30 lines
1.2 KiB
YAML
30 lines
1.2 KiB
YAML
---
|
|
- name: "Create Windows group 'Ansibles'"
|
|
ansible.windows.win_group:
|
|
name: 'Ansibles'
|
|
description: 'Group for Ansible Management'
|
|
state: present
|
|
|
|
- name: Fail if win_obs_init__password is unset
|
|
ansible.builtin.fail:
|
|
msg: "Please define a password for the user {{ win_base_init__created_user_name }} using 'win_base_init__created_user_password'!"
|
|
when: win_base_init__created_user_password == 'ChangeToSecurePassword'
|
|
|
|
- name: Create ansible User
|
|
ansible.windows.win_user:
|
|
name: "{{ win_base_init__created_user_name }}"
|
|
state: present
|
|
password: "{{ win_base_init__created_user_password }}"
|
|
account_disabled: false
|
|
description: 'Account to run ansible commands at this WINDOWS host'
|
|
groups_action: 'add'
|
|
password_expired: false
|
|
password_never_expires: true
|
|
user_cannot_change_password: true
|
|
groups: "{{ win_base_init__os_groups }}"
|
|
register: _user
|
|
|
|
- name: Set UAC to always notify
|
|
ansible.windows.win_powershell:
|
|
script: 'Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 5'
|
|
changed_when: _user.changed
|