dev-sec
Admins should be allowed to login via winrm
Hi! Current default setting win_security_SeNetworkLogonRight: '*S-1-0-0' looks like 'shoot in foot': if we disable network login for all users - we cannot run the playbook with:
TASK [windows-baseline : load gpo configuration locally] ***************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: InvalidCredentialsError: the specified credentials were rejected by the server
fatal: [windows.example.org]: FAILED! => {"failed": true, "msg": "Unexpected failure during module execution.", "stdout": ""}
because we cannot connect to the server via WinRM.
Thanks for your contribution. However this should better be discussed in our Inspec windows baseline, here: https://github.com/dev-sec/windows-baseline
In this playbook we "merely" follow the recommendations in the baseline. Do you mind creating an issue there?
Okay, will do.
сб, 28 окт. 2017 г., 4:21 Sebastian Gumprich [email protected]:
Thanks for your contribution. However this should better be discussed in our Inspec windows baseline, here: https://github.com/dev-sec/windows-baseline
In this playbook we "merely" follow the recommendations in the baseline. Do you mind creating an issue there?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dev-sec/ansible-windows-hardening/pull/3#issuecomment-340047709, or mute the thread https://github.com/notifications/unsubscribe-auth/ABCIuDo9GtbfKgiO_XB6nGwPE9yYd6WRks5swh9GgaJpZM4QFili .
-- Маркелов Антон