4d3ebd65db
* win_auto_logon - check, diff and store pass in LSA * Ensure baseline keys are set for test * Skip remove item prop on check mode due to win bug * Start at a cleared baseline to ensure old LSA secrets are cleared
42 lines
1.2 KiB
YAML
42 lines
1.2 KiB
YAML
---
|
|
- name: get user domain split for ansible_user
|
|
win_shell: |
|
|
$account = New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList '{{ ansible_user }}'
|
|
$sid = $account.Translate([System.Security.Principal.SecurityIdentifier])
|
|
$sid.Translate([System.Security.Principal.NTAccount]).Value -split '{{ "\\" }}'
|
|
changed_when: False
|
|
register: test_user_split
|
|
|
|
- set_fact:
|
|
test_domain: '{{ test_user_split.stdout_lines[0] }}'
|
|
test_user: '{{ test_user_split.stdout_lines[1] }}'
|
|
|
|
- name: ensure auto logon is cleared before test
|
|
win_auto_logon:
|
|
state: absent
|
|
|
|
- name: ensure defaults are set
|
|
win_regedit:
|
|
path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
|
name: '{{ item.name }}'
|
|
data: '{{ item.value }}'
|
|
type: '{{ item.type }}'
|
|
state: present
|
|
loop:
|
|
# We set the DefaultPassword to ensure win_auto_logon clears this out
|
|
- name: DefaultPassword
|
|
value: abc
|
|
type: string
|
|
# Ensures the host we test on has a baseline key to check against
|
|
- name: AutoAdminLogon
|
|
value: 0
|
|
type: dword
|
|
|
|
- block:
|
|
- name: run tests
|
|
include_tasks: tests.yml
|
|
|
|
always:
|
|
- name: make sure the auto logon is cleared
|
|
win_auto_logon:
|
|
state: absent
|