voc/win_ansible_role_sshd
1
0
Fork 0
Code Issues Pull requests Releases Activity
win_ansible_role_sshd/files/admin_ssh_acl.ps1
L3D 73b553633b
improve idempotence
2022-12-29 18:38:33 +01:00

14 lines
828 B
PowerShell
Raw Blame History

# Ansible Managed
# set acl on administrators_authorized_keys
$admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value
$acl = Get-Acl $Env:ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule($admins,"FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
[System.IO.Directory]::CreateDirectory('.ansible\status')
attrib +h .ansible
Add-Content -Path .ansible\status\admin_ssh_acl.txt -Value "PS2 upgrades to PS3. See https://backwesen.de/voc/win_ansible_role_winrm.git"
Reference in a new issue View git blame Copy permalink