Closed mahantesh2899 closed 4 years ago
What type of security group is "Server Operators", local or domain? If it's a domain group you will need a syntax similar to this: "contoso\Server Operators"
Thanks, i will try with domain group.
Hi,
I have machines which are not domain join, and I have below DSC config file
UserRightsAssignment Adjustmemoryquotasforaprocess { Policy = 'Adjust_memory_quotas_for_a_process' Identity = 'Administrators, LOCAL SERVICE, NETWORK SERVICE' }
UserRightsAssignment Changethesystemtime { Policy = 'Change_the_system_time' Identity = 'Administrators,LOCAL SERVICE' }
UserRightsAssignment Changethetimezone {
Policy = 'Change_the_time_zone'
Identity = 'Administrators,LOCAL SERVICE'
}
UserRightsAssignment Createglobalobjects { Policy = 'Create_global_objects' Identity = 'Administrators,LOCAL SERVICE, NETWORK SERVICE, SERVICE' }
UserRightsAssignment Generatesecurityaudits { Policy = 'Generate_security_audits' Identity = 'LOCAL SERVICE,NETWORK SERVICE' }
UserRightsAssignment Impersonateaclientafterauthentication { Policy = 'Impersonate_a_client_after_authentication' Identity = 'Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE' }
UserRightsAssignment Profilesystemperformance { Policy = 'Profile_system_performance' Identity = 'Administrators,NT SERVICE\WdiServiceHost' }
UserRightsAssignment Replaceaprocessleveltoken {
Policy = 'Replace_a_process_level_token'
Identity = 'LOCALSERVICE, NETWORK SERVICE'
}
And I am getting the below error :
{ "Exception": { "Message": "PowerShell DSC resource MSFT_UserRightsAssignment failed to execute Test-TargetResource functionality with error message: Could not convert Identity: Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE to SID ", "Data": {
},
"InnerException": {
"ErrorRecord": "Could not convert Identity: Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE to SID",
"WasThrownFromThrowStatement": true,
"Message": "Could not convert Identity: Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE to SID",
"Data": "System.Collections.ListDictionaryInternal",
"InnerException": "System.Management.Automation.RuntimeException: Could not convert Identity: Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE to SID",
"TargetSite": "System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject] Invoke(System.Collections.IEnumerable)",
"StackTrace": " at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)\r\n at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)\r\n at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)\r\n at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)\r\n at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd, List`1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration, LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32\u0026 resultStatusHandle, Collection`1\u0026 result, ErrorRecord\u0026 errorRecord, PSModuleInfo localRunSpaceModuleInfo)",
"HelpLink": null,
"Source": "System.Management.Automation",
"HResult": -2146233087
},
"TargetSite": null,
"StackTrace": null,
"HelpLink": null,
"Source": null,
"HResult": -2146233079
},
"TargetObject": null,
"CategoryInfo": {
"Category": 7,
"Activity": "",
"Reason": "InvalidOperationException",
"TargetName": "",
"TargetType": ""
},
"FullyQualifiedErrorId": "ProviderOperationExecutionFailure",
"ErrorDetails": null,
"InvocationInfo": null,
"ScriptStackTrace": null,
"PipelineIterationInfo": [
]
}
Can anyone help me with this?
Hi @Ankita-Chaudhari try surrounding each identity with quotes like this: Identity = 'Administrators','LOCAL SERVICE', 'NETWORK SERVICE', 'SERVICE'
Hi John,
Thank-you!
After your mentioned solution DSC config is working properly.
Regards, Ankita
On Wed 25 Sep, 2019, 5:07 PM Jason Walker, notifications@github.com wrote:
Hi @Ankita-Chaudhari https://github.com/Ankita-Chaudhari try surrounding each identity with quotes like this: Identity = 'Administrators','LOCAL SERVICE', 'NETWORK SERVICE', 'SERVICE'
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/PowerShell/SecurityPolicyDsc/issues/114?email_source=notifications&email_token=ANJSIOUNOCNKO6ZOZXT5B2TQLNEQLA5CNFSM4G7FH6F2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7RSRQA#issuecomment-534980800, or mute the thread https://github.com/notifications/unsubscribe-auth/ANJSIOV5RZNJRQ57TEGEA5LQLNEQLANCNFSM4G7FH6FQ .
We have below DSC configurations:
UserRightsAssignment EnsureChangeTheSystemTimeIsConfigured {
we are getting below error. Can you please help with error please
{ "Exception": { "Message": "PowerShell DSC resource MSFT_UserRightsAssignment failed to execute Test-TargetResource functionality with error message: Could not convert Identity: Server Operators to SID ", "Data": {
}