Admins should be allowed to login via winrm

[strangeman]

Hi! Current default setting win_security_SeNetworkLogonRight: '*S-1-0-0' looks like 'shoot in foot': if we disable network login for all users - we cannot run the playbook with:

TASK [windows-baseline : load gpo configuration locally] ***************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: InvalidCredentialsError: the specified credentials were rejected by the server
fatal: [windows.example.org]: FAILED! => {"failed": true, "msg": "Unexpected failure during module execution.", "stdout": ""}

because we cannot connect to the server via WinRM.

[rndmh3ro]

Thanks for your contribution. However this should better be discussed in our Inspec windows baseline, here: https://github.com/dev-sec/windows-baseline

In this playbook we "merely" follow the recommendations in the baseline. Do you mind creating an issue there?

[strangeman]

Okay, will do. сб, 28 окт. 2017 г., 4:21 Sebastian Gumprich <[email protected]>:

Thanks for your contribution. However this should better be discussed in our Inspec windows baseline, here: https://github.com/dev-sec/windows-baseline In this playbook we "merely" follow the recommendations in the baseline. Do you mind creating an issue there? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#3 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABCIuDo9GtbfKgiO_XB6nGwPE9yYd6WRks5swh9GgaJpZM4QFili> .

-- Маркелов Антон