Darn I was thinking there was a GPO policy that was forcing the CbtHardeningLevel to Strict which I don't believe the Go winrm library supports but relaxed seems to be fine.
There's potentially another setting that a GPO policy may be overriding but it's a long shot. The LocalAccountTokenFilterPolicy [1] registry value needs to be set to 1 for local admin accounts to work. Because you said Chef is still working I doubt that this will be it but it's worth looking at the registry key to see if it gets changed. I'm not sure what release of Packer included the dependency change of the ntlm library but there is some background info on this [2]. Going by the GPO idea above, it could be setting the minimum NTLM protocol version required and if you aren't using the newer ntlm Go library then it will fail. Probably worth looking at. Thanks Jordan [1] - https://support.microsoft.com/en-us/help/942817/how-to-change-the-remote-uac-localaccounttokenfilterpolicy-registry-se [2] - https://github.com/hashicorp/packer/issues/6205 -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/cbe02f7b-3198-4657-b7d6-3feae5c1424e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
