SecurityPolicyDsc icon indicating copy to clipboard operation
SecurityPolicyDsc copied to clipboard
verified publisher icon dsccommunity

User Rights Assignment throwing secedit.exe error

Open billyhigdon opened this issue 6 years ago • 3 comments

Having an issue when trying to set the following with UserRightsAssignement...

    UserRightsAssignment LockPagesInMemory 
    {
            Policy = "Lock_pages_in_memory"
            Identity = "sqlservice"
    }

errors out with the following:

The term 'secedit.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. + CategoryInfo : ObjectNotFound: (secedit.exe:) [], CimException + FullyQualifiedErrorId : CommandNotFoundException + PSComputerName : pc-new

Cannot find path 'C:\Windows\TEMP\SecurityPolicy.inf' because it does not exist. + CategoryInfo : ObjectNotFound: (C:\Windows\TEMP\SecurityPolicy.inf:) [], CimException + FullyQualifiedErrorId : PathNotFound + PSComputerName : pc-new

I'm on the latest build - 2.7.0.0

billyhigdon avatar Mar 22 '19 21:03 billyhigdon

Can you give more information about your OS? SecEdit should be built-in Windows.

As an Administrator account, can you try this in a shell:

C:\ PS> where.exe secedit.exe

It should return:

# C:\Windows\System32\SecEdit.exe

gaelcolas avatar Mar 27 '19 04:03 gaelcolas

Hi Guys - I've also experienced this issue on a number (approx 1 in 3) of identical builds - Windows 2016 1607 Build 14393.2248.

I'm seeing it with the SecurityOption resource. Output:

https://gist.github.com/dtrac/5a02e0348936aab9d036e4fbc4ce71ee

Running PowerShell interactively, I can execute secedit.exe successfully, and a 'where.exe' shows it in the correct location (C:\Windows\System32).

System PATH variable has C:\Windows\system32 correctly defined.

dtrac avatar Jun 21 '19 07:06 dtrac

We are seeing this issue periodically with new Windows Server installs and the publication of DSC configurations containing the UserRightsAssignment settings. Even after joining the domain the system reports errors about the secedit.exe command not being found. Running Get-Command secedit.exe accurately locates the program but for some reason the environment paths for the system account, running the resource, fails to locate the secedit command. I am working on a possible solution for review and will be opening a PR soon.

39Delta avatar Dec 25 '21 20:12 39Delta