cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

explicitly set LocalAccountTokenFilterPolicy on WinRM configure script (#45947)

Browse source
This commit is contained in:
Jordan Borean 2018-09-25 08:01:03 +10:00 committed by GitHub
parent d8d4be40b0
commit 24b4633481
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
examples/scripts/ConfigureRemotingForAnsible.ps1
View file

@ -50,6 +50,7 @@
# Version 1.6 - 2017-04-18 # Version 1.6 - 2017-04-18
# Version 1.7 - 2017-11-23 # Version 1.7 - 2017-11-23
# Version 1.8 - 2018-02-23 # Version 1.8 - 2018-02-23
# Version 1.9 - 2018-09-21
# Support -Verbose option # Support -Verbose option
[CmdletBinding()] [CmdletBinding()]
@ -293,6 +294,20 @@ Else
Write-Verbose "PS Remoting is already enabled." Write-Verbose "PS Remoting is already enabled."
} }
# Ensure LocalAccountTokenFilterPolicy is set to 1
# https://github.com/ansible/ansible/issues/42978
$token_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
$token_prop_name = "LocalAccountTokenFilterPolicy"
$token_key = Get-Item -Path $token_path
$token_value = $token_key.GetValue($token_prop_name, $null)
if ($token_value -ne 1) {
Write-Verbose "Setting LocalAccountTOkenFilterPolicy to 1"
if ($null -ne $token_value) {
Remove-ItemProperty -Path $token_path -Name $token_prop_name
}
New-ItemProperty -Path $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null
}
# Make sure there is a SSL listener. # Make sure there is a SSL listener.
$listeners = Get-ChildItem WSMan:\localhost\Listener $listeners = Get-ChildItem WSMan:\localhost\Listener
If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"})) If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"}))