salt: Problem with win_lgpo.py in salt 2016.11.0

Description of Issue/Question

Hello,

I have problem with module win_lgpo.py introduced in version 2016.11.0. I test it with simple politics with login script, but ended with error. I debbug it - problem is with parsing admx template in PolicyDefinitions in Windows dir. I have politic which statring with line: <?xml version='1.0' encoding='unicode' standalone='yes'?>

and problem is endcoding=‘unicode’ where: xmltree = lxml.etree.parse(admfile, parser=parser) fail with: XMLSyntaxError: Unsupported encoding unicode, line 1, column 37

Setup

login_lgpo:
  lgpo.set:
    - name: Startup Scripts
    - setting:
      - C:/install/login.cmd
    - policy_class: User

Steps to Reproduce Issue

Versions Report

Salt Version:
           Salt: 2016.11.0

Dependency Versions:
           cffi: 1.7.0
       cherrypy: 7.1.0
       dateutil: 2.5.3
          gitdb: 0.6.4
      gitpython: 2.0.8
          ioflo: 1.5.5
         Jinja2: 2.8
        libgit2: Not Installed
        libnacl: 1.4.5
       M2Crypto: Not Installed
           Mako: 1.0.4
   msgpack-pure: Not Installed
 msgpack-python: 0.4.8
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 2.6.1
         pygit2: Not Installed
         Python: 2.7.12 (v2.7.12:d33e0cf91556, Jun 27 2016, 15:24:40) [MSC v.150
0 64 bit (AMD64)]
   python-gnupg: 0.3.8
         PyYAML: 3.11
          PyZMQ: 16.0.1
           RAET: Not Installed
          smmap: 0.9.0
        timelib: 0.2.4
        Tornado: 4.4.1
            ZMQ: 4.1.6

System Versions:
           dist:
        machine: AMD64
        release: 7
         system: Windows
        version: 7 6.1.7601 SP1 Multiprocessor Free

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 1
  • Comments: 25 (20 by maintainers)

Most upvoted comments

@arthur-kiwi the “set” command doesn’t run a gpupdate, so the data in the regpol file won’t get written to the registry (for admin templates) until the next run (though it should show as configured by lgpo.get and gpedit.msc)

Here is how we do our states, we have a simple “gpupdate” state that looks like this:

run_gpupdate:
  cmd.run:
    - name: 'gpupdate /force'

Then on any policy that uses the lgpo state, we include that state and use an onchanges:

include:
  - gpupdate

set_banner_policy:
  lgpo.set:
    - computer_policy:
        'Interactive logon: Message text for users attempting to log on': |-
            {{ banner_settings['text']|indent(12) }}
        'Interactive logon: Message title for users attempting to log on': |-
            {{ banner_settings['header']|indent(12) }}
    - onchanges:
      - cmd: run_gpupdate

Since I was patterning lgpo after gpedit.msc, I didn’t make the module run the gpupdate automatically, as I don’t believe gpedit.msc performs a gpupdate on exit…

I see your update that lgpo.get shows the policy configured, but can you confirm whether gpedit.msc shows the policies you have set as Enabled (or with the proper setting)? I want to make sure that works too. If it did, then it is looking like there is an issue with setting a single policy (I almost exclusively use the computer_policy/user_policy dict method, as it is more efficient [due to the way the module is written], so all of my tests use that method of applying the policy. A quick glance at the state code seems good, but if it is not working, I’ll dig in further.

Thanks for your help in making the module better…

(Edited to to account for fat-fingers)

+1
lomeroe on Jan 12, 2017
Read more comments on GitHub
← salt: Problem with salt-ssh and mine.get
salt: Python 2.7 provided via Salt repo breaks RHEL6 satellite badly  →