want to obtain the ACL list of a file path through win_acl and then delete all users except for the three users: System, Administrators, and Service. However, it seems to be unsuccessful. So, I tried to get the JSON format using PowerShell commands and then import variables to execute.
-
name: Get current ACL settings on the D
ansible.windows.win_shell: |
(Get-Acl -Path d:).Access | Where-Object {$.IdentityReference.Value -notmatch “Administrators|SYSTEM|SERVICE”}| Select-Object FileSystemRights, AccessControlType, IdentityReference | ForEach-Object {
$identityReference = $.IdentityReference -replace '', ‘’
$jsonObj = @{
FileSystemRights = $.FileSystemRights.ToString()
AccessControlType = $.AccessControlType.ToString()
IdentityReference = $identityReference
}
$jsonObj | ConvertTo-Json
}
register: current_acl_settings -
name: debug: var: current_acl_settings.stdout_lines
During the process of setting variables, special characters were escaped, which has troubled me for a long time.
ok: [43.248.136.219] => { “acl_settings”: [ “{”, " "AccessControlType": "Allow",“, " "IdentityReference": "CREATOR OWNER",”, " "FileSystemRights": "FullControl"“, “}”, “{”, " "AccessControlType": "Allow",”, " "IdentityReference": "BUILTIN\\Users",“, " "FileSystemRights": "AppendData"”, “}”, “{”, " "AccessControlType": "Allow",“, " "IdentityReference": "BUILTIN\\Users",”, " "FileSystemRights": "CreateFiles"", “}” ]
}