From c7b84f04c44acdf95c91b0389410d09ac70db751 Mon Sep 17 00:00:00 2001 From: Davin Taddeo Date: Mon, 30 Nov 2020 11:44:35 -0500 Subject: refactor the code for windows_security_policy resource Signed-off-by: Davin Taddeo --- .../cookbooks/end_to_end/recipes/windows.rb | 21 ++++++++++-- lib/chef/resource/windows_security_policy.rb | 38 ++++++++++++---------- 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb index c04b98ea72..fa8c92719a 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb @@ -27,9 +27,24 @@ timezone "Pacific Standard time" include_recipe "ntp" -windows_security_policy "EnableGuestAccount" do - secoption "EnableGuestAccount" - secvalue "1" +windows_security_policy 'NewGuestName' do + secvalue 'down_with_guests' + action :set +end + +windows_security_policy 'EnableGuestAccount' do + secvalue '1' + action :set +end + +windows_security_policy 'LockoutBadCount' do + secvalue '10' + action :set +end + +windows_security_policy 'LockoutDuration' do + secvalue '15' + action :set end windows_firewall_profile "Domain" do diff --git a/lib/chef/resource/windows_security_policy.rb b/lib/chef/resource/windows_security_policy.rb index 4b79067763..9bf5596678 100644 --- a/lib/chef/resource/windows_security_policy.rb +++ b/lib/chef/resource/windows_security_policy.rb @@ -131,23 +131,27 @@ class Chef security_option = new_resource.secoption security_value = new_resource.secvalue - cmd = <<-EOH - $security_option = "#{security_option}" - C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf - if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") ) - { - $#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content $env:TEMP\\#{security_option}_Export.inf - C:\\Windows\\System32\\secedit /configure /db $env:windir\\security\\new.sdb /cfg $env:TEMP\\#{security_option}_Export.inf /areas SECURITYPOLICY - } - else - { - $#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace "#{security_option}\\s*=\\s*\\d*", "#{security_option} = #{security_value}" } | Set-Content $env:TEMP\\#{security_option}_Export.inf - C:\\Windows\\System32\\secedit /configure /db $env:windir\\security\\new.sdb /cfg $env:TEMP\\#{security_option}_Export.inf /areas SECURITYPOLICY - } - Remove-Item $env:TEMP\\#{security_option}_Export.inf -force - EOH - - powershell_exec!(cmd) + policy_line = if security_option == 'NewAdministratorName' || security_option == 'NewGuestName' + "#{security_option} = \"#{security_value}\"" + else + "#{security_option} = #{security_value}" + end + file "#{Chef::Config[:file_cache_path]}\\#{security_option}_temp.inf" do + content "[Unicode]\r\nUnicode=yes\r\n[System Access]\r\n#{policy_line}\r\n[Version]\r\nsignature=\"$CHICAGO$\"\r\nRevision=1\r\n" + backup false + action :create + end + execute "Configure Security Policy for Security Option: #{security_option}" do + cwd Chef::Config[:file_cache_path] + command <<~CMD + C:\\Windows\\System32\\secedit /configure /db C:\\windows\\security\\new.sdb /cfg #{security_option}_temp.inf /areas SECURITYPOLICY + CMD + action :run + end + file "#{Chef::Config[:file_cache_path]}\\#{security_option}_temp.inf" do + backup false + action :delete + end end end end -- cgit v1.2.1