Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] LGPO state fails when adding new admx files during state run #62734

Closed
2 of 9 tasks
dafyddj opened this issue Sep 22, 2022 · 0 comments
Closed
2 of 9 tasks

[BUG] LGPO state fails when adding new admx files during state run #62734

dafyddj opened this issue Sep 22, 2022 · 0 comments
Assignees
@twangboy
Labels
Bug broken, incorrect, or confusing behavior lgpo State-Module Windows
Milestone
Chlorine v3007.0

Comments

@dafyddj
Copy link
Contributor

dafyddj commented Sep 22, 2022

Description

Due to the move away from on-premise Active Directory servers and the increasing use of GPOs by third-party applications for configuration (cf. Google Chrome, Mozilla Firefox, Thunderbird etc.) there is a need for admins to make sure the correct admx/l files are on each Windows minion. Salt is perfect for implementing this.

However due to the fact that the LGPO module caches admx/adml files to speed up state application, if you put new admx files in-place during a state run, AFTER the LGPO state has already applied some changes, the LGPO module will not detect or be aware of those newly installed GPOs until a subsequent state run. This is an annoyance.
The problem does not appear when installing one set of admx/l files prior to applying the LGPO state changes.

Setup
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)

Please be as specific as possible and give set-up details.

  • on-prem machine
  • VM (Virtualbox, KVM, etc. please specify)
  • VM running on a cloud service, please be explicit and add details
  • container (Kubernetes, Docker, containerd, etc. please specify)
  • or a combination, please be explicit
  • jails if it is FreeBSD
  • classic packaging
  • onedir packaging
  • used bootstrap to install

Steps to Reproduce the behavior
(Include debug logs if possible and relevant)

PS C:\Users\vagrant> salt-call state.apply "apps.onedrive.gpo,apps.thunderbird.gpo"
[WARNING ] C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt-3004.1-py3.8.egg\salt\modules\win_lgpo.py:9269:
 FutureWarning: The behavior of this method will change in future versions. Use specific 'len(elem)' or 'elem is not Non
e' test instead.
  if child_item:

[WARNING ] Trying another: Mozilla\Thunderbird\Disable Update
[ERROR   ] Unable to find Machine policy Disable Update
local:
----------
          ID: apps-onedrive-gpo-install-file-managed-admx
    Function: file.managed
        Name: C:\Windows\PolicyDefinitions\OneDrive.admx
      Result: True
     Comment: File C:\Windows\PolicyDefinitions\OneDrive.admx updated
     Started: 14:26:45.226326
    Duration: 515.224 ms
     Changes:
              ----------
              diff:
                  New file
----------
          ID: apps-onedrive-gpo-install-file-managed-adml
    Function: file.managed
        Name: C:\Windows\PolicyDefinitions\en-US\OneDrive.adml
      Result: True
     Comment: File C:\Windows\PolicyDefinitions\en-US\OneDrive.adml updated
     Started: 14:26:45.741550
    Duration: 109.604 ms
     Changes:
              ----------
              diff:
                  New file
----------
          ID: apps-onedrive-gpo-config-lgpo-set
    Function: lgpo.set
      Result: True
     Comment: The following policies changed:
              Prevent users from redirecting their Windows known folders to their PC
              Silently move Windows known folders to OneDrive
              Silently sign in users to the OneDrive sync app with their Windows credentials
              Use OneDrive Files On-Demand
     Started: 14:26:46.460407
    Duration: 17234.613 ms
     Changes:
              ----------
              new:
                  ----------
                  Computer Configuration:
                      ----------
                      Prevent users from redirecting their Windows known folders to their PC:
                          Enabled
                      Silently move Windows known folders to OneDrive:
                          ----------
                          Desktop:
                              True
                          Documents:
                              True
                          Pictures:
                              True
                          Show notification to users after folders have been redirected:
                              No
                          Tenant ID:
                              XXXXXXXX-3045-4467-XXXX-986a346f779d
                      Silently sign in users to the OneDrive sync app with their Windows credentials:
                          Enabled
                      Use OneDrive Files On-Demand:
                          Enabled
              old:
                  ----------
                  Computer Configuration:
                      ----------
                      Prevent users from redirecting their Windows known folders to their PC:
                          Not Configured
                      Silently move Windows known folders to OneDrive:
                          Not Configured
                      Silently sign in users to the OneDrive sync app with their Windows credentials:
                          Not Configured
                      Use OneDrive Files On-Demand:
                          Not Configured
----------
          ID: apps-onedrive-gpo-config-cmd-run
    Function: cmd.run
        Name: gpupdate /wait:30
      Result: True
     Comment: Command "gpupdate /wait:30" run
     Started: 14:27:03.742015
    Duration: 12546.385 ms
     Changes:
              ----------
              pid:
                  2212
              retcode:
                  0
              stderr:
              stdout:
                  Updating policy...



