cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Wrap Get-MachineSid's body in a try/catch

Browse source 
It's not critical information and there's been a number of issues over
the years with trying to retrieve it. If an exception is thrown just
return null.

Fixes: #47813
This commit is contained in:
Michael Letterle 2019-06-27 22:06:41 -04:00 committed by ansibot
parent 42c43a2822
commit b8a41a90b8
1 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
lib/ansible/modules/windows/setup.ps1
View file

@ -29,22 +29,28 @@ Function Get-MachineSid {
# only accessible by the Local System account. This method get's the local
# admin account (ends with -500) and lops it off to get the machine sid.
$admins_sid = "S-1-5-32-544"
$machine_sid = $null
try {
$admins_sid = "S-1-5-32-544"
$admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
$groups = $searcher.FindOne()
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
$groups = $searcher.FindOne()
$machine_sid = $null
foreach ($user in $groups.Members) {
$user_sid = $user.Sid
if ($user_sid.Value.EndsWith("-500")) {
$machine_sid = $user_sid.AccountDomainSid.Value
break
foreach ($user in $groups.Members) {
$user_sid = $user.Sid
if ($user_sid.Value.EndsWith("-500")) {
$machine_sid = $user_sid.AccountDomainSid.Value
break
}
}
} catch {
#can fail for any number of reasons, if it does just return the original null
Add-Warning -obj $result -message "Error during machine sid retrieval: $($_.Exception.Message)"
}
return $machine_sid