From 00c0a84f7a9c50007898470d849769c32d39de11 Mon Sep 17 00:00:00 2001 From: Bryan McLellan Date: Thu, 9 Feb 2017 07:43:03 -0500 Subject: Be more specific about using the alternate user feature The caveat with the alternate user feature is specific to running as a service, so we should be more specific about that. Signed-off-by: Bryan McLellan --- RELEASE_NOTES.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'RELEASE_NOTES.md') diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 32ce78e2ad..bdf3dd0bf4 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -11,11 +11,11 @@ _This file holds "in progress" release notes for the current release under devel ### Windows alternate user identity execute support -The `execute` resource and simliar resources such as `script`, `batch`, and `powershell_script`now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials. +The `execute` resource and simliar resources such as `script`, `batch`, and `powershell_script` now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials. -**Note**: For this feature the user that Chef runs as needs the 'SE_ASSIGNPRIMARYTOKEN_NAME' or 'SeAssignPrimaryTokenPrivilege' user right, when running as a service. By default the user has only LocalSystem and NetworkService rights. +**Note**: When Chef is running as a service, this feature requires that the user that Chef runs as has 'SeAssignPrimaryTokenPrivilege' (aka 'SE_ASSIGNPRIMARYTOKEN_NAME') user right. By default only LocalSystem and NetworkService have this right when running as a service. This is necessary even if the user is an Administrator. -This is how the right can be added for a user in the recipe: +This right bacn be added and checked in a recipe using this example: ```ruby # Add 'SeAssignPrimaryTokenPrivilege' for the user Chef::ReservedNames::Win32::Security.add_account_right('', 'SeAssignPrimaryTokenPrivilege') -- cgit v1.2.1