Change Windows 'administrator' password upon first login of a new VM
145 views
Skip to first unread message
Terry Lemons
Jun 21, 2023, 8:37:50 AM6/21/23
to Ansible Project
Hi - my team has an Ansible automation that deploys and configures a new Windows Server system in our vSphere-based lab environment. It uses govc to deploy an .ova created within our company that has a secure password for the 'administrator' account, and the 'administrator' account is set to force a password change on first login. I want to automate the password change in our Ansible workflow. After ova deployment, the network settings have not yet been applied.
I've tried using the vmware_vm_shell module with these values:
- name: "Set new administrator account password"
local_action:
module: vmware_vm_shell
hostname: "{{ management_vcenter_ip }}"
username: "{{ management_vcenter_user }}"
password: "{{ management_vcenter_password }}"
validate_certs: False
datacenter: "{{ datacenter }}"
vm_id: "{{ vm_name }}"
vm_username: "{{ vm_admin }}"
vm_password: "{{ vm_password }}"
vm_shell: "C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe"
vm_shell_args: " -command Set-LocalUser -Name administrator -Password {{vm_new_password}}"
vm_shell_cwd: "C:\\Windows\\Temp"
- name: "Set new administrator account password"
local_action:
module: vmware_vm_shell
hostname: "{{ management_vcenter_ip }}"
username: "{{ management_vcenter_user }}"
password: "{{ management_vcenter_password }}"
validate_certs: False
datacenter: "{{ datacenter }}"
vm_id: "{{ vm_name }}"
vm_username: "{{ vm_admin }}"
vm_password: "{{ vm_password }}"
vm_shell: "C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe"
vm_shell_args: " -command Set-LocalUser -Name administrator -Password {{vm_new_password}}"
vm_shell_cwd: "C:\\Windows\\Temp"
but am seeing this unhelpful response:
TASK [deploy-windowssql : Set new administrator account password] ***************************************************************************************************************************
fatal: [ldpdd192.hop.lab.emc.com -> localhost]: FAILED! => {"changed": false, "msg": "A general system error occurred: vix error codes = (1, 0).\n"}
fatal: [ldpdd192.hop.lab.emc.com -> localhost]: FAILED! => {"changed": false, "msg": "A general system error occurred: vix error codes = (1, 0).\n"}
Am I using vmware_vm_shell or the Powershell Set-LocalUser command incorrectly? Or is there a better way to change the 'administrator' password on a VM that is running but is not yet network-accessible?
Thanks!
Terry Lemons
Jul 5, 2023, 1:23:46 PM7/5/23
to Ansible Project
I've spent more hours on this, and I think a cleaner way to change the password of the administrator account is by using the command:
net user administrator 'password'
but I'm having trouble with getting this command to work. I think the problem is with the 'vm_shell' value, as I'm not sure which shell to use.
Thoughts?
Thanks
tl
Terry Lemons
Aug 3, 2023, 9:43:30 AM8/3/23
to Ansible Project
A colleague helped me with the knowledge that the customization 'existing_vm' key needed to be provide with a value of True, and the 'state' key needed a value of 'present'. The module below does set the 'administrator' password when the account is set for 'change password on first login':
community.vmware.vmware_guest:
hostname: "{{ management_vcenter_ip }}"
username: "{{ management_vcenter_user }}"
password: "{{ management_vcenter_password }}"
cluster: "{{ cluster }}"
name: "{{ vm_name }}"
state: present
networks:
- name: "{{ vm_network }}"
validate_certs: False
wait_for_customization: true
wait_for_ip_address: true
customization:
password: "{{ vm_password }}"
existing_vm: True
delegate_to: localhost
Reply all
Reply to author
Forward
0 new messages