Hello everyone, I'm trying to build a Windows Server 2012 r2 virtualbox vm with some hardening using Chef-Solo.
There was an issue using Chef-Solo and WinRM, but Packer version 1.1.4 solves the issue. I'm not a Windows expert and am using the hardening cookbooks from this project: https://github.com/dev-sec/chef-windows-hardening There is one cookbook recipe which uses the following security attributes: # General security policy settings default['security_policy']['template']['location'] = 'C:\Windows\security\templates' default['security_policy']['database']['location'] = 'C:\Windows\security\database' default['security_policy']['database']['name'] = 'hardening.sdb' # System access settings # Nil value means nothing will be written to the security policy template. default['security_policy']['access']['PasswordComplexity'] = 1 default['security_policy']['access']['LockoutBadCount'] = 3 default['security_policy']['access']['ResetLockoutCount'] = 15 default['security_policy']['access']['LockoutDuration'] = 15 # Security policy rights / privileges settings. default['security_policy']['rights']['SeRemoteInteractiveLogonRight'] = '*S-1-5-32-544' default['security_policy']['rights']['SeTcbPrivilege'] = '*S-1-0-0' default['security_policy']['rights']['SeMachineAccountPrivilege'] = '*S-1-5-32-544' default['security_policy']['rights']['SeTrustedCredManAccessPrivilege'] = '*S-1-0-0' default['security_policy']['rights']['SeNetworkLogonRight'] = '*S-1-0-0' After this recipe has been "cooked", I want to run some windows-shell scripts, but when I try, WinRM triggers an error. If I disable this recipe, it works without an itch. So there must be some policy here which prevents WinRM to function properly afterwards. If someone can point to me which policy it is and maybe how to solve the issue, this would be really appreciated. Thank you very much in advance for your help. -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/5de8ad91-9c7e-4bb8-a91c-27648cbc4f50%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
