From 9b0dd5224be225be1981065e209ea6221ee4948f Mon Sep 17 00:00:00 2001 From: Jordan Borean Date: Tue, 20 Nov 2018 09:21:28 +1000 Subject: [PATCH] win_security_policy - add warning when using this module ot edit rights (#48850) --- changelogs/fragments/win_security_policy-rights.yaml | 2 ++ lib/ansible/modules/windows/win_security_policy.ps1 | 4 ++++ lib/ansible/modules/windows/win_security_policy.py | 2 ++ 3 files changed, 8 insertions(+) create mode 100644 changelogs/fragments/win_security_policy-rights.yaml diff --git a/changelogs/fragments/win_security_policy-rights.yaml b/changelogs/fragments/win_security_policy-rights.yaml new file mode 100644 index 0000000000..986004c3e4 --- /dev/null +++ b/changelogs/fragments/win_security_policy-rights.yaml @@ -0,0 +1,2 @@ +minor_changes: +- win_security_policy - warn users to use win_user_right instead when editing ``Privilege Rights`` diff --git a/lib/ansible/modules/windows/win_security_policy.ps1 b/lib/ansible/modules/windows/win_security_policy.ps1 index eaae4774cd..45734c15b7 100644 --- a/lib/ansible/modules/windows/win_security_policy.ps1 +++ b/lib/ansible/modules/windows/win_security_policy.ps1 @@ -134,6 +134,10 @@ Function ConvertFrom-Ini($file_path) { return $ini } +if ($section -eq "Privilege Rights") { + Add-Warning -obj $result -message "Using this module to edit rights and privileges is error-prone, use the win_user_right module instead" +} + $will_change = $false $secedit_ini = Export-SecEdit if (-not ($secedit_ini.ContainsKey($section))) { diff --git a/lib/ansible/modules/windows/win_security_policy.py b/lib/ansible/modules/windows/win_security_policy.py index 4f9b40eecd..6282ac54e2 100644 --- a/lib/ansible/modules/windows/win_security_policy.py +++ b/lib/ansible/modules/windows/win_security_policy.py @@ -36,6 +36,8 @@ options: - Example sections to use are 'Account Policies', 'Local Policies', 'Event Log', 'Restricted Groups', 'System Services', 'Registry' and 'File System' + - If wanting to edit the C(Privilege Rights) section, use the + M(win_user_right) module instead. required: yes key: description: