Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.0
-
None
Description
Security templates are applied during the Windows image capture process. One of the templates grants root the "Log on as a service" right. This overwrites the previous list of accounts which have been granted this right. This security template setting should be removed because root should always have this right, as it's granted during the base image creation steps.
The apply_security_templates subroutine needs to be updated to use the /overwrite switch when calling secedit because the previous setting is saved in a security database file on the computer. This previous setting will continue to be applied because settings are appended unless /overwrite is used.