Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resource to manage Windows Internet Explorer Enhanced Security Configuration #9139

Open
Xorima opened this issue Dec 5, 2019 · 3 comments
Open

Comments

@Xorima
Copy link
Contributor

@Xorima Xorima commented Dec 5, 2019

Core Chef Resource Checklist

Before suggesting a resource for inclusion please make sure your suggestion meets these criteria for resources built into Chef:

  • Automates an operating system component that ships by default on systems such as authentication, raid, disk partitions, firewalls, containers, or virtualization systems.
  • Does not attempt automate 3rd party applications such as database, web, or application servers, which are best suited for cookbooks due to their fast moving nature.

Describe the resource:

Internet Explorer Enhanced Security Configuration is a setting which is used to allow internet explorer to work on a server.

it would work like this:

windows_ie_enhanced_sec_config 'foo' do
  scope :admin
  action :enable
end

there would also be a scope of user

Why should this be included out of the box?:

if you need to remote into the server and browse the internet this normally needs changing

What operating systems would it run on?

Windows Server 2012+

Current cookbook implementation:

Not that I am aware of

Can We Help You Implement This?:

Tell me what I should name the resource, its a bit of a mouthful currently

Implementation notes: https://4sysops.com/archives/disable-internet-explorer-enhanced-security-configuration-ie-esc-with-group-policy/

@lamont-granquist

This comment has been minimized.

Copy link
Contributor

@lamont-granquist lamont-granquist commented Dec 5, 2019

This feels like a very specialized use case that should just be handled with a registry_key resource.

If there's a feature here, it should be much more generalized. So if you wanted to create something more like:

windows_ie_config "whatever" do
  enhanced_security_admin false
  enhanced_security_user true
end

But that would need to implement an API which wrapped the setting of IE config generally, and should probably be prototyped in a cookbook first.

This one use case is way too highly specialized to add yet another resource, and even more documentation to maintain and for users to have to thumb through to find the thing that they actually want.

@Xorima

This comment has been minimized.

Copy link
Contributor Author

@Xorima Xorima commented Dec 5, 2019

Hi Lamont

Happy to close but this is not an ie setting inside internet explorer per say, it is actually a setting within server manager on windows, hence the thoughts

Did you still think it is worth closing this issue in favour of an ie settings cookbook?

Thanks for looking

@lamont-granquist

This comment has been minimized.

Copy link
Contributor

@lamont-granquist lamont-granquist commented Dec 5, 2019

I don't know what the best abstraction would be, but the abstraction at this level is way too fine for a chef resource. It is literally just a thin wrapper around two registry keys. It needs to offer something more useful. Either something wrapping server manager, or something wrapping IE, at a more comprehensive level, whatever logically makes sense to those trying to solve problems in the domain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.