--- - name: "Create Windows group 'Ansibles'" ansible.windows.win_group: name: 'Ansibles' description: 'Group for Ansible Management' state: present - name: Fail if win_obs_init__password is unset ansible.builtin.fail: msg: "Please define a password for the user {{ win_base_init__created_user_name }} using 'win_base_init__created_user_password'!" when: win_base_init__created_user_password == 'ChangeToSecurePassword' - name: Create ansible User ansible.windows.win_user: name: "{{ win_base_init__created_user_name }}" state: present password: "{{ win_base_init__created_user_password }}" account_disabled: false description: 'Account to run ansible commands at this WINDOWS host' groups_action: 'add' password_expired: false password_never_expires: true user_cannot_change_password: true groups: "{{ win_base_init__os_groups }}" register: _user - name: Set UAC to always notify ansible.windows.win_powershell: script: 'Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 5' changed_when: _user.changed