win_ansible_role_sshd/files/admin_ssh_acl.ps1

# Ansible Managed
# set acl on administrators_authorized_keys
$admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value
$acl = Get-Acl $Env:ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule($admins,"FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl

[System.IO.Directory]::CreateDirectory('.ansible\status')
attrib +h .ansible
Add-Content -Path .ansible\status\admin_ssh_acl.txt -Value "PS2 upgrades to PS3. See https://backwesen.de/voc/win_ansible_role_sshd.git"
improve idempotence 2022-12-29 18:38:33 +01:00			`# Ansible Managed`
			`# set acl on administrators_authorized_keys`
			`$admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value`
			`$acl = Get-Acl $Env:ProgramData\ssh\administrators_authorized_keys`
			`$acl.SetAccessRuleProtection($true, $false)`
			`$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule($admins,"FullControl","Allow")`
			`$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")`
			`$acl.SetAccessRule($administratorsRule)`
			`$acl.SetAccessRule($systemRule)`
			`$acl \| Set-Acl`

			`[System.IO.Directory]::CreateDirectory('.ansible\status')`
			`attrib +h .ansible`
ssh key optimisation 2022-12-31 16:43:37 +01:00			`Add-Content -Path .ansible\status\admin_ssh_acl.txt -Value "PS2 upgrades to PS3. See https://backwesen.de/voc/win_ansible_role_sshd.git"`