In Azure Security Center I am trying to apply the following rule to a Windows Server 2016 VM:
UserRightsAssignment "CCE-37639-2: Ensure Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE, IIS APPPOOL\DefaultAppPool"
{
Policy = 'Generate_security_audits'
Force = $True
Identity = @('NT AUTHORITY\LOCAL SERVICE', 'NT AUTHORITY\NETWORK SERVICE', 'IIS APPPOOL\DEFAULTAPPPOOL')
}
and am getting the following error: Could not convert Identity: IIS APPPOOL\\DEFAULTAPPPOOL to SID
In the domain controller, there is not the IIS APPPOOL group or the DEFAULTAPPPOOL user.
How do I fix this issue?
For reference, here is the detailed error:
{
"Exception": {
"Message": "PowerShell DSC resource MSFT_UserRightsAssignment failed to execute Test-TargetResource functionality with error message: Could not convert Identity: IIS APPPOOL\\DEFAULTAPPPOOL to SID ",
"Data": {},
"InnerException": {
"ErrorRecord": "Could not convert Identity: IIS APPPOOL\\DEFAULTAPPPOOL to SID",
"WasThrownFromThrowStatement": true,
"Message": "Could not convert Identity: IIS APPPOOL\\DEFAULTAPPPOOL to SID",
"Data": "System.Collections.ListDictionaryInternal",
"InnerException": "System.Management.Automation.RuntimeException: Could not convert Identity: IIS APPPOOL\\DEFAULTAPPPOOL to SID",
"TargetSite": "System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject] Invoke(System.Collections.IEnumerable)",
"StackTrace": " at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)\r\n at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)\r\n at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)\r\n at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)\r\n at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd, List`1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration, LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32\u0026 resultStatusHandle, Collection`1\u0026 result, ErrorRecord\u0026 errorRecord, PSModuleInfo localRunSpaceModuleInfo)",
"HelpLink": null,
"Source": "System.Management.Automation",
"HResult": -2146233087
},
"TargetSite": null,
"StackTrace": null,
"HelpLink": null,
"Source": null,
"HResult": -2146233079
},
"TargetObject": null,
"CategoryInfo": {
"Category": 7,
"Activity": "",
"Reason": "InvalidOperationException",
"TargetName": "",
"TargetType": ""
},
"FullyQualifiedErrorId": "ProviderOperationExecutionFailure",
"ErrorDetails": null,
"InvocationInfo": null,
"ScriptStackTrace": null,
"PipelineIterationInfo": []
}
In Azure Security Center I am trying to apply the following rule to a Windows Server 2016 VM:
and am getting the following error:
Could not convert Identity: IIS APPPOOL\\DEFAULTAPPPOOL to SIDIn the domain controller, there is not the IIS APPPOOL group or the DEFAULTAPPPOOL user.How do I fix this issue?
For reference, here is the detailed error:
Thanks.