@ -1,8 +1,16 @@
---
- name : Look up built-in Administrator account name (-500 user whose domain == computer name)
raw : $machine_sid = (Get-CimInstance Win32_UserAccount -Filter "Domain='$env:COMPUTERNAME'")[0].SID -replace '(S-1-5-21-\d+-\d+-\d+)-\d+', '$1'; (Get-CimInstance Win32_UserAccount -Filter "SID='$machine_sid-500'").Name
check_mode : no
register : admin_account_result
- set_fact:
admin_account_name : "{{ admin_account_result.stdout_lines[0] }}"
- name : fail to set invalid right
win_user_right:
name : FailRight
users : Administrator
users : '{{ admin_account_name }}'
register : fail_invalid_right
failed_when : fail_invalid_right.msg != 'the specified right FailRight is not a valid right'
@ -16,7 +24,7 @@
- name : remove from empty right check
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Administrators' ]
users : [ ' {{ admin_account_name }} ', 'Administrators' ]
action : remove
register : remove_empty_right_check
check_mode : yes
@ -31,7 +39,7 @@
- name : remove from empty right
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Administrators' ]
users : [ ' {{ admin_account_name }} ', 'Administrators' ]
action : remove
register : remove_empty_right
check_mode : yes
@ -46,7 +54,7 @@
- name : set administrator check
win_user_right:
name : '{{test_win_user_right_name}}'
users : Administrator
users : '{{ admin_account_name }}'
action : set
register : set_administrator_check
check_mode : yes
@ -60,14 +68,14 @@
assert:
that:
- set_administrator_check is changed
- set_administrator_check.added == [ "{{ansible_hostname}}\\Administrator" ]
- set_administrator_check.added == [ '{{ansible_hostname}}\{{ admin_account_name }}' ]
- set_administrator_check.removed == []
- set_administrator_actual_check.users == []
- name : set administrator
win_user_right:
name : '{{test_win_user_right_name}}'
users : Administrator
users : '{{ admin_account_name }}'
action : set
register : set_administrator
@ -80,14 +88,14 @@
assert:
that:
- set_administrator is changed
- set_administrator.added == [ "{{ansible_hostname}}\\Administrator" ]
- set_administrator.added == [ '{{ansible_hostname}}\{{ admin_account_name }}' ]
- set_administrator.removed == []
- set_administrator_actual.users == [' Administrator ']
- set_administrator_actual.users == [' {{ admin_account_name }} ']
- name : set administrator again
win_user_right:
name : '{{test_win_user_right_name}}'
users : Administrator
users : '{{ admin_account_name }}'
action : set
register : set_administrator_again
@ -101,7 +109,7 @@
- name : remove from right check
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Guests' , '{{ansible_hostname}}\Users' , '.\Backup Operators' ]
users : [ ' {{ admin_account_name }} ', 'Guests' , '{{ansible_hostname}}\Users' , '.\Backup Operators' ]
action : remove
register : remove_right_check
check_mode : yes
@ -115,14 +123,14 @@
assert:
that:
- remove_right_check is changed
- remove_right_check.removed == [ "{{ansible_hostname}}\\Administrator" ]
- remove_right_check.removed == [ '{{ansible_hostname}}\{{ admin_account_name }}' ]
- remove_right_check.added == []
- remove_right_actual_check.users == [' Administrator ']
- remove_right_actual_check.users == [' {{ admin_account_name }} ']
- name : remove from right
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Guests' , '{{ansible_hostname}}\Users' , '.\Backup Operators' ]
users : [ ' {{ admin_account_name }} ', 'Guests' , '{{ansible_hostname}}\Users' , '.\Backup Operators' ]
action : remove
register : remove_right
@ -135,14 +143,14 @@
assert:
that:
- remove_right is changed
- remove_right.removed == [ "{{ansible_hostname}}\\Administrator" ]
- remove_right.removed == [ '{{ansible_hostname}}\{{ admin_account_name }}' ]
- remove_right.added == []
- remove_right_actual.users == []
- name : remove from right again
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Guests' , '{{ansible_hostname}}\Users' , '.\Backup Operators' ]
users : [ ' {{ admin_account_name }} ', 'Guests' , '{{ansible_hostname}}\Users' , '.\Backup Operators' ]
action : remove
register : remove_right_again
@ -156,7 +164,7 @@
- name : add to empty right check
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Administrators' ]
users : [ ' {{ admin_account_name }} ', 'Administrators' ]
action : add
register : add_right_on_empty_check
check_mode : yes
@ -171,13 +179,13 @@
that:
- add_right_on_empty_check is changed
- add_right_on_empty_check.removed == []
- add_right_on_empty_check.added == [ "{{ansible_hostname}}\\Administrator" , "BUILTIN\\Administrators"]
- add_right_on_empty_check.added == [ '{{ansible_hostname}}\{{ admin_account_name }}' , "BUILTIN\\Administrators"]
- add_right_on_empty_actual_check.users == []
- name : add to empty right
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Administrators' ]
users : [ ' {{ admin_account_name }} ', 'Administrators' ]
action : add
register : add_right_on_empty
@ -191,13 +199,13 @@
that:
- add_right_on_empty is changed
- add_right_on_empty.removed == []
- add_right_on_empty.added == ["{{ansible_hostname}}\\ Administrator ", "BUILTIN\\Administrators"]
- add_right_on_empty_actual.users == [" Administrator ", "BUILTIN\\Administrators"]
- add_right_on_empty.added == ["{{ansible_hostname}}\\ {{ admin_account_name }} ", "BUILTIN\\Administrators"]
- add_right_on_empty_actual.users == [" {{ admin_account_name }} ", "BUILTIN\\Administrators"]
- name : add to empty right again
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Administrators' ]
users : [ ' {{ admin_account_name }} ', 'Administrators' ]
action : add
register : add_right_on_empty_again
@ -211,7 +219,7 @@
- name : add to existing right check
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Guests' , '{{ansible_hostname}}\Users' ]
users : [ ' {{ admin_account_name }} ', 'Guests' , '{{ansible_hostname}}\Users' ]
action : add
register : add_right_on_existing_check
check_mode : yes
@ -227,12 +235,12 @@
- add_right_on_existing_check is changed
- add_right_on_existing_check.removed == []
- add_right_on_existing_check.added == ["BUILTIN\\Guests", "BUILTIN\\Users"]
- add_right_on_existing_actual_check.users == [" Administrator ", "BUILTIN\\Administrators"]
- add_right_on_existing_actual_check.users == [" {{ admin_account_name }} ", "BUILTIN\\Administrators"]
- name : add to existing right
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Guests' , '{{ansible_hostname}}\Users' ]
users : [ ' {{ admin_account_name }} ', 'Guests' , '{{ansible_hostname}}\Users' ]
action : add
register : add_right_on_existing
@ -247,12 +255,12 @@
- add_right_on_existing is changed
- add_right_on_existing.removed == []
- add_right_on_existing.added == ["BUILTIN\\Guests", "BUILTIN\\Users"]
- add_right_on_existing_actual.users == [" Administrator ", "BUILTIN\\Administrators", "BUILTIN\\Users", "BUILTIN\\Guests"]
- add_right_on_existing_actual.users == [" {{ admin_account_name }} ", "BUILTIN\\Administrators", "BUILTIN\\Users", "BUILTIN\\Guests"]
- name : add to existing right again
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ ' Administrator ', 'Guests' , '{{ansible_hostname}}\Users' ]
users : [ ' {{ admin_account_name }} ', 'Guests' , '{{ansible_hostname}}\Users' ]
action : add
register : add_right_on_existing_again
@ -266,7 +274,7 @@
- name : remove from existing check
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ 'Guests' , ' Administrator ']
users : [ 'Guests' , ' {{ admin_account_name }} ']
action : remove
register : remove_on_existing_check
check_mode : yes
@ -280,14 +288,14 @@
assert:
that:
- remove_on_existing_check is changed
- remove_on_existing_check.removed == ["BUILTIN\\Guests", "{{ansible_hostname}}\\ Administrator "]
- remove_on_existing_check.removed == ["BUILTIN\\Guests", "{{ansible_hostname}}\\ {{ admin_account_name }} "]
- remove_on_existing_check.added == []
- remove_on_existing_actual_check.users == [" Administrator ", "BUILTIN\\Administrators", "BUILTIN\\Users", "BUILTIN\\Guests"]
- remove_on_existing_actual_check.users == [" {{ admin_account_name }} ", "BUILTIN\\Administrators", "BUILTIN\\Users", "BUILTIN\\Guests"]
- name : remove from existing
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ 'Guests' , ' Administrator ']
users : [ 'Guests' , ' {{ admin_account_name }} ']
action : remove
register : remove_on_existing
@ -300,14 +308,14 @@
assert:
that:
- remove_on_existing is changed
- remove_on_existing.removed == ["BUILTIN\\Guests", "{{ansible_hostname}}\\ Administrator "]
- remove_on_existing.removed == ["BUILTIN\\Guests", "{{ansible_hostname}}\\ {{ admin_account_name }} "]
- remove_on_existing.added == []
- remove_on_existing_actual.users == ["BUILTIN\\Administrators", "BUILTIN\\Users"]
- name : remove from existing again
win_user_right:
name : '{{test_win_user_right_name}}'
users : [ 'Guests' , ' Administrator ']
users : [ 'Guests' , ' {{ admin_account_name }} ']
action : remove
register : remove_on_existing_again