cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb
<?xml version="1.0" encoding="utf-16"?>
<GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
<Identifier>
<Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{FD1588BE-0843-43E6-8F35-C4E9F8413EF7}</Identifier>
<Domain xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @domain_name %></Domain>
</Identifier>
<Name>test</Name>
<IncludeComments>true</IncludeComments>
<CreatedTime>2015-06-07T04:31:38</CreatedTime>
<ModifiedTime>2015-06-07T04:59:52</ModifiedTime>
<ReadTime>2015-06-07T05:00:23.4314191Z</ReadTime>
<SecurityDescriptor>
<SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-1406275717-2083712575-401716046-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
<Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1406275717-2083712575-401716046-512</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\Domain Admins</Name>
</Owner>
<Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1406275717-2083712575-401716046-512</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\Domain Admins</Name>
</Group>
<PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
<Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
<InheritsFromParent>false</InheritsFromParent>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1406275717-2083712575-401716046-519</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\Enterprise Admins</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1406275717-2083712575-401716046-512</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\Domain Admins</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
</Permissions>
<AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
</SecurityDescriptor>
<FilterDataAvailable>true</FilterDataAvailable>
<Computer>
<VersionDirectory>13</VersionDirectory>
<VersionSysvol>13</VersionSysvol>
<Enabled>true</Enabled>
<ExtensionData>
<Extension xmlns:q1="http://www.microsoft.com/GroupPolicy/Settings/Security" xsi:type="q1:SecuritySettings">
<q1:UserRightsAssignment>
<q1:Name>SeAssignPrimaryTokenPrivilege</q1:Name>
<q1:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @ssh_sid %></SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\sshd_service</Name>
</q1:Member>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeCreateTokenPrivilege</q1:Name>
<q1:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @ssh_sid %></SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\sshd_service</Name>
</q1:Member>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeDenyInteractiveLogonRight</q1:Name>
<q1:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @ssh_sid %></SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\sshd_service</Name>
</q1:Member>
<q1:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @ec2config_sid %></SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\ec2config</Name>
</q1:Member>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeDenyRemoteInteractiveLogonRight</q1:Name>
<q1:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @ssh_sid %></SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\sshd_service</Name>
</q1:Member>
<q1:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @ec2config_sid %></SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\ec2config</Name>
</q1:Member>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeServiceLogonRight</q1:Name>
<q1:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @ssh_sid %></SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\sshd_service</Name>
</q1:Member>
<q1:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @ec2config_sid %></SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\ec2config</Name>
</q1:Member>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeTcbPrivilege</q1:Name>
<q1:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @ssh_sid %></SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types"><%= @netbios_name %>\sshd_service</Name>
</q1:Member>
</q1:UserRightsAssignment>
</Extension>
<Name>Security</Name>
</ExtensionData>
</Computer>
<User>
<VersionDirectory>0</VersionDirectory>
<VersionSysvol>0</VersionSysvol>
<Enabled>true</Enabled>
</User>
</GPO>