Ansible Windows ACL
up vote
0
down vote
favorite
Using Ansible 2.7, I want to change ACL for a particular Windows folder, if it exists.
Here the code I use :
- name: check that folder exists
win_stat:
path: C:Program Files (x86)MyFolder
register: folderPresent
- name: cut ACL inheritance and copy existing ones
win_acl_inheritance:
path: C:Program Files (x86)MyFolder
state: absent
reorganize: yes
when: folderPresent.stat.exists
- name: Add write right for authenticated users
win_acl:
path: C:Program Files (x86)MyFolder
user: ThisMachineUtilisateurs
rights: Write
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'InheritOnly'
when: folderPresent.stat.exists
The problem occurs with the win_acl command. I get : "an error occurred when attempting to present Write permission(s) on C:Program Files (x86)MyFolder", followed by a french nessage "Impossible de traduire certaines ou toutes les références d'identité." (that translates to impossible to translate some or all identity references).
The Windows machines I am dealing with are installed in French, so my assumption is that I am not specifying the ACL target user correctly.
So far I have tried many variations for the "user" parameter for the win_acl command :
- ThisMachineUtilisateurs
- BUILTINUtilisateurs
- ThisMachineUsers
- S-1-5-32-545
- ...
But none of them works...
windows ansible acl
asked Nov 7 at 13:43
M-Jack
1014
add a comment |
up vote
0
down vote
favorite
Using Ansible 2.7, I want to change ACL for a particular Windows folder, if it exists.
Here the code I use :
- name: check that folder exists
win_stat:
path: C:Program Files (x86)MyFolder
register: folderPresent
- name: cut ACL inheritance and copy existing ones
win_acl_inheritance:
path: C:Program Files (x86)MyFolder
state: absent
reorganize: yes
when: folderPresent.stat.exists
- name: Add write right for authenticated users
win_acl:
path: C:Program Files (x86)MyFolder
user: ThisMachineUtilisateurs
rights: Write
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'InheritOnly'
when: folderPresent.stat.exists
The problem occurs with the win_acl command. I get : "an error occurred when attempting to present Write permission(s) on C:Program Files (x86)MyFolder", followed by a french nessage "Impossible de traduire certaines ou toutes les références d'identité." (that translates to impossible to translate some or all identity references).
The Windows machines I am dealing with are installed in French, so my assumption is that I am not specifying the ACL target user correctly.
So far I have tried many variations for the "user" parameter for the win_acl command :
- ThisMachineUtilisateurs
- BUILTINUtilisateurs
- ThisMachineUsers
- S-1-5-32-545
- ...
But none of them works...
windows ansible acl
asked Nov 7 at 13:43
M-Jack
1014
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Using Ansible 2.7, I want to change ACL for a particular Windows folder, if it exists.
Here the code I use :
- name: check that folder exists
win_stat:
path: C:Program Files (x86)MyFolder
register: folderPresent
- name: cut ACL inheritance and copy existing ones
win_acl_inheritance:
path: C:Program Files (x86)MyFolder
state: absent
reorganize: yes
when: folderPresent.stat.exists
- name: Add write right for authenticated users
win_acl:
path: C:Program Files (x86)MyFolder
user: ThisMachineUtilisateurs
rights: Write
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'InheritOnly'
when: folderPresent.stat.exists
The problem occurs with the win_acl command. I get : "an error occurred when attempting to present Write permission(s) on C:Program Files (x86)MyFolder", followed by a french nessage "Impossible de traduire certaines ou toutes les références d'identité." (that translates to impossible to translate some or all identity references).
The Windows machines I am dealing with are installed in French, so my assumption is that I am not specifying the ACL target user correctly.
So far I have tried many variations for the "user" parameter for the win_acl command :
- ThisMachineUtilisateurs
- BUILTINUtilisateurs
- ThisMachineUsers
- S-1-5-32-545
- ...
But none of them works...
windows ansible acl
asked Nov 7 at 13:43
M-Jack
1014
Using Ansible 2.7, I want to change ACL for a particular Windows folder, if it exists.
Here the code I use :
- name: check that folder exists
win_stat:
path: C:Program Files (x86)MyFolder
register: folderPresent
- name: cut ACL inheritance and copy existing ones
win_acl_inheritance:
path: C:Program Files (x86)MyFolder
state: absent
reorganize: yes
when: folderPresent.stat.exists
- name: Add write right for authenticated users
win_acl:
path: C:Program Files (x86)MyFolder
user: ThisMachineUtilisateurs
rights: Write
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'InheritOnly'
when: folderPresent.stat.exists
The problem occurs with the win_acl command. I get : "an error occurred when attempting to present Write permission(s) on C:Program Files (x86)MyFolder", followed by a french nessage "Impossible de traduire certaines ou toutes les références d'identité." (that translates to impossible to translate some or all identity references).
