[BUG] LGPO state fails when adding new admx files during state run #62734
Description
Description
Due to the move away from on-premise Active Directory servers and the increasing use of GPOs by third-party applications for configuration (cf. Google Chrome, Mozilla Firefox, Thunderbird etc.) there is a need for admins to make sure the correct admx/l files are on each Windows minion. Salt is perfect for implementing this.
However due to the fact that the LGPO module caches admx/adml files to speed up state application, if you put new admx files in-place during a state run, AFTER the LGPO state has already applied some changes, the LGPO module will not detect or be aware of those newly installed GPOs until a subsequent state run. This is an annoyance.
The problem does not appear when installing one set of admx/l files prior to applying the LGPO state changes.
Setup
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
Please be as specific as possible and give set-up details.
- on-prem machine
- VM (Virtualbox, KVM, etc. please specify)
- VM running on a cloud service, please be explicit and add details
- container (Kubernetes, Docker, containerd, etc. please specify)
- or a combination, please be explicit
- jails if it is FreeBSD
- classic packaging
- onedir packaging
- used bootstrap to install
Steps to Reproduce the behavior
(Include debug logs if possible and relevant)
PS C:\Users\vagrant> salt-call state.apply "apps.onedrive.gpo,apps.thunderbird.gpo"
[WARNING ] C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt-3004.1-py3.8.egg\salt\modules\win_lgpo.py:9269:
FutureWarning: The behavior of this method will change in future versions. Use specific 'len(elem)' or 'elem is not Non
e' test instead.
if child_item:
[WARNING ] Trying another: Mozilla\Thunderbird\Disable Update
[ERROR ] Unable to find Machine policy Disable Update
local:
----------
ID: apps-onedrive-gpo-install-file-managed-admx
Function: file.managed
Name: C:\Windows\PolicyDefinitions\OneDrive.admx
Result: True
Comment: File C:\Windows\PolicyDefinitions\OneDrive.admx updated
Started: 14:26:45.226326
Duration: 515.224 ms
Changes:
----------
diff:
New file
----------
ID: apps-onedrive-gpo-install-file-managed-adml
Function: file.managed
Name: C:\Windows\PolicyDefinitions\en-US\OneDrive.adml
Result: True
Comment: File C:\Windows\PolicyDefinitions\en-US\OneDrive.adml updated
Started: 14:26:45.741550
Duration: 109.604 ms
Changes:
----------
diff:
New file
----------
ID: apps-onedrive-gpo-config-lgpo-set
Function: lgpo.set
Result: True
Comment: The following policies changed:
Prevent users from redirecting their Windows known folders to their PC
Silently move Windows known folders to OneDrive
Silently sign in users to the OneDrive sync app with their Windows credentials
Use OneDrive Files On-Demand
Started: 14:26:46.460407
Duration: 17234.613 ms
Changes:
----------
new:
----------
Computer Configuration:
----------
Prevent users from redirecting their Windows known folders to their PC:
Enabled
Silently move Windows known folders to OneDrive:
----------
Desktop:
True
Documents:
True
Pictures:
True
Show notification to users after folders have been redirected:
No
Tenant ID:
XXXXXXXX-3045-4467-XXXX-986a346f779d
Silently sign in users to the OneDrive sync app with their Windows credentials:
Enabled
Use OneDrive Files On-Demand:
Enabled
old:
----------
Computer Configuration:
----------
Prevent users from redirecting their Windows known folders to their PC:
Not Configured
Silently move Windows known folders to OneDrive:
Not Configured
Silently sign in users to the OneDrive sync app with their Windows credentials:
Not Configured
Use OneDrive Files On-Demand:
Not Configured
----------
ID: apps-onedrive-gpo-config-cmd-run
Function: cmd.run
Name: gpupdate /wait:30
Result: True
Comment: Command "gpupdate /wait:30" run
Started: 14:27:03.742015
Duration: 12546.385 ms
Changes:
----------
pid:
2212
retcode:
0
stderr:
stdout:
Updating policy...
Computer Policy update has completed successfully.
User Policy update has completed successfully.
----------
ID: apps-thunderbird-gpo-install-file-managed-thunderbird-admx
Function: file.managed
Name: C:\Windows\PolicyDefinitions\thunderbird.admx
Result: True
Comment: File C:\Windows\PolicyDefinitions\thunderbird.admx updated
Started: 14:27:16.288400
Duration: 890.98 ms
Changes:
----------
diff:
New file
----------
ID: apps-thunderbird-gpo-install-file-managed-thunderbird-adml
Function: file.managed
Name: C:\Windows\PolicyDefinitions\en-US\thunderbird.adml
Result: True
Comment: File C:\Windows\PolicyDefinitions\en-US\thunderbird.adml updated
Started: 14:27:17.179380
Duration: 702.543 ms
Changes:
----------
diff:
New file
----------
ID: apps-thunderbird-gpo-install-file-managed-mozilla-admx
Function: file.managed
Name: C:\Windows\PolicyDefinitions\mozilla.admx
Result: True
Comment: File C:\Windows\PolicyDefinitions\mozilla.admx updated
Started: 14:27:17.881923
Duration: 703.722 ms
Changes:
----------
diff:
New file
----------
ID: apps-thunderbird-gpo-install-file-managed-mozilla-adml
Function: file.managed
Name: C:\Windows\PolicyDefinitions\en-US\mozilla.adml
Result: True
Comment: File C:\Windows\PolicyDefinitions\en-US\mozilla.adml updated
Started: 14:27:18.585645
Duration: 686.953 ms
Changes:
----------
diff:
New file
----------
ID: thunderbird-gpo-config-lgpo-set
Function: lgpo.set
Result: False
Comment: Unable to find Machine policy Disable Update
Started: 14:27:19.272598
Duration: 172.156 ms
Changes:
----------
ID: thunderbird-gpo-config-cmd-run
Function: cmd.run
Name: gpupdate /wait:0
Result: False
Comment: One or more requisite failed: apps.thunderbird.gpo.config.thunderbird-gpo-config-lgpo-set
Started: 14:27:19.444754
Duration: 0.0 ms
Changes:
Summary for local
------------
Succeeded: 8 (changed=8)
Failed: 2
------------
Total states run: 10
Total run time: 33.562 s
Expected behavior
All changes to be applied during a single state run.
Screenshots
If applicable, add screenshots to help explain your problem.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)Salt Version:
Salt: 3004.1
Dependency Versions:
cffi: 1.14.6
cherrypy: 18.6.1
dateutil: 2.8.1
docker-py: Not Installed
gitdb: 4.0.7
gitpython: 3.1.18
Jinja2: 2.10.1
libgit2: Not Installed
M2Crypto: Not Installed
Mako: 1.1.4
msgpack: 0.6.2
msgpack-pure: Not Installed
mysql-python: Not Installed
pycparser: 2.20
pycrypto: Not Installed
pycryptodome: 3.10.1
pygit2: Not Installed
Python: 3.8.8 (tags/v3.8.8:024d805, Feb 19 2021, 13:18:16) [MSC v.1928 64 bit (AMD64)]
python-gnupg: 0.4.7
PyYAML: 5.4.1
PyZMQ: 19.0.0
smmap: 4.0.0
timelib: 0.2.4
Tornado: 4.5.3
ZMQ: 4.3.2
System Versions:
dist:
locale: cp1252
machine: AMD64
release: 8.1
system: Windows
version: 8.1 6.3.9600 SP0 Multiprocessor FreeAdditional context
Add any other context about the problem here.