only fail if the group sids fail to resolve and we actually have to add a user

Author: busterb

modules/post/windows/manage/enable_rdp.rb

@@ -107,12 +107,7 @@ def enabletssrv(cleanup_rc)
     end
   end
 
-
-
   def addrdpusr(username, password,cleanup_rc)
-    rdu = resolve_sid("S-1-5-32-555")[:name]
-    admin = resolve_sid("S-1-5-32-544")[:name]
-
     print_status "Setting user account for logon"
     print_status "\tAdding User: #{username} with Password: #{password}"
     begin
@@ -121,6 +116,19 @@ def addrdpusr(username, password,cleanup_rc)
         return
       end
 
+      rdu_sid = resolve_sid("S-1-5-32-555")
+      admin_sid = resolve_sid("S-1-5-32-544")
+
+      if !rdu_sid[:mapped] || !admin_sid[:mapped]
+        print_error("\tThe Remote Desktop Users group is not mapped") if !rdu_sid[:mapped]
+        print_error("\tThe Administrators group is not mapped") if !admin_sid[:mapped]
+        print_error("\tNot adding user #{username}")
+        return
+      end
+
+      rdu = rdu_sid[:name]
+      admin = admin_sid[:name]
+
       user_added = false
       addusr_out = cmd_exec("cmd.exe", "/c net user #{username} #{password} /add")