windows - 每次为使用 Puppet for Windows 时手动创建的本地组运行 puppet 代理时都会执行纠正操作

Question

每次在 Puppet for Windows 中运行 puppet 代理以添加本地组（手动创建的本地组，对于内置本地组同样适用，没有任何问题）时，都会发生纠正措施，以下是设置，请帮助我这个。

local_security_policy { 'Act as part of the operating system':
  ensure       => present,
  policy_value => 'APPServices',
  }

C:\windows\system32>puppet apply --noop c:\Temp1\test2.pp
Notice: Compiled catalog for *.*.com in environment production in 0.11 seconds
Notice: /Stage[main]/Main/Local_security_policy[Act as part of the operating system]/policy_value: current_value 'APPServices', should be '*S-1-5-21-196447214-1376558921-3295530933-1002' (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 event
Notice: Stage[main]: Would have triggered 'refresh' from 1 event
Notice: Applied catalog in 1.10 seconds

以下是每次运行 form puppet agent -t 时发生的纠正措施。

C:\windows\system32>puppet agent -t
Info: Using environment 'cc_master'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for *.*.com
Info: Applying configuration version 'qpupa01l-cc_master-bbff79b3632'
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Access Credential Manager as a trusted caller]/ensure: created (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Create permanent shared objects]/ensure: created (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Deny access to this computer from the network]/policy_value: policy_value changed '*S-1-5-21-225823623-629818758-2605879389-6034176,lcladmsystem,*S-1-5-32-546,*S-1-5-7' to '*S-1-5-21-225823623-629818758-2605879389-6034176,*S-1-5-21-3326136169-1111179677-1669346923-500,*S-1-5-32-546,*S-1-5-7' (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Enable computer and user accounts to be trusted for delegation]/ensure: created (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Modify an object label]/ensure: created (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Synchronize directory service data]/ensure: created (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Act as part of the operating system]/policy_value: policy_value changed 'APPServices' to '*S-1-5-21-3326136169-1111179677-1669346923-1001' (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Adjust memory quotas for a process]/policy_value: policy_value changed '*S-1-5-19,*S-1-5-20,APPServices,*S-1-5-32-544,*S-1-5-32-547' to '*S-1-5-19,*S-1-5-20,*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-32-547' (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Allow log on locally]/policy_value: policy_value changed '*S-1-5-32-544,*S-1-5-32-547' to '*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-32-547'
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Impersonate a client after authentication]/policy_value: policy_value changed '*S-1-5-19,*S-1-5-20,APPServices,*S-1-5-32-544,*S-1-5-6' to '*S-1-5-19,*S-1-5-20,*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-6' (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Lock pages in memory]/policy_value: policy_value changed 'APPServices' to '*S-1-5-21-3326136169-1111179677-1669346923-1001' (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Deny log on as a batch job]/policy_value: policy_value changed 'APPServices,*S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559' to '*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559' (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Deny log on as a service]/policy_value: policy_value changed '*S-1-5-21-225823623-629818758-2605879389-4962827,APPServices,*S-1-5-80-0' to '*S-1-5-21-225823623-629818758-2605879389-4962827,*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-80-0' (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Perform volume maintenance tasks]/policy_value: policy_value changed 'APPServices,*S-1-5-32-544' to '*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544' (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Profile system performance]/policy_value: policy_value changed 'APPServices,*S-1-5-32-544,*S-1-5-32-547' to '*S-1-5-21-3326136169-1111179677-1669346923-1001,*S-1-5-32-544,*S-1-5-32-547' (corrective)
Notice: /Stage[main]/Cc_hieratest::Policy::Securitypolicy/Local_security_policy[Replace a process level token]/policy_value: policy_value changed '*S-1-5-19,*S-1-5-20,APPServices' to '*S-1-5-19,*S-1-5-20,*S-1-5-21-3326136169-1111179677-1669346923-1001' (corrective)
Notice: Applied catalog in 15.14 seconds