ansible.windows
ansible.windows copied to clipboard
win_reboot add new option for test user
SUMMARY
win_reboot does a test to verify the system has rebooted. under most circumstances this is great.
However domain policy can and local security policy can impact this. ie. local user was used before domain join. Domain Policy prevents local user logon. ie. the Administrator account was renamed to help comply with CIS standards. after reboot the user Administrator is no longer available.
The first of the two examples can be worked around by doing something like follows
- name: "Rename Administrator"
community.windows.win_security_policy:
section: System Access
key: NewAdministratorName
value: awesome_administrator
- name: Change Username to Domain Mapped Name
ansible.builtin.set_fact:
remote_user: awesome_administrator
ansible_user: awesome_administrator
when: ansible_user != 'awesome_administrator'
- name: Rebooting for name change
ansible.windows.win_reboot:
the second example however can be worked around with win_reboot. which means the option is to do something like follows
- name: no local accounts domain reboot
block:
- name: Reboot for retail
win_shell: |
Restart-Computer -Force
- name: Change Username to Domain Mapped Name
ansible.builtin.set_fact:
remote_user: "svc_account"
ansible_user: "svc_account"
- name: connect to retail system
win_shell: |
hostname
register: connect
retries: 25
delay: "{{ 40 | random(start=10) }}"
until: connect.rc = 0
when: domain == 'no_local_logons'
I am suggesting that a test_user option and maybe a test_password be added to the module to allow a user to handle username and password changes that can occur at reboot.
I feel that both of these workarounds while working are a pain and should be able to be handled by the win_reboot
module.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
win_reboot
ADDITIONAL INFORMATION
win_reboot:
test_user: username
test_password: password