix_only => true unless unix? |