[ansible-project] Re: How can win_acl be used to obtain the status of a file?

[Atul Nasir]

- name: Get current ACL settings on the D drive
  ansible.windows.win_shell: |
    $excludedUsers = @("Administrators", "SYSTEM", "SERVICE")
    $aclSettings = (Get-Acl -Path D:).Access | Where-Object { 
$_.IdentityReference.Value -notin $excludedUsers } | ForEach-Object {
      $identityReference = $_.IdentityReference.Value -replace '\\', ''
      $jsonObj = @{
        FileSystemRights = $_.FileSystemRights.ToString()
        AccessControlType = $_.AccessControlType.ToString()
        IdentityReference = $identityReference
      }
      $jsonObj | ConvertTo-Json -Depth 1
    }
    $aclSettings -join ","
  register: current_acl_settings

- name: Debug ACL settings
  debug:    
    var: current_acl_settings.stdout_lines

On Tuesday, March 21, 2023 at 6:29:34 AM UTC-7 Bin Wang wrote:

>  want to obtain the ACL list of a file path through win_acl and then 
> delete all users except for the three users: System, Administrators, and 
> Service. However, it seems to be unsuccessful. So, I tried to get the JSON 
> format using PowerShell commands and then import variables to execute.
> - name: Get current ACL settings on the D
> ansible.windows.win_shell: |
> (Get-Acl -Path d:).Access | Where-Object {$
> *.IdentityReference.Value -notmatch "Administrators|SYSTEM|SERVICE"}| 
> Select-Object FileSystemRights, AccessControlType, IdentityReference | 
> ForEach-Object {$identityReference = $*.IdentityReference -replace '\', ''
> $jsonObj = @{
> FileSystemRights = $
> *.FileSystemRights.ToString()AccessControlType = $*
> .AccessControlType.ToString()
> IdentityReference = $identityReference
> }
> $jsonObj | ConvertTo-Json
> }
> register: current_acl_settings
> - name: debug: var: current_acl_settings.stdout_lines 
>
> During the process of setting variables, special characters were escaped, 
> which has troubled me for a long time.
> ok: [43.248.136.219] => { "acl_settings": [ "{", " \"AccessControlType\": 
> \"Allow\",", " \"IdentityReference\": \"CREATOR OWNER\",", " 
> \"FileSystemRights\": \"FullControl\"", "}", "{", " \"AccessControlType\": 
> \"Allow\",", " \"IdentityReference\": \"BUILTIN\\\\Users\",", " 
> \"FileSystemRights\": \"AppendData\"", "}", "{", " \"AccessControlType\": 
> \"Allow\",", " \"IdentityReference\": \"BUILTIN\\\\Users\",", " 
> \"FileSystemRights\": \"CreateFiles\"", "}" ] 
>
> }
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/01a02f39-17fd-4f71-9cc8-ef3bd5c4742fn%40googlegroups.com.