2021-12-15 01:03:37 +01:00
|
|
|
---
|
2022-01-02 19:04:13 +01:00
|
|
|
- name: "Create Windows group 'Ansibles'"
|
2021-12-15 01:03:37 +01:00
|
|
|
ansible.windows.win_group:
|
2021-12-20 18:48:05 +01:00
|
|
|
name: 'Ansibles'
|
2021-12-15 01:03:37 +01:00
|
|
|
description: 'Group for Ansible Management'
|
|
|
|
|
state: present
|
|
|
|
|
|
2022-12-28 17:28:38 +01:00
|
|
|
- name: Fail if win_obs_init__password is unset
|
2022-01-02 19:04:13 +01:00
|
|
|
ansible.builtin.fail:
|
|
|
|
|
msg: "Please define a password for the user {{ win_base_init__created_user_name }} using 'win_base_init__created_user_password'!"
|
|
|
|
|
when: win_base_init__created_user_password == 'ChangeToSecurePassword'
|
|
|
|
|
|
2022-12-31 23:35:55 +01:00
|
|
|
- name: Create ansible User
|
|
|
|
|
ansible.windows.win_user:
|
|
|
|
|
name: "{{ win_base_init__created_user_name }}"
|
|
|
|
|
state: present
|
|
|
|
|
password: "{{ win_base_init__created_user_password }}"
|
|
|
|
|
account_disabled: false
|
|
|
|
|
description: 'Account to run ansible commands at this WINDOWS host'
|
|
|
|
|
groups_action: 'add'
|
|
|
|
|
password_expired: false
|
|
|
|
|
password_never_expires: true
|
|
|
|
|
user_cannot_change_password: true
|
|
|
|
|
groups: "{{ win_base_init__os_groups }}"
|
2023-01-01 04:15:42 +01:00
|
|
|
register: _user
|
|
|
|
|
|
|
|
|
|
- name: Set UAC to always notify
|
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
|
script: 'Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 5'
|
|
|
|
|
changed_when: _user.changed
|
