Hey all,
I’m a first time poster and am having some DSC beginner issues seemingly related to permissions.
Firstly some context:
- I have WMF 5.1 and the latest choco client installed
- I’m trying to install Sophos Endpoint Security using Choco and DSC
- I’ve created a Sophos Choco package and it installs w/ no problem as a local admin running ‘choco.exe’
- I’ve installed the latest cChoco DSC Module
- Installation of the package via DSC push + cChoco fails
- When I modify the Sophos Choco package to output the current user (during DSC application), it outputs ‘NT Authority/System’
- Logging in as ‘NT Authority/System’ and executing 'choco install ’ produces the same error (return code 4) as observed from DSC push + cChoco
- Server: Windows 2012 R2 from base AWS AMI
- Administrative user is simply the default one created by ec2utils upon instance launch
- Server has been joined to a new AD domain (in case that effects permissions)
- UAC temporarily disabled for troubleshooting ‘NT Authority/System’ unable to use ‘runas.exe’ to do simple things like ‘whoami’ or ‘ping’ due to permissions
I have some other ideas that i’ve started down but I’m really after guidance on what’s best practice for configuring DSC/Windows to be able to run installers that require elevated privileges. My windows permission fundamentals are a bit lacking, so assuming it’s more my lack of understanding than a fault, plus it seems like something that would be encountered frequently by everyone managing their fleet with DSC.