How can win_acl be used to obtain the status of a file?
Bin Wang
want to obtain the ACL list of a file path through win_acl and then delete all users except for the three users: System, Administrators, and Service. However, it seems to be unsuccessful. So, I tried to get the JSON format using PowerShell commands and then import variables to execute.
- name: Get current ACL settings on the D
ansible.windows.win_shell: |
(Get-Acl -Path d:).Access | Where-Object {$.IdentityReference.Value -notmatch "Administrators|SYSTEM|SERVICE"}| Select-Object FileSystemRights, AccessControlType, IdentityReference | ForEach-Object {
$identityReference = $.IdentityReference -replace '\', ''
$jsonObj = @{
FileSystemRights = $.FileSystemRights.ToString()
AccessControlType = $.AccessControlType.ToString()
IdentityReference = $identityReference
}
$jsonObj | ConvertTo-Json
}
register: current_acl_settings
During the process of setting variables, special characters were escaped, which has troubled me for a long time.
}
Atul Nasir
ansible.windows.win_shell: |
$excludedUsers = @("Administrators", "SYSTEM", "SERVICE")
$aclSettings = (Get-Acl -Path D:).Access | Where-Object { $_.IdentityReference.Value -notin $excludedUsers } | ForEach-Object {
$identityReference = $_.IdentityReference.Value -replace '\\', ''
$jsonObj = @{
FileSystemRights = $_.FileSystemRights.ToString()
AccessControlType = $_.AccessControlType.ToString()
IdentityReference = $identityReference
}
$jsonObj | ConvertTo-Json -Depth 1
}
$aclSettings -join ","
register: current_acl_settings
- name: Debug ACL settings
debug:
var: current_acl_settings.stdout_lines