Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad conditionals make Backup Domain Controllers evaluate Member Server rules rather than Domain Controller rules #23

Closed
mfann-or opened this issue May 1, 2023 · 1 comment
Closed

Bad conditionals make Backup Domain Controllers evaluate Member Server rules rather than Domain Controller rules #23

mfann-or opened this issue May 1, 2023 · 1 comment

Comments

@mfann-or
Copy link

mfann-or commented May 1, 2023

Here is one example of many where the role needs to update this conditional to account for Backup Domain Controllers.

Issue:

Bad conditionals make Backup Domain Controllers evaluate Member Server rules rather than Domain Controller rules

Possible Solutions:

  1. The conditional could use the same Ansible fact, but change the logic.
when:
  - "'domain controller' in ansible_windows_domain_role"
  1. The conditional could use a different Ansible fact that is the same across Domain Controller types.
when:
  - ansible_os_product_type == "domain_controller"
mfann-or added a commit to mfann-or/Windows-2019-STIG that referenced this issue May 1, 2023
@mfann-or
fixes ansible-lockdown#23, fixes bad var and conditional
0bb5588
mfann-or added a commit to mfann-or/Windows-2019-STIG that referenced this issue May 1, 2023
@mfann-or
fixes ansible-lockdown#23, fixes bad var and conditional
9377e76 
Signed-off-by: mfann <mfann@origamirisk.com>
@mfann-or mfann-or mentioned this issue May 1, 2023
Closed
MikeCantCode added a commit to MikeCantCode/Windows-2019-STIG that referenced this issue May 1, 2023
@MikeCantCode
Fixes ansible-lockdown#23, fixes other bad var and conditional
1f5bec1 
Signed-off-by: GitHub <noreply@github.com>
@MikeCantCode MikeCantCode mentioned this issue May 1, 2023
Closed
@frederickw082922
Copy link
Contributor

Thank you @MikeCantCode appreciate you taking the time to submit your PR. Unfortunately, we closed your Issue due to keeping PDC vs Member Server vs Standonle testing pipeline baseline for clients. We have noted the secondary domain controller behavior in our backlog. When the secondary controller baseline gets addressed, we will make the change to all of DC controls. Thank you for your patience and understanding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@mfann-or @frederickw082922