|
|
@ -131,3 +131,56 @@
|
|
|
|
that:
|
|
|
|
that:
|
|
|
|
- change_existing_string_again is not changed
|
|
|
|
- change_existing_string_again is not changed
|
|
|
|
- change_existing_string_again.value == "New Guest"
|
|
|
|
- change_existing_string_again.value == "New Guest"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: add policy setting
|
|
|
|
|
|
|
|
win_security_policy:
|
|
|
|
|
|
|
|
section: Privilege Rights
|
|
|
|
|
|
|
|
# following key is empty by default
|
|
|
|
|
|
|
|
key: SeCreateTokenPrivilege
|
|
|
|
|
|
|
|
# add Guests
|
|
|
|
|
|
|
|
value: '*S-1-5-32-546'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: get actual policy setting
|
|
|
|
|
|
|
|
test_win_security_policy:
|
|
|
|
|
|
|
|
section: Privilege Rights
|
|
|
|
|
|
|
|
key: SeCreateTokenPrivilege
|
|
|
|
|
|
|
|
register: add_policy_setting_actual
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: assert add policy setting
|
|
|
|
|
|
|
|
assert:
|
|
|
|
|
|
|
|
that:
|
|
|
|
|
|
|
|
- add_policy_setting_actual.value == '*S-1-5-32-546'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: remove policy setting
|
|
|
|
|
|
|
|
win_security_policy:
|
|
|
|
|
|
|
|
section: Privilege Rights
|
|
|
|
|
|
|
|
key: SeCreateTokenPrivilege
|
|
|
|
|
|
|
|
value: ''
|
|
|
|
|
|
|
|
diff: yes
|
|
|
|
|
|
|
|
register: remove_policy_setting
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: get actual policy setting
|
|
|
|
|
|
|
|
test_win_security_policy:
|
|
|
|
|
|
|
|
section: Privilege Rights
|
|
|
|
|
|
|
|
key: SeCreateTokenPrivilege
|
|
|
|
|
|
|
|
register: remove_policy_setting_actual
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: assert remove policy setting
|
|
|
|
|
|
|
|
assert:
|
|
|
|
|
|
|
|
that:
|
|
|
|
|
|
|
|
- remove_policy_setting is changed
|
|
|
|
|
|
|
|
- remove_policy_setting.diff.prepared == "[Privilege Rights]\n-SeCreateTokenPrivilege = *S-1-5-32-546\n+SeCreateTokenPrivilege = "
|
|
|
|
|
|
|
|
- remove_policy_setting_actual.value is none
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: remove policy setting again
|
|
|
|
|
|
|
|
win_security_policy:
|
|
|
|
|
|
|
|
section: Privilege Rights
|
|
|
|
|
|
|
|
key: SeCreateTokenPrivilege
|
|
|
|
|
|
|
|
value: ''
|
|
|
|
|
|
|
|
register: remove_policy_setting_again
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: assert remove policy setting again
|
|
|
|
|
|
|
|
assert:
|
|
|
|
|
|
|
|
that:
|
|
|
|
|
|
|
|
- remove_policy_setting_again is not changed
|
|
|
|
|
|
|
|
- remove_policy_setting_again.value == ''
|
|
|
|