- name: Get current ACL settings on the D drive ansible.windows.win_shell: | $excludedUsers = @("Administrators", "SYSTEM", "SERVICE") $aclSettings = (Get-Acl -Path D:).Access | Where-Object { $_.IdentityReference.Value -notin $excludedUsers } | ForEach-Object { $identityReference = $_.IdentityReference.Value -replace '\\', '' $jsonObj = @{ FileSystemRights = $_.FileSystemRights.ToString() AccessControlType = $_.AccessControlType.ToString() IdentityReference = $identityReference } $jsonObj | ConvertTo-Json -Depth 1 } $aclSettings -join "," register: current_acl_settings
- name: Debug ACL settings debug: var: current_acl_settings.stdout_lines On Tuesday, March 21, 2023 at 6:29:34 AM UTC-7 Bin Wang wrote: > want to obtain the ACL list of a file path through win_acl and then > delete all users except for the three users: System, Administrators, and > Service. However, it seems to be unsuccessful. So, I tried to get the JSON > format using PowerShell commands and then import variables to execute. > - name: Get current ACL settings on the D > ansible.windows.win_shell: | > (Get-Acl -Path d:).Access | Where-Object {$ > *.IdentityReference.Value -notmatch "Administrators|SYSTEM|SERVICE"}| > Select-Object FileSystemRights, AccessControlType, IdentityReference | > ForEach-Object {$identityReference = $*.IdentityReference -replace '\', '' > $jsonObj = @{ > FileSystemRights = $ > *.FileSystemRights.ToString()AccessControlType = $* > .AccessControlType.ToString() > IdentityReference = $identityReference > } > $jsonObj | ConvertTo-Json > } > register: current_acl_settings > - name: debug: var: current_acl_settings.stdout_lines > > During the process of setting variables, special characters were escaped, > which has troubled me for a long time. > ok: [43.248.136.219] => { "acl_settings": [ "{", " \"AccessControlType\": > \"Allow\",", " \"IdentityReference\": \"CREATOR OWNER\",", " > \"FileSystemRights\": \"FullControl\"", "}", "{", " \"AccessControlType\": > \"Allow\",", " \"IdentityReference\": \"BUILTIN\\\\Users\",", " > \"FileSystemRights\": \"AppendData\"", "}", "{", " \"AccessControlType\": > \"Allow\",", " \"IdentityReference\": \"BUILTIN\\\\Users\",", " > \"FileSystemRights\": \"CreateFiles\"", "}" ] > > } > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/01a02f39-17fd-4f71-9cc8-ef3bd5c4742fn%40googlegroups.com.