The Windows machines I am dealing with are installed in French, so my assumption is that I am not specifying the ACL target user correctly.
So far I have tried many variations for the "user" parameter for the win_acl command :
- ThisMachineUtilisateurs
- BUILTINUtilisateurs
- ThisMachineUsers
- S-1-5-32-545
- ...
But none of them works...
windows ansible acl
windows ansible acl
asked Nov 7 at 13:43
M-Jack
1014
asked Nov 7 at 13:43
M-Jack
1014
asked Nov 7 at 13:43
M-Jack
1014
asked Nov 7 at 13:43
M-Jack
1014
asked Nov 7 at 13:43
M-Jack
1014
1014
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
An Ansible bug affect win_acl when dealing with folders such as :
- c:Program Files
- c:Program Files (x86)
- c:Windows
So the workaround that worked for me was to use a Windows command instead of the Ansible win_acl module :
win_shell: icacls 'C:/Program Files (x86)/MyFolder/' /grant '*S-1-5-11:(OI)(CI)F' /T
Where :
'C:/Program Files (x86)/MyFolder/'target folder, using / and not , surrounded with quoted because of the spaces inside
*S-1-5-1a well-known Windows SID for Authenticated Users, the star starts an SID instead of a group or a user name (I was not able here to use anything else than an SID)
(OI)(CI): propagates inheritance to both files and folders
/T: do it recursively on sub-folders
answered Nov 7 at 16:09
M-Jack
1014
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
An Ansible bug affect win_acl when dealing with folders such as :
- c:Program Files
- c:Program Files (x86)
- c:Windows
So the workaround that worked for me was to use a Windows command instead of the Ansible win_acl module :
win_shell: icacls 'C:/Program Files (x86)/MyFolder/' /grant '*S-1-5-11:(OI)(CI)F' /T
Where :
'C:/Program Files (x86)/MyFolder/'target folder, using / and not , surrounded with quoted because of the spaces inside
*S-1-5-1a well-known Windows SID for Authenticated Users, the star starts an SID instead of a group or a user name (I was not able here to use anything else than an SID)
(OI)(CI): propagates inheritance to both files and folders
/T: do it recursively on sub-folders
answered Nov 7 at 16:09
M-Jack
1014
add a comment |
up vote
0
down vote
An Ansible bug affect win_acl when dealing with folders such as :
- c:Program Files
- c:Program Files (x86)
- c:Windows
So the workaround that worked for me was to use a Windows command instead of the Ansible win_acl module :
win_shell: icacls 'C:/Program Files (x86)/MyFolder/' /grant '*S-1-5-11:(OI)(CI)F' /T
Where :
'C:/Program Files (x86)/MyFolder/'target folder, using / and not , surrounded with quoted because of the spaces inside
*S-1-5-1a well-known Windows SID for Authenticated Users, the star starts an SID instead of a group or a user name (I was not able here to use anything else than an SID)
(OI)(CI): propagates inheritance to both files and folders
/T: do it recursively on sub-folders
answered Nov 7 at 16:09
M-Jack
1014
add a comment |
up vote
0
down vote
up vote
0
down vote
An Ansible bug affect win_acl when dealing with folders such as :
- c:Program Files
- c:Program Files (x86)
- c:Windows
So the workaround that worked for me was to use a Windows command instead of the Ansible win_acl module :
win_shell: icacls 'C:/Program Files (x86)/MyFolder/' /grant '*S-1-5-11:(OI)(CI)F' /T
Where :
'C:/Program Files (x86)/MyFolder/'target folder, using / and not , surrounded with quoted because of the spaces inside
*S-1-5-1a well-known Windows SID for Authenticated Users, the star starts an SID instead of a group or a user name (I was not able here to use anything else than an SID)
(OI)(CI): propagates inheritance to both files and folders
/T: do it recursively on sub-folders
answered Nov 7 at 16:09
M-Jack
1014
An Ansible bug affect win_acl when dealing with folders such as :
- c:Program Files
- c:Program Files (x86)
- c:Windows
So the workaround that worked for me was to use a Windows command instead of the Ansible win_acl module :
win_shell: icacls 'C:/Program Files (x86)/MyFolder/' /grant '*S-1-5-11:(OI)(CI)F' /T
Where :
'C:/Program Files (x86)/MyFolder/'target folder, using / and not , surrounded with quoted because of the spaces inside
*S-1-5-1a well-known Windows SID for Authenticated Users, the star starts an SID instead of a group or a user name (I was not able here to use anything else than an SID)
(OI)(CI): propagates inheritance to both files and folders
/T: do it recursively on sub-folders
answered Nov 7 at 16:09
M-Jack
1014
answered Nov 7 at 16:09
M-Jack
1014
answered Nov 7 at 16:09
M-Jack
1014
answered Nov 7 at 16:09
M-Jack
1014
1014
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53190678%2fansible-windows-acl%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
