Jira (FACT-1467) Add Windows computer_sid fact

[Ethan Brown (JIRA)]

Ethan Brown created an issue

Facter / FACT-1467 Add Windows computer_sid fact Issue Type: Improvement Affects Versions: FACT 3.1.8 Assignee: Unassigned Components: Windows Created: 2016/07/22 3:44 PM Labels: windows Priority: Normal Reporter: Ethan Brown When referring to the Administrator account or Guest account on Windows, those well-known and commonly used names cannot be referred to with well-known SIDs - see https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx Because these account names may also be localized on international versions of Windows, such as French and German - it can be difficult to write a manifest that doesn't need to vary based on the current OS language. Administrator and Guest build on the computer's SID, which varies on an individual computer basis, like: -500 is appended to the computer SID for the Administrator account -501 is appended to the computer SID for the Guest account To make it easier to refer to these accounts universally, regardless of which computer they're run on, whether the accounts have been localized or renamed, a first step would to be produce a Fact value containing the computers SID. An easy way to do this is to call the LookupAccountName Windows API, passing in the computers name. This value is also stored in the registry at HKLM\security\sam\domains\account, if the user has permission to access that key. Add Comment

This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)

[Ethan Brown (JIRA)]

Ethan Brown updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Ethan Brown

When referring to the {{Administrator}} account or {{Guest}} account on Windows, those well-known and commonly used names cannot be referred to with well-known SIDs - see https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx Because these account names may also be localized on international versions of Windows, such as French and German - it can be difficult to write a manifest that doesn't need to vary based on the current OS language. {{Administrator}} and {{Guest}} build on the computer's SID, which varies on an individual computer basis, like:

* {{-500}} is appended to the computer SID for the {{Administrator}} account * {{-501}} is appended to the computer SID for the {{Guest}} account

To make it easier to refer to these accounts universally, regardless of which computer they're run on, whether the accounts have been localized or renamed, a first step would to be produce a Fact value containing the computers SID.

An easy way to do this is to call the [LookupAccountName|https://msdn.microsoft.com/en-us/library/windows/desktop/aa379159(v=vs.85).aspx] Windows API, passing in the computers name. This value is also stored in the registry at {{HKLM\security\sam\domains\account}}  (particularly in the 24 byte span between 272 and 295 in the byte array) , if the user has permission to access that key  - see http://powershellers . blogspot.com/2009/06/how-to-get-computer-sid-using.html for more details

Add Comment

[Craig Gomes (JIRA)]

Craig Gomes updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Craig Gomes Fix Version/s: FACT 3.y

Add Comment

[Geoff Nichols (JIRA)]

Geoff Nichols updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Geoff Nichols Sprint: Windows APS  Triage

Add Comment

This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)

[Geoff Nichols (JIRA)]

Geoff Nichols updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Geoff Nichols Sprint: AP Triage

Add Comment

[Ethan Brown (JIRA)]

Ethan Brown commented on FACT-1467

Re: Add Windows computer_sid fact Note that our internal management module at https://github.com/puppetlabs/puppetlabs-modules/blob/f969898d4337b80b983a0f654fc41dc8f2934f32/site/profile/manifests/jenkins/slave/windows.pp#L55 harcodes the value Administrator, which suffers from the problem described in this ticket.

Add Comment

[Maggie Dreyer (JIRA)]

Maggie Dreyer updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Maggie Dreyer Labels: triaged windows

Add Comment

[Moses Mendoza (JIRA)]

Moses Mendoza updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Moses Mendoza Labels: triaged  windows

Add Comment

[Ethan Brown (JIRA)]

Ethan Brown updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Ethan Brown

When referring to the {{Administrator}} account or {{Guest}} account on Windows, those well-known and commonly used names cannot be referred to with well-known SIDs - see https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx Because these account names may also be localized on international versions of Windows, such as French and German - it can be difficult to write a manifest that doesn't need to vary based on the current OS language. {{Administrator}} and {{Guest}} build on the computer's SID, which varies on an individual computer basis, like: * {{-500}} is appended to the computer SID for the {{Administrator}} account * {{-501}} is appended to the computer SID for the {{Guest}} account

To make it easier to refer to these accounts universally, regardless of which computer they're run on, whether the accounts have been localized or renamed, a first step would to be produce a Fact value containing the computers SID.   There are a number of other SID structures that might be useful to surface as facts based on https://msdn.microsoft.com/en-us/library/cc980032.aspx

An easy way to do this is to call the [LookupAccountName|https://msdn.microsoft.com/en-us/library/windows/desktop/aa379159(v=vs.85).aspx] Windows API, passing in the computers name.

This value is also stored in the registry at {{HKLM\security\sam\domains\account}} (particularly in the 24 byte span between 272 and 295 in the byte array), if the user has permission to access that key - see http://powershellers.blogspot.com/2009/06/how-to-get-computer-sid-using.html for more details

Add Comment

[Branan Riley (JIRA)]

Branan Riley updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Branan Riley Labels: triaged windows

Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Branan Riley (JIRA)]

Branan Riley updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Branan Riley Labels: i18n triaged windows

Add Comment

[Branan Riley (JIRA)]

Branan Riley updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Branan Riley Fix Version/s: FACT 3.y

Add Comment

[Branan Riley (JIRA)]

Branan Riley updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Branan Riley Team: Platform Core OS

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Josh Cooper Team: Platform OS Night's Watch

Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Facter / FACT-1467 Add Windows computer_sid fact

Change By: Josh Cooper Epic Link: PUP-6719

Add Comment

This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)