Changing Registry key owner in Ansible

Is there a way in Ansible to change registry key ownership? win_acl doesn’t cover it

I’m running this task

• name: Change key owner to machine admins
  win_acl:
  path: HKCR:\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}
  user: “{{ inventory_hostname_short }}\Administrators”
  rights: FullControl
  type: allow
  inherit: ContainerInherit, ObjectInherit

and getting this error , as the owner

FAILED! => {
“changed”: false,
“msg”: “an exception occurred when adding the specified rule - Requested registry access is not allowed.”
}

run as the owner didn’t work:

• name: Change key owner to machine admins
  win_acl:
  path: HKCR:\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}
  user: “{{ inventory_hostname_short }}\Administrators”
  rights: FullControl
  type: allow
  inherit: ContainerInherit, ObjectInherit
  become: yes
  become_user: TrustedInstaller
  become_method: runas

For now managed with https://helgeklein.com/setacl - SetACL but I’m interested to know if there is a Ansible solution

The win_acl module just adds an ACE to the DACL of an object and doesn’t adjust the owner. Technically the win_owner module can do that but that’s only designed for files/directories and not registry keys.

As for your become_user: TrustedInstaller task, we currently can’t runas that user as it’s a bit more complicated than others. Unfortunately there isn’t an easy solution I have for you right now as they require a lot of manual PowerShell code. Maybe you can tell us why you need to adjust the permissions of this key?

Thanks

Jordan

I Default permission for the local admin for the key is’t full and unless admins take ownership on the key

בתאריך יום ד׳, 7 באוג׳ 2019, 23:27, מאת Jordan Borean ‏<jborean93@gmail.com>:

unless you take ownership on the key you can’t chnge the permission

בתאריך יום ו׳, 9 באוג׳ 2019, 11:33, מאת Yuval Zaltz ‏<yzaltz@gmail.com>: