Use SYSTEM as the directory owner

[tas50]

Description

We're currently trying to find a local admin account, but that won't exist on a DC. SYSTEM will always exist and administrators group still has write on the dirs so this is really no change.

Issues Resolved

#333

Check List

• All tests pass. See https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD
• New functionality includes testing.
• New functionality has been documented in the README if applicable
• The CLA has been signed. See https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD

We're currently trying to find a local admin account, but that won't exist on a DC. SYSTEM will always exist and administrators group still has write on the dirs so this is really no change.

[mwrock]

What about using administrator and falling back to system if that user is not there? Just in case folks already using this expect administrator.

[tas50]

Any tips on falling back in the Windows world? How would I detect if that user exists?

[smurawski]

While I like the idea of preserving compat - I like the PR as it stands. If there is fallback, you'll have a different configuration on DCs than other servers in the environment. And while the days of domains in the data center are numbered - it's still going to be a while before they all die.

[mwrock]

yeah you should be able to do:

u=Chef::Util::Windows::NetUser.new("administrator")
u.get_info

if the user does not exist then the call to get_info will raise Chef::Exceptions::UserIDNotFound

[smurawski]

👍

[mwrock]

that sounds reasonable. Just wanted to bring it up and see if alarms sounded with anyone. 👍

[smurawski]

@mwrock one thing to be aware of - the difference in the wmi query to your netuser thing is that the wmi call will find re-named administrator accounts, where the netuser approach is reliant on the admin account not being renamed.