Description

Currently there are a handful of cookbooks which leverage 'Administrators' for defining owner, group, rights, et al. This is problematic when the default language of the Windows device is not set to English.

In order to circumvent this, I believe the gilded approach would be to use SID strings instead of the actual name of the securable resource that the SID would point to (i.e. 'S-1-5-32-544' instead of 'Administrators'). Given that the SIDs for specific builtin groups don't change, methinks this would be a safer approach.

This feature was introduced in Chef Infra client v16.5.64 (See: v16.5.64 release notes under "Windows securable resources").

Chef Version

Chef-client v16.13.16

Platform Version

Windows 10

Replication Case

Setup a Windows machine in a non-English language, run a Chef recipe which relies upon the usage of 'Administrators', 'Everyone', 'SYSTEM' and you should get back errors.

Client Output

Chef::Exceptions::Win32APIError: Não foi feito mapeamento entre os nomes de conta e as identificações de segurança.

Translated to English this becomes:

Chef::Exceptions::Win32APIError: No mapping between account names and security IDs was done.