                  Computer Policy update has completed successfully.

                  User Policy update has completed successfully.
----------
          ID: apps-thunderbird-gpo-install-file-managed-thunderbird-admx
    Function: file.managed
        Name: C:\Windows\PolicyDefinitions\thunderbird.admx
      Result: True
     Comment: File C:\Windows\PolicyDefinitions\thunderbird.admx updated
     Started: 14:27:16.288400
    Duration: 890.98 ms
     Changes:
              ----------
              diff:
                  New file
----------
          ID: apps-thunderbird-gpo-install-file-managed-thunderbird-adml
    Function: file.managed
        Name: C:\Windows\PolicyDefinitions\en-US\thunderbird.adml
      Result: True
     Comment: File C:\Windows\PolicyDefinitions\en-US\thunderbird.adml updated
     Started: 14:27:17.179380
    Duration: 702.543 ms
     Changes:
              ----------
              diff:
                  New file
----------
          ID: apps-thunderbird-gpo-install-file-managed-mozilla-admx
    Function: file.managed
        Name: C:\Windows\PolicyDefinitions\mozilla.admx
      Result: True
     Comment: File C:\Windows\PolicyDefinitions\mozilla.admx updated
     Started: 14:27:17.881923
    Duration: 703.722 ms
     Changes:
              ----------
              diff:
                  New file
----------
          ID: apps-thunderbird-gpo-install-file-managed-mozilla-adml
    Function: file.managed
        Name: C:\Windows\PolicyDefinitions\en-US\mozilla.adml
      Result: True
     Comment: File C:\Windows\PolicyDefinitions\en-US\mozilla.adml updated
     Started: 14:27:18.585645
    Duration: 686.953 ms
     Changes:
              ----------
              diff:
                  New file
----------
          ID: thunderbird-gpo-config-lgpo-set
    Function: lgpo.set
      Result: False
     Comment: Unable to find Machine policy Disable Update
     Started: 14:27:19.272598
    Duration: 172.156 ms
     Changes:
----------
          ID: thunderbird-gpo-config-cmd-run
    Function: cmd.run
        Name: gpupdate /wait:0
      Result: False
     Comment: One or more requisite failed: apps.thunderbird.gpo.config.thunderbird-gpo-config-lgpo-set
     Started: 14:27:19.444754
    Duration: 0.0 ms
     Changes:

Summary for local
------------
Succeeded: 8 (changed=8)
Failed:    2
------------
Total states run:    10
Total run time:  33.562 s

Expected behavior
All changes to be applied during a single state run.

Screenshots
If applicable, add screenshots to help explain your problem.

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) 
Salt Version:
          Salt: 3004.1

Dependency Versions:
          cffi: 1.14.6
      cherrypy: 18.6.1
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: 4.0.7
     gitpython: 3.1.18
        Jinja2: 2.10.1
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: 1.1.4
       msgpack: 0.6.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.20
      pycrypto: Not Installed
  pycryptodome: 3.10.1
        pygit2: Not Installed
        Python: 3.8.8 (tags/v3.8.8:024d805, Feb 19 2021, 13:18:16) [MSC v.1928 64 bit (AMD64)]
  python-gnupg: 0.4.7
        PyYAML: 5.4.1
         PyZMQ: 19.0.0
         smmap: 4.0.0
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.2

System Versions:
          dist:
        locale: cp1252
       machine: AMD64
       release: 8.1
        system: Windows
       version: 8.1 6.3.9600 SP0 Multiprocessor Free

Additional context
Add any other context about the problem here.
@dafyddj dafyddj added Bug broken, incorrect, or confusing behavior needs-triage labels Sep 22, 2022
@OrangeDog OrangeDog added the lgpo label Sep 22, 2022
@twangboy twangboy added Windows Sulfur v3006.0 release code name and version and removed needs-triage labels Sep 22, 2022
@twangboy twangboy added this to the Sulphur v3006.0 milestone Sep 22, 2022
@twangboy twangboy self-assigned this Sep 22, 2022
@waynew waynew removed the Sulfur v3006.0 release code name and version label Dec 16, 2022
@twangboy twangboy mentioned this issue Apr 12, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@twangboy twangboy

Labels
Bug broken, incorrect, or confusing behavior lgpo State-Module Windows
Projects
None yet
Milestone
Chlorine v3007.0
Development

No branches or pull requests
4 participants
@waynew @OrangeDog @dafyddj @twangboy