This isnt so much a "bug", I have a 2016 RDP host that will be used as a terminal server, but rather than logon with username password, users will be using their respective smart card. This works as expected prior to hardening, after hardening I get a prompt: the system administrator has restricted the types of logon (network or interactive) that you may use. I revert back to the snapshot taken prior to hardening and all is well.
I see you have have variables such as win_security_SeRemoteInteractiveLogonRight. I am listed in the local admins group prior to the change. Not sure after.
I tried with:
--extra-vars "win_security_SeNetworkLogonRight=S-1-1-0" and still had issues
This isnt so much a "bug", I have a 2016 RDP host that will be used as a terminal server, but rather than logon with username password, users will be using their respective smart card. This works as expected prior to hardening, after hardening I get a prompt: the system administrator has restricted the types of logon (network or interactive) that you may use. I revert back to the snapshot taken prior to hardening and all is well. I see you have have variables such as win_security_SeRemoteInteractiveLogonRight. I am listed in the local admins group prior to the change. Not sure after. I tried with: --extra-vars "win_security_SeNetworkLogonRight=S-1-1-0" and still had issues