win_acl no longer needs SeSecurityPrivilege (#57804) (#64757)

* win_acl no longer needs SeSecurityPrivilege Set-ACL raises missing SeSecurityPrivilege error when the inheritance from the parent directory is disabled. * fixes test sanity * registry rights can only be modified with Set-ACL * add changelog (cherry picked from commit 95d613f3ab)
6 years ago · 39f83ce38c
parent 59f417c469
commit 39f83ce38c
2 changed files with 12 additions and 2 deletions
--- a/changelogs/fragments/57804-win_acl-no-longer-needs-SeSecurityPrivilege.yml
+++ b/changelogs/fragments/57804-win_acl-no-longer-needs-SeSecurityPrivilege.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - win_acl - Fixed error when setting rights on directory for which inheritance from parent directory has been disabled.
--- a/lib/ansible/modules/windows/win_acl.ps1
+++ b/lib/ansible/modules/windows/win_acl.ps1
@ -188,7 +188,11 @@ Try {
    If ($state -eq "present" -And $match -eq $false) {
        Try {
            $objACL.AddAccessRule($objACE)
-            Set-ACL -LiteralPath $path -AclObject $objACL
+            If ($path_item.PSProvider.Name -eq "Registry") {
+                Set-ACL -LiteralPath $path -AclObject $objACL
+            } else {
+                (Get-Item -LiteralPath $path).SetAccessControl($objACL)
+            }
            $result.changed = $true
        }
        Catch {
@ -198,7 +202,11 @@ Try {
    ElseIf ($state -eq "absent" -And $match -eq $true) {
        Try {
            $objACL.RemoveAccessRule($objACE)
-            Set-ACL -LiteralPath $path -AclObject $objACL
+            If ($path_item.PSProvider.Name -eq "Registry") {
+                Set-ACL -LiteralPath $path -AclObject $objACL
+            } else {
+                (Get-Item -LiteralPath $path).SetAccessControl($objACL)
+            }
            $result.changed = $true
        }
        Catch {