when using IIS, creating apppools and deleting these creates SIDs that cant be translated, so the entire DSC part of "user rights assignment" fails when one SID (i.e. deleted default apppool) remains in the security policies like local policies\user rights assignment\Generate security audits
before deletion of apppool:
after deletion of apppool (and after reboot):
then DSC config (user rights assignment portion) fails due to :
Error Message: Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
Message ID: IdentityNotMappedException
the values that contains these SIDs in local policy \ user rights assignment is
-Adjust memory quotas for a process
-Generate security audits
-Log on as a service
-Replace a process level token
And these values I dont set in my DSC policy, but as said all my policies fails because these ones has invalid / orphaned SIDs.
is there a way go get DSC module to ignore SIDs it cant translate? if not how are one suppose to use this with IIS?
when using IIS, creating apppools and deleting these creates SIDs that cant be translated, so the entire DSC part of "user rights assignment" fails when one SID (i.e. deleted default apppool) remains in the security policies like local policies\user rights assignment\Generate security audits
before deletion of apppool:
after deletion of apppool (and after reboot):
then DSC config (user rights assignment portion) fails due to :
Error Message: Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated." Message ID: IdentityNotMappedException
the values that contains these SIDs in local policy \ user rights assignment is -Adjust memory quotas for a process -Generate security audits -Log on as a service -Replace a process level token
And these values I dont set in my DSC policy, but as said all my policies fails because these ones has invalid / orphaned SIDs.
is there a way go get DSC module to ignore SIDs it cant translate? if not how are one suppose to use this with IIS?