grdnr
6/22/2017 - 9:37 AM

Secedit.exe custom resource example

Secedit.exe custom resource example

resource_name :security_policy

default_action :configure

property :policy_template, String, required: false, default: 'C:\Windows\security\templates\chefNewPolicy.inf'
property :database, String, required: false, default: 'C:\Windows\security\database\chef.sdb'
property :log_location, String, default: 'C:\Windows\security\logs\chef-secedit.log'

action :configure do
  if node['platform'] == 'windows'
    template "#{policy_template}" do
      source 'policy.inf.erb'
      cookbook 'windows-security-policy'
      action :create
    end
    execute 'Configure security database' do
      command "Secedit /configure /db #{database} /cfg #{policy_template} /log #{log_location}"
      live_stream true
      action :run
    end
  else
    Chef::Log.info "#{@current_resource} is only for a Windows platform"
  end
end