diff --git a/lib/ansible/modules/extras/windows/win_acl.ps1 b/lib/ansible/modules/extras/windows/win_acl.ps1 index 3d8cd48df09..2fea8d30270 100644 --- a/lib/ansible/modules/extras/windows/win_acl.ps1 +++ b/lib/ansible/modules/extras/windows/win_acl.ps1 @@ -29,13 +29,22 @@ Function UserSearch { Param ([string]$AccountName) #Check if there's a realm specified - if ($AccountName.Split("\").count -gt 1) + + $searchDomain = $false + $searchDomainUPN = $false + $SearchAppPools = $false + if ($accountName.Split("\").count -gt 1) { - if ($AccountName.Split("\")[0] -eq $env:COMPUTERNAME) + if ($accountName.Split("\")[0] -eq $env:COMPUTERNAME) + { + + } + elseif ($accountName.Split("\")[0] -eq "IIS APPPOOL") { - $IsLocalAccount = $true + $SearchAppPools = $true + $accountName = $accountName.split("\")[1] } - Else + else { $IsDomainAccount = $true $IsUpn = $false @@ -53,9 +62,8 @@ Function UserSearch $accountname = $env:COMPUTERNAME + "\" + $AccountName $IsLocalAccount = $true } - - - if ($IsLocalAccount -eq $true) + + if (($searchDomain -eq $false) -and ($SearchAppPools -eq $false)) { # do not use Win32_UserAccount, because e.g. SYSTEM (BUILTIN\SYSTEM or COMPUUTERNAME\SYSTEM) will not be listed. on Win32_Account groups will be listed too $localaccount = get-wmiobject -class "Win32_Account" -namespace "root\CIMV2" -filter "(LocalAccount = True)" | where {$_.Caption -eq $AccountName} @@ -64,6 +72,20 @@ Function UserSearch return $localaccount.SID } } + Elseif ($SearchAppPools -eq $true) + { + Import-Module WebAdministration + $testiispath = Test-path "IIS:" + if ($testiispath -eq $false) + { + return $null + } + else + { + $apppoolobj = Get-ItemProperty IIS:\AppPools\$accountName + return $apppoolobj.applicationPoolSid + } + } ElseIf (($IsDomainAccount -eq $true) -and ($IsUpn -eq $false)) { #Search by samaccountname @@ -179,4 +201,4 @@ Catch { Fail-Json $result "an error occured when attempting to $state $rights permission(s) on $path for $user" } -Exit-Json $result \ No newline at end of file +Exit-Json $result diff --git a/lib/ansible/modules/extras/windows/win_acl.py b/lib/ansible/modules/extras/windows/win_acl.py index 89ec45c7e08..42cb91ce12a 100644 --- a/lib/ansible/modules/extras/windows/win_acl.py +++ b/lib/ansible/modules/extras/windows/win_acl.py @@ -29,7 +29,7 @@ module: win_acl version_added: "2.0" short_description: Set file/directory permissions for a system user or group. description: - - Add or remove rights/permissions for a given user or group for the specified src file or folder. + - Add or remove rights/permissions for a given user or group for the specified src file or folder. If adding ACL's for AppPool identities, the Windows "Feature Web-Scripting-Tools" must be enabled options: path: description: