From a72905494f20ed2b861b96122fcd6f7b3137e06d Mon Sep 17 00:00:00 2001
From: Rajesh Radhakrishnan <enthoughts@gmail.com>
Date: Wed, 7 Nov 2018 09:43:24 -0800
Subject: [PATCH] added windows users

---
 site/windows/manifests/init.pp  |  1 +
 site/windows/manifests/users.pp | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 site/windows/manifests/init.pp
 create mode 100644 site/windows/manifests/users.pp

diff --git a/site/windows/manifests/init.pp b/site/windows/manifests/init.pp
new file mode 100644
index 0000000..08c6e8d
--- /dev/null
+++ b/site/windows/manifests/init.pp
@@ -0,0 +1 @@
+class windows {}
diff --git a/site/windows/manifests/users.pp b/site/windows/manifests/users.pp
new file mode 100644
index 0000000..b77582c
--- /dev/null
+++ b/site/windows/manifests/users.pp
@@ -0,0 +1,32 @@
+# Create a local user
+# Create a local group
+# Add the user to the group
+# Grant your user the "Log on as a Service" right
+
+# Explain what the "Log on as a Service" right does : 
+# This policy setting determines which service accounts can register a process as a service. 
+# Running a process under a service account circumvents the need for human intervention.
+
+
+
+class windows::users {
+  $users = ['service-01']
+  $group = 'service-account'
+
+  user { $users:
+    ensure => present,
+  }
+
+  group { $group:
+    ensure => present, 
+    members => $users,
+  }
+
+  # local_security_policy { 'Log on as a service':
+  #   ensure => present,
+  #   policy_value => '90',
+  # }
+
+}
+
+