win_user module and GPO settings

cupcake · August 17, 2016, 8:01pm

Tower 2.4.5

Trying to have the win_user module set built-in admin and guest account to disabled.

Guest account is not taking due to some fairly standard GPO settings.

Access this PC from network has default “everyone” removed
Deny access to this computer from the network has custom entry of “guests” group.

the stdout fails “exception calling "ValidateCredentials" with "2” arguments(s): "Logon failure: the user has not been granted the requested logon type at this computer. \r\n"

adding Guests group to option 1 and removing from option 2 allows Ansible/Tower to push the setting successfully.

Sounds like however the ps1 file makes the call (which would be local right?) its needing that network access to do so.

Matt_Davis · August 18, 2016, 8:36pm

We could probably short-circuit the credential validation on disable, but you’d have the same issue if you tried to re-enable that account. Please file a GitHub issue on win_user in
https://github.com/ansible/ansible-modules-core/ with the details…

Topic		Replies	Views
win_ping.yml Ansible Project windows	41	13	September 3, 2022
a question of managing windows system through ansible tower Ansible Project windows	1	1	January 5, 2015
Ansible - configuring windows win_acl Ansible Project windows	1	2	November 28, 2015
win_user is not repeatable Ansible Developer windows	1	1	May 18, 2017
win_user is not repeatable Ansible Project windows	0	2	May 18, 2017

win_user module and GPO settings

Related